Mon ordinateur est infecté
Dernière réponse : dans Sécurité
Bonjour, depuis quelque temps j'ai des fenêtres blanches qui apparaissent de temps en temps. Un Norton Security Scan m'a dit que mon ordinateur était en mauvaise état. L'ordinateur est vraiment lent, la configuration de l'écran est crochu et c'est rendu dépressif de l'utiliser. Il y a plusieurs sessions sur cet ordinateur. Celle là est celle de mon père. Est-ce que je dois faire un hijackthis pour toutes les sessions?
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:09, on 2009-01-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14c317d0-7376-4854-b14d-0f929aaeaffc} - C:\WINDOWS\system32\huhomogi.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUnLEwv.dll
O2 - BHO: (no name) - {88C3C1A8-5F3E-4B2A-A3E6-D430939AFB0A} - C:\WINDOWS\system32\hgGywvtQ.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {2906487c-b91e-786a-53e4-fb63d6041969} - {9691406d-36bf-4e35-a687-e19bc7846092} - C:\WINDOWS\system32\gkfdpo.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [raniyakefo] Rundll32.exe "C:\WINDOWS\system32\toladeya.dll",s
O4 - HKLM\..\Run: [54d068aa] rundll32.exe "C:\WINDOWS\system32\fihowizu.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [raniyakefo] Rundll32.exe "C:\WINDOWS\system32\toladeya.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guerlain')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1007\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" (User 'Guerlain')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1014\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1029\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: ,gkfdpo.dll,C:\WINDOWS\system32\turotafe.dll
O20 - Winlogon Notify: wvUnLEwv - C:\WINDOWS\SYSTEM32\wvUnLEwv.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 11453 bytes
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:09, on 2009-01-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14c317d0-7376-4854-b14d-0f929aaeaffc} - C:\WINDOWS\system32\huhomogi.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUnLEwv.dll
O2 - BHO: (no name) - {88C3C1A8-5F3E-4B2A-A3E6-D430939AFB0A} - C:\WINDOWS\system32\hgGywvtQ.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {2906487c-b91e-786a-53e4-fb63d6041969} - {9691406d-36bf-4e35-a687-e19bc7846092} - C:\WINDOWS\system32\gkfdpo.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [raniyakefo] Rundll32.exe "C:\WINDOWS\system32\toladeya.dll",s
O4 - HKLM\..\Run: [54d068aa] rundll32.exe "C:\WINDOWS\system32\fihowizu.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [raniyakefo] Rundll32.exe "C:\WINDOWS\system32\toladeya.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guerlain')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1007\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" (User 'Guerlain')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1014\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3759281159-2053881289-3244724757-1029\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: ,gkfdpo.dll,C:\WINDOWS\system32\turotafe.dll
O20 - Winlogon Notify: wvUnLEwv - C:\WINDOWS\SYSTEM32\wvUnLEwv.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 11453 bytes
Autres pages sur : ordinateur infecte
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ComboFix 09-01-08.01 - Owner 2009-01-08 16:50:23.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1013.511 [GMT -5:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Application Data\gadcom\gadcom.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
C:\mimic.log
c:\windows\system32\~.exe
c:\windows\system32\a.exe
c:\windows\system32\afilovul.ini
c:\windows\system32\befeleko.dll
c:\windows\system32\bokdifqu.dll
c:\windows\system32\dafiledo.dll
c:\windows\system32\dikaludi.dll
c:\windows\system32\efcDUNHw.dll
c:\windows\system32\egimonoh.ini
c:\windows\system32\fihowizu.dll
c:\windows\system32\gkfdpo.dll
c:\windows\system32\hgGywvtQ.dll
c:\windows\system32\hoginazo.dll
c:\windows\system32\honomige.dll
c:\windows\system32\idulakid.ini
c:\windows\system32\iifdeBqR.dll
c:\windows\system32\ilipepiv.ini
c:\windows\system32\imekipek.ini
c:\windows\system32\iwigenoj.ini
c:\windows\system32\jonegiwi.dll
c:\windows\system32\kbrdvqun.dll
c:\windows\system32\kepikemi.dll
c:\windows\system32\lgsfcaxh.dll
c:\windows\system32\luvolifa.dll
c:\windows\system32\mejudedo.dll
c:\windows\system32\mgcndmgt.ini
c:\windows\system32\murewozi.dll
c:\windows\system32\neletoki.dll
c:\windows\system32\nfrejufb.dll
c:\windows\system32\nuqvdrbk.ini
c:\windows\system32\odelifad.ini
c:\windows\system32\okelefeb.ini
c:\windows\system32\opivaget.ini
c:\windows\system32\opulilew.ini
c:\windows\system32\palbfdot.dll
c:\windows\system32\pihimuha.dll
c:\windows\system32\pkbclw.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\QtvwyGgh.ini
c:\windows\system32\QtvwyGgh.ini2
c:\windows\system32\sefcgw.dll
c:\windows\system32\sxfcgd.dll
c:\windows\system32\tokupato.dll
c:\windows\system32\ugedivaz.ini
c:\windows\system32\ugedivaz.ini2
c:\windows\system32\ugedivaz.tmp
c:\windows\system32\ukacwsyw.ini
c:\windows\system32\ulinakaz.ini
c:\windows\system32\uqfidkob.ini
c:\windows\system32\uziwohif.ini
c:\windows\system32\uzuleluw.ini
c:\windows\system32\uzuleluw.ini2
c:\windows\system32\uzuleluw.tmp
c:\windows\system32\vipepili.dll
c:\windows\system32\welilupo.dll
c:\windows\system32\wuleluzu.dll
c:\windows\system32\wvUnLEwv.dll
c:\windows\system32\zavidegu.dll
c:\windows\Temp\tmp3.tmp
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.
2009-01-06 19:21 . 2009-01-08 10:50 86 --a------ c:\windows\wininit.ini
2009-01-01 07:35 . 2009-01-01 07:35 132,608 --a------ c:\windows\system32\vxqvpsnw.dll
2009-01-01 07:29 . 2009-01-01 07:29 90,112 --------- c:\windows\system32\wyswcaku.dll
