Rapport Combofix
Dernière réponse : dans Sécurité
Bonjour,
je viens d'effectuer un test avec combofix et je vous envoye ci-joint le rapport pour analyse.
Merci du temps que vous voulez bien m'accorder.
Amicalement.
ComboFix 09-02-02.04 - 2009-02-03 8:12:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2796 [GMT 1:00]
Lancé depuis: h:\anti malware\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\20547.exe
C:\23326.exe
C:\25760.exe
C:\40265.exe
C:\4758.exe
C:\570.exe
C:\68892.exe
C:\70552.exe
C:\86464.exe
C:\93224.exe
c:\documents and settings\Jean-Charles\Application Data\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.
2009-02-03 07:38 . 2009-02-03 07:38 <REP> d-------- c:\program files\Trend Micro
2009-02-03 07:37 . 2009-02-03 07:37 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\Malwarebytes
2009-02-03 07:36 . 2009-02-03 07:36 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 07:36 . 2009-02-03 07:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 07:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 07:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 17:34 . 2009-02-03 07:29 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-02 17:34 . 2009-02-03 07:29 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-02 17:33 . 2009-02-02 17:33 <REP> d-------- c:\program files\Kaspersky Lab
2009-02-02 17:33 . 2009-02-03 08:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-02 17:33 . 2009-02-03 08:17 3,469,344 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-02 17:33 . 2009-02-03 08:17 606,240 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-02 17:33 . 2009-02-03 08:17 32,376 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-02 17:33 . 2009-02-03 08:17 3,152 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-02 17:32 . 2009-02-02 17:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 08:55 . 2009-01-30 08:56 <REP> d-------- c:\program files\DxO Labs
2009-01-30 08:48 . 2009-02-02 08:33 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-30 08:34 . 2009-01-30 08:33 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-30 08:28 . 2009-01-30 08:28 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\program files\widget_programmes
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1
2009-01-29 07:30 . 2009-01-29 07:30 <REP> d-------- c:\program files\Fichiers communs\Application
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\program files\Fichiers communs\PACE Anti-Piracy
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\PACE Anti-Piracy
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\DxO Labs
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-01-28 15:01 . 2009-01-28 15:01 <REP> d-------- c:\program files\InterLok
2009-01-23 10:05 . 2009-01-23 10:05 <REP> d-------- c:\windows\GAMES
2009-01-23 10:05 . 2009-01-23 10:05 83,648 --a------ c:\windows\system\knps.dll
2009-01-23 10:05 . 2009-01-23 10:05 54,976 --a------ c:\windows\system\knpg.dll
2009-01-23 10:05 . 2009-01-23 10:05 29,536 --a------ c:\windows\system\dib.drv
2009-01-23 10:05 . 2009-01-23 10:05 19 --a------ c:\windows\KNP.INI
2009-01-22 14:34 . 2009-01-22 14:35 <REP> d-------- c:\program files\iTunes
2009-01-22 14:34 . 2009-01-22 14:34 <REP> d-------- c:\program files\iPod
2009-01-22 14:34 . 2009-01-22 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 