2008-12-29 15:28 . 2008-12-29 15:28 45,056 --a------ c:\windows\system32\awtUopnn.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:36 --------- d-----w c:\program files\Norton Security Scan
2009-01-08 21:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-03 18:19 --------- d-----w c:\program files\DNA
2009-01-03 12:17 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-02 23:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-19 04:45 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-08 00:05 --------- d-----w c:\program files\MSECache
2008-11-23 16:18 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-23 16:18 290,816 ------w c:\windows\Setup1.exe
2008-11-18 04:29 --------- d-----w c:\program files\NCH Software
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-18 04:28 --------- d-----w c:\program files\NCH Swift Sound
2008-11-18 04:28 --------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2008-10-06 02:43 170 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-01_12.40.04.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-09-15 15:14:42 1,847,040 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 15:20:39 1,847,040 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-04 16:34:21 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:16:10 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:47 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 18:10:36 406,392 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 13:23:44 2,147,328 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 13:23:49 2,068,096 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 13:23:44 2,025,984 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 13:23:49 2,191,232 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 13:55:54 2,147,328 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 23:26:00 2,068,096 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 13:55:47 2,025,984 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 23:26:02 2,191,232 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:03:57 767,352 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:04:05 406,392 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:55:13 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:35:43 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:31:32 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2007-07-27 12:28:58 234,872 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-06-26 06:09:14 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 18:10:36 406,392 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:40:35 406,392 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:03:55 234,872 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:04:05 406,392 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-08-17 12:29:49 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
- 2006-05-05 09:41:45 453,120 -c--a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 16:08:15 2,139,648 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:39:07 2,144,768 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:08:25 2,061,440 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:39:12 2,065,024 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:08:11 2,019,328 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:39:03 2,022,912 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:08:21 2,184,192 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:39:11 2,188,032 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2006-10-27 00:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\MOC.EXE
+ 2007-05-08 15:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\MSO.DLL
+ 2007-03-21 22:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2006-10-27 19:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-05-10 13:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\OICE.EXE
+ 2007-05-10 14:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-21 23:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2007-03-21 22:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 22:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-05-10 14:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2008-11-03 00:44:37 29,184 ----a-r c:\windows\Installer\{3FADAA19-E595-44CA-A072-58B6B0851768}\Icon3FADAA191.exe
+ 2008-11-12 12:15:12 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-05-02 03:28:25 38,240 -c--a-r c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-10 12:02:40 38,240 ----a-r c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-03-29 00:41:58 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-30 23:00:43 5,120 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A83CF885-D6C5-11DD-BFE2-001676056BDA}.dat
+ 2008-12-30 23:00:43 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A83CF883-D6C5-11DD-BFE2-001676056BDA}.dat
- 2008-03-29 00:41:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-30 23:00:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008123020081231\index.dat
- 2008-06-20 10:44:38 138,368 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2005-07-26 04:39:55 498,688 -c--a-w c:\windows\system32\dllcache\clbcatq.dll
- 2008-02-20 06:51:00 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:15 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-06-18 06:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2007-06-26 06:09:14 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:29:49 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:59:28 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:39:07 2,144,768 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:08:25 2,061,440 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:39:12 2,065,024 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:39:03 2,022,912 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:08:21 2,184,192 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:39:11 2,188,032 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
- 2006-08-24 18:19:40 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:17:02 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-06-18 10:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-07-02 16:09:41 232,776 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 00:17:06 232,776 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-20 06:51:00 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:00:15 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2007-06-26 06:09:14 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
+ 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2006-08-17 12:29:49 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:59:28 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 16:08:11 2,019,328 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:39:03 2,022,912 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 16:08:15 2,139,648 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:39:07 2,144,768 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-04-12 07:03:21 63,528 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-02 13:57:51 63,528 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-12 07:03:21 77,038 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-02 13:57:51 77,038 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-12 07:03:21 406,328 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-02 13:57:51 406,328 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-12 07:03:21 474,316 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-02 13:57:51 474,316 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 14:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2006-08-24 18:19:40 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
+ 1999-03-26 06:00:00 101,888 ----a-w c:\windows\system32\VB6STKIT.DLL
- 2008-03-20 08:09:22 1,845,376 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 ----a-w c:\windows\system32\win32k.sys
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 22:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ENJOY Plus!.lnk - c:\program files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-05 1323520]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-28 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\hgGywvtQ
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\hoginazo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41359:TCP"= 41359:TCP:Emule
.
Contenu du dossier 'Tâches planifiées'
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-08 c:\windows\Tasks\llxlabjd.job
- c:\windows\system32\rundll32.exe [2004-08-10 14:00]
2009-01-07 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
2008-03-31 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-08 c:\windows\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-13 c:\windows\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{14c317d0-7376-4854-b14d-0f929aaeaffc} - c:\windows\system32\tokupato.dll
BHO-{84396a08-af92-40ab-bfb1-97c42f8a3f81} - c:\windows\system32\sxfcgd.dll
BHO-{D8AA43B9-D399-4D44-B246-289BC4BAE68F} - c:\windows\system32\hgGywvtQ.dll
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ziw0a3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=105563
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 16:53:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 16:56:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-08 21:56:31
ComboFix2.txt 2008-09-01 16:52:33
ComboFix3.txt 2008-09-01 16:40:26
Avant-CF: 59 309 780 992 octets libres
Après-CF: 59,274,350,592 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
523 --- E O F --- 2008-12-11 05:25:18
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1013.511 [GMT -5:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Application Data\gadcom\gadcom.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
C:\mimic.log
c:\windows\system32\~.exe
c:\windows\system32\a.exe
c:\windows\system32\afilovul.ini
c:\windows\system32\befeleko.dll
c:\windows\system32\bokdifqu.dll
c:\windows\system32\dafiledo.dll
c:\windows\system32\dikaludi.dll
c:\windows\system32\efcDUNHw.dll
c:\windows\system32\egimonoh.ini
c:\windows\system32\fihowizu.dll
c:\windows\system32\gkfdpo.dll
c:\windows\system32\hgGywvtQ.dll
c:\windows\system32\hoginazo.dll
c:\windows\system32\honomige.dll
c:\windows\system32\idulakid.ini
c:\windows\system32\iifdeBqR.dll
c:\windows\system32\ilipepiv.ini
c:\windows\system32\imekipek.ini
c:\windows\system32\iwigenoj.ini
c:\windows\system32\jonegiwi.dll
c:\windows\system32\kbrdvqun.dll
c:\windows\system32\kepikemi.dll
c:\windows\system32\lgsfcaxh.dll
c:\windows\system32\luvolifa.dll
c:\windows\system32\mejudedo.dll
c:\windows\system32\mgcndmgt.ini
c:\windows\system32\murewozi.dll
c:\windows\system32\neletoki.dll
c:\windows\system32\nfrejufb.dll
c:\windows\system32\nuqvdrbk.ini
c:\windows\system32\odelifad.ini
c:\windows\system32\okelefeb.ini
c:\windows\system32\opivaget.ini
c:\windows\system32\opulilew.ini
c:\windows\system32\palbfdot.dll
c:\windows\system32\pihimuha.dll
c:\windows\system32\pkbclw.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\QtvwyGgh.ini
c:\windows\system32\QtvwyGgh.ini2
c:\windows\system32\sefcgw.dll
c:\windows\system32\sxfcgd.dll
c:\windows\system32\tokupato.dll
c:\windows\system32\ugedivaz.ini
c:\windows\system32\ugedivaz.ini2
c:\windows\system32\ugedivaz.tmp
c:\windows\system32\ukacwsyw.ini
c:\windows\system32\ulinakaz.ini
c:\windows\system32\uqfidkob.ini
c:\windows\system32\uziwohif.ini
c:\windows\system32\uzuleluw.ini
c:\windows\system32\uzuleluw.ini2
c:\windows\system32\uzuleluw.tmp
c:\windows\system32\vipepili.dll
c:\windows\system32\welilupo.dll
c:\windows\system32\wuleluzu.dll
c:\windows\system32\wvUnLEwv.dll
c:\windows\system32\zavidegu.dll
c:\windows\Temp\tmp3.tmp
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.
2009-01-06 19:21 . 2009-01-08 10:50 86 --a------ c:\windows\wininit.ini
2009-01-01 07:35 . 2009-01-01 07:35 132,608 --a------ c:\windows\system32\vxqvpsnw.dll
2009-01-01 07:29 . 2009-01-01 07:29 90,112 --------- c:\windows\system32\wyswcaku.dll
2008-12-29 15:28 . 2008-12-29 15:28 45,056 --a------ c:\windows\system32\awtUopnn.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:36 --------- d-----w c:\program files\Norton Security Scan
2009-01-08 21:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-03 18:19 --------- d-----w c:\program files\DNA
2009-01-03 12:17 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-02 23:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-19 04:45 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-08 00:05 --------- d-----w c:\program files\MSECache
2008-11-23 16:18 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-23 16:18 290,816 ------w c:\windows\Setup1.exe
2008-11-18 04:29 --------- d-----w c:\program files\NCH Software
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-18 04:28 --------- d-----w c:\program files\NCH Swift Sound
2008-11-18 04:28 --------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2008-10-06 02:43 170 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-01_12.40.04.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-09-15 15:14:42 1,847,040 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 15:20:39 1,847,040 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-04 16:34:21 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:16:10 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:47 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 18:10:36 406,392 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 13:23:44 2,147,328 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 13:23:49 2,068,096 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 13:23:44 2,025,984 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 13:23:49 2,191,232 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 13:55:54 2,147,328 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 23:26:00 2,068,096 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 13:55:47 2,025,984 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 23:26:02 2,191,232 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:03:57 767,352 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:04:05 406,392 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:55:13 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:35:43 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:31:32 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2007-07-27 12:28:58 234,872 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-06-26 06:09:14 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 18:10:36 406,392 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:40:35 406,392 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:03:55 234,872 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:04:05 406,392 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-08-17 12:29:49 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
- 2006-05-05 09:41:45 453,120 -c--a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 16:08:15 2,139,648 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:39:07 2,144,768 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:08:25 2,061,440 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:39:12 2,065,024 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:08:11 2,019,328 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:39:03 2,022,912 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:08:21 2,184,192 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:39:11 2,188,032 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2006-10-27 00:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\MOC.EXE
+ 2007-05-08 15:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\MSO.DLL
+ 2007-03-21 22:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2006-10-27 19:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-05-10 13:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\OICE.EXE
+ 2007-05-10 14:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-21 23:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2007-03-21 22:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 22:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-05-10 14:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2008-11-03 00:44:37 29,184 ----a-r c:\windows\Installer\{3FADAA19-E595-44CA-A072-58B6B0851768}\Icon3FADAA191.exe
+ 2008-11-12 12:15:12 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-05-02 03:28:25 38,240 -c--a-r c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-10 12:02:40 38,240 ----a-r c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-03-29 00:41:58 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-30 23:00:43 5,120 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A83CF885-D6C5-11DD-BFE2-001676056BDA}.dat
+ 2008-12-30 23:00:43 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A83CF883-D6C5-11DD-BFE2-001676056BDA}.dat
- 2008-03-29 00:41:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-30 23:00:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008123020081231\index.dat
- 2008-06-20 10:44:38 138,368 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2005-07-26 04:39:55 498,688 -c--a-w c:\windows\system32\dllcache\clbcatq.dll
- 2008-02-20 06:51:00 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:15 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-06-18 06:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2007-06-26 06:09:14 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:29:49 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:59:28 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:39:07 2,144,768 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:08:25 2,061,440 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:39:12 2,065,024 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:39:03 2,022,912 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:08:21 2,184,192 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:39:11 2,188,032 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
- 2006-08-24 18:19:40 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:17:02 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-06-18 10:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-07-02 16:09:41 232,776 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 00:17:06 232,776 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-20 06:51:00 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:00:15 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2007-06-26 06:09:14 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
+ 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2006-08-17 12:29:49 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:59:28 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 16:08:11 2,019,328 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:39:03 2,022,912 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 16:08:15 2,139,648 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:39:07 2,144,768 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-04-12 07:03:21 63,528 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-02 13:57:51 63,528 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-12 07:03:21 77,038 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-02 13:57:51 77,038 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-12 07:03:21 406,328 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-02 13:57:51 406,328 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-12 07:03:21 474,316 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-02 13:57:51 474,316 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 14:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2006-08-24 18:19:40 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
+ 1999-03-26 06:00:00 101,888 ----a-w c:\windows\system32\VB6STKIT.DLL
- 2008-03-20 08:09:22 1,845,376 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 ----a-w c:\windows\system32\win32k.sys
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 22:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ENJOY Plus!.lnk - c:\program files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-05 1323520]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-28 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\hgGywvtQ
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\hoginazo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41359:TCP"= 41359:TCP:Emule
.
Contenu du dossier 'Tâches planifiées'
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-08 c:\windows\Tasks\llxlabjd.job
- c:\windows\system32\rundll32.exe [2004-08-10 14:00]
2009-01-07 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
2008-03-31 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-08 c:\windows\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-13 c:\windows\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{14c317d0-7376-4854-b14d-0f929aaeaffc} - c:\windows\system32\tokupato.dll
BHO-{84396a08-af92-40ab-bfb1-97c42f8a3f81} - c:\windows\system32\sxfcgd.dll
BHO-{D8AA43B9-D399-4D44-B246-289BC4BAE68F} - c:\windows\system32\hgGywvtQ.dll
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ziw0a3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=105563
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 16:53:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 16:56:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-08 21:56:31
ComboFix2.txt 2008-09-01 16:52:33
ComboFix3.txt 2008-09-01 16:40:26
Avant-CF: 59 309 780 992 octets libres
Après-CF: 59,274,350,592 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
523 --- E O F --- 2008-12-11 05:25:18
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1616
Windows 5.1.2600 Service Pack 2
2009-01-09 18:15:02
mbam-log-2009-01-09 (18-15-02).txt
Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 251073
Temps écoulé: 47 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 64
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\mohafilu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dehokiju.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14c317d0-7376-4854-b14d-0f929aaeaffc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14c317d0-7376-4854-b14d-0f929aaeaffc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OneMoreKey (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54d068aa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\raniyakefo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm57e35b36 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mohafilu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mohafilu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\dehokiju.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\dehokiju.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\gefuvura.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aruvufeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zanowapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upawonaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mohafilu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dehokiju.dll (Trojan.Vundo) -> Delete on reboot.
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\befeleko.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dafiledo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dikaludi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDUNHw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fihowizu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gkfdpo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGywvtQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifdeBqR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jonegiwi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kbrdvqun.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kepikemi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lgsfcaxh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\luvolifa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nfrejufb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pkbclw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sefcgw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vipepili.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\welilupo.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wuleluzu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUnLEwv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP232\A0051029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP233\A0051093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP233\A0051128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP233\A0051129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP234\A0051154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP234\A0051155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP234\A0051156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP238\A0051346.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051445.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051458.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051459.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051471.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051476.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051495.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fujegifu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\genetoda.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suzezufu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtUopnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Version de la base de données: 1616
Windows 5.1.2600 Service Pack 2
2009-01-09 18:15:02
mbam-log-2009-01-09 (18-15-02).txt
Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 251073
Temps écoulé: 47 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 64
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\mohafilu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dehokiju.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14c317d0-7376-4854-b14d-0f929aaeaffc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14c317d0-7376-4854-b14d-0f929aaeaffc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OneMoreKey (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54d068aa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\raniyakefo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm57e35b36 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mohafilu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mohafilu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\dehokiju.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\dehokiju.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\gefuvura.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aruvufeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zanowapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upawonaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mohafilu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dehokiju.dll (Trojan.Vundo) -> Delete on reboot.
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\befeleko.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dafiledo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dikaludi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcDUNHw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fihowizu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gkfdpo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGywvtQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifdeBqR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jonegiwi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kbrdvqun.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kepikemi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lgsfcaxh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\luvolifa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nfrejufb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pkbclw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sefcgw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vipepili.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\welilupo.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wuleluzu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUnLEwv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP232\A0051029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP233\A0051093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP233\A0051128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP233\A0051129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP234\A0051154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP234\A0051155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP234\A0051156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP238\A0051346.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051445.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051458.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051459.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051471.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051476.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051495.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19B36CF1-12AA-4058-8328-3769885FB8AB}\RP240\A0051497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fujegifu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\genetoda.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suzezufu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtUopnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix 09-01-10.01 - Owner 2009-01-10 19:09:57.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1013.537 [GMT -5:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\azezorak.ini
c:\windows\system32\java2.sys c:\windows\system32\snjava.dll
c:\windows\system32\karozeza.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\migitiho.dll
c:\windows\system32\nusoyeta.dll
c:\windows\system32\ohitigim.ini
c:\windows\system32\tedegeru.dll
c:\windows\system32\titodopu.dll
c:\windows\system32\werolime.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-09 17:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 17:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 19:21 . 2009-01-08 10:50 86 --a------ c:\windows\wininit.ini
2009-01-01 07:35 . 2009-01-01 07:35 132,608 --a------ c:\windows\system32\vxqvpsnw.dll
2009-01-01 07:29 . 2009-01-01 07:29 90,112 --------- c:\windows\system32\wyswcaku.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 22:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-08 21:36 --------- d-----w c:\program files\Norton Security Scan
2009-01-03 18:19 --------- d-----w c:\program files\DNA
2009-01-03 12:17 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-02 23:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-19 04:45 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-08 00:05 --------- d-----w c:\program files\MSECache
2008-11-23 16:18 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-23 16:18 290,816 ------w c:\windows\Setup1.exe
2008-11-18 04:29 --------- d-----w c:\program files\NCH Software
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-18 04:28 --------- d-----w c:\program files\NCH Swift Sound
2008-11-18 04:28 --------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2008-10-06 02:43 170 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
1601-01-01 00:12 65,782 --sha-w c:\windows\system32\vidasasa.dll
.
((((((((((((((((((((((((((((( snapshot_2009-01-08_16.55.51.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-10 11:55:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14c317d0-7376-4854-b14d-0f929aaeaffc}]
c:\windows\system32\tokupato.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ENJOY Plus!.lnk - c:\program files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-05 1323520]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-28 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\werolime.dll c:\windows\system32\nusoyeta.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41359:TCP"= 41359:TCP:Emule
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-11 c:\windows\Tasks\llxlabjd.job
- c:\windows\system32\rundll32.exe [2004-08-10 14:00]
2009-01-07 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
2008-03-31 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-08 c:\windows\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-13 c:\windows\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-raniyakefo - c:\windows\system32\pihimuha.dll
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ziw0a3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=105563
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 19:30:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
c:\windows\explorer.exe [1844] 0x85384780
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\BigFix\bigfix.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2009-01-10 19:32:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-11 00:32:28
ComboFix2.txt 2009-01-08 21:56:35
ComboFix3.txt 2008-09-01 16:52:33
ComboFix4.txt 2008-09-01 16:40:26
Avant-CF: 59 224 440 832 octets libres
Après-CF: 59,214,356,480 octets libres
217 --- E O F --- 2008-12-11 05:25:18
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1013.537 [GMT -5:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\azezorak.ini
c:\windows\system32\java2.sys c:\windows\system32\snjava.dll
c:\windows\system32\karozeza.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\migitiho.dll
c:\windows\system32\nusoyeta.dll
c:\windows\system32\ohitigim.ini
c:\windows\system32\tedegeru.dll
c:\windows\system32\titodopu.dll
c:\windows\system32\werolime.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-09 17:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 17:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 19:21 . 2009-01-08 10:50 86 --a------ c:\windows\wininit.ini
2009-01-01 07:35 . 2009-01-01 07:35 132,608 --a------ c:\windows\system32\vxqvpsnw.dll
2009-01-01 07:29 . 2009-01-01 07:29 90,112 --------- c:\windows\system32\wyswcaku.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 22:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-08 21:36 --------- d-----w c:\program files\Norton Security Scan
2009-01-03 18:19 --------- d-----w c:\program files\DNA
2009-01-03 12:17 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-02 23:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-19 04:45 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-08 00:05 --------- d-----w c:\program files\MSECache
2008-11-23 16:18 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-23 16:18 290,816 ------w c:\windows\Setup1.exe
2008-11-18 04:29 --------- d-----w c:\program files\NCH Software
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-18 04:28 --------- d-----w c:\program files\NCH Swift Sound
2008-11-18 04:28 --------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2008-10-06 02:43 170 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
1601-01-01 00:12 65,782 --sha-w c:\windows\system32\vidasasa.dll
.
((((((((((((((((((((((((((((( snapshot_2009-01-08_16.55.51.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-10 11:55:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14c317d0-7376-4854-b14d-0f929aaeaffc}]
c:\windows\system32\tokupato.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ENJOY Plus!.lnk - c:\program files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-05 1323520]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-28 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\werolime.dll c:\windows\system32\nusoyeta.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41359:TCP"= 41359:TCP:Emule
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-11 c:\windows\Tasks\llxlabjd.job
- c:\windows\system32\rundll32.exe [2004-08-10 14:00]
2009-01-07 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
2008-03-31 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-08 c:\windows\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-13 c:\windows\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-raniyakefo - c:\windows\system32\pihimuha.dll
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ziw0a3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=105563
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 19:30:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
c:\windows\explorer.exe [1844] 0x85384780
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\BigFix\bigfix.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2009-01-10 19:32:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-11 00:32:28
ComboFix2.txt 2009-01-08 21:56:35
ComboFix3.txt 2008-09-01 16:52:33
ComboFix4.txt 2008-09-01 16:40:26
Avant-CF: 59 224 440 832 octets libres
Après-CF: 59,214,356,480 octets libres
217 --- E O F --- 2008-12-11 05:25:18
Re,
Bonne année![;)]( ";)")
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
![]()
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
Bonne année
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
c:\windows\system32\vxqvpsnw.dll
c:\windows\system32\wyswcaku.dll
c:\windows\system32\vidasasa.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14c317d0-7376-4854-b14d-0f929aaeaffc}]
c:\windows\system32\vxqvpsnw.dll
c:\windows\system32\wyswcaku.dll
c:\windows\system32\vidasasa.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14c317d0-7376-4854-b14d-0f929aaeaffc}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
ComboFix 09-01-10.03 - Owner 2009-01-11 10:23:07.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.1013.583 [GMT -5:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Owner\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\vidasasa.dll
c:\windows\system32\vxqvpsnw.dll
c:\windows\system32\wyswcaku.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\vidasasa.dll
c:\windows\system32\vxqvpsnw.dll
c:\windows\system32\wyswcaku.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-09 17:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 17:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 19:21 . 2009-01-08 10:50 86 --a------ c:\windows\wininit.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 22:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-08 21:36 --------- d-----w c:\program files\Norton Security Scan
2009-01-03 18:19 --------- d-----w c:\program files\DNA
2009-01-03 12:17 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-02 23:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-19 04:45 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-08 00:05 --------- d-----w c:\program files\MSECache
2008-11-23 16:18 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-23 16:18 290,816 ------w c:\windows\Setup1.exe
2008-11-18 04:29 --------- d-----w c:\program files\NCH Software
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-18 04:28 --------- d-----w c:\program files\NCH Swift Sound
2008-11-18 04:28 --------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2008-10-06 02:43 170 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-08_16.55.51.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ENJOY Plus!.lnk - c:\program files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-05 1323520]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-28 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41359:TCP"= 41359:TCP:Emule
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-11 c:\windows\Tasks\llxlabjd.job
- c:\windows\system32\rundll32.exe [2004-08-10 14:00]
2009-01-07 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
2008-03-31 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-08 c:\windows\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-13 c:\windows\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ziw0a3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=105563
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 10:27:04
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\BigFix\bigfix.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 10:29:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-11 15:29:28
ComboFix2.txt 2009-01-11 00:32:32
ComboFix3.txt 2009-01-08 21:56:35
ComboFix4.txt 2008-09-01 16:52:33
ComboFix5.txt 2009-01-11 15:22:29
Avant-CF: 59 136 733 184 octets libres
Après-CF: 59,123,240,960 octets libres
201 --- E O F --- 2009-01-11 00:33:18
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.1013.583 [GMT -5:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Owner\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\vidasasa.dll
c:\windows\system32\vxqvpsnw.dll
c:\windows\system32\wyswcaku.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\vidasasa.dll
c:\windows\system32\vxqvpsnw.dll
c:\windows\system32\wyswcaku.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-09 17:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 17:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 19:21 . 2009-01-08 10:50 86 --a------ c:\windows\wininit.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 22:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-08 21:36 --------- d-----w c:\program files\Norton Security Scan
2009-01-03 18:19 --------- d-----w c:\program files\DNA
2009-01-03 12:17 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-02 23:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-19 04:45 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-08 00:05 --------- d-----w c:\program files\MSECache
2008-11-23 16:18 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-23 16:18 290,816 ------w c:\windows\Setup1.exe
2008-11-18 04:29 --------- d-----w c:\program files\NCH Software
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-18 04:28 --------- d-----w c:\program files\NCH Swift Sound
2008-11-18 04:28 --------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2008-10-06 02:43 170 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-08_16.55.51.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-08 11:31:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-01-10 11:55:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ENJOY Plus!.lnk - c:\program files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-05 1323520]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-28 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41359:TCP"= 41359:TCP:Emule
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-11 c:\windows\Tasks\llxlabjd.job
- c:\windows\system32\rundll32.exe [2004-08-10 14:00]
2009-01-07 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
2008-03-31 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-08 c:\windows\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
2008-04-13 c:\windows\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ziw0a3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=105563
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 10:27:04
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\BigFix\bigfix.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 10:29:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-11 15:29:28
ComboFix2.txt 2009-01-11 00:32:32
ComboFix3.txt 2009-01-08 21:56:35
ComboFix4.txt 2008-09-01 16:52:33
ComboFix5.txt 2009-01-11 15:22:29
Avant-CF: 59 136 733 184 octets libres
Après-CF: 59,123,240,960 octets libres
201 --- E O F --- 2009-01-11 00:33:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:47, on 2009-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 9332 bytes
Scan saved at 10:30:47, on 2009-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 9332 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumOrdinateur infecté : publicité intempestive via internet explorer.
- ForumOrdinateur infecté... Résolu
- ForumOrdinateur infécté
- ForumOrdinateur infecté de virus !!! [ Resolu ]
- ForumOrdinateur infecté....
- ForumOrdinateur infecté par "virus protector": un rogue ?
- ForumOrdinateur probablement infecté!
- ForumOrdinateur infecté vista il ouvre d autre fenetre que celle demandée avec firfox
- Forum[Résolu] Ordinateur infecté ?
- Voir plus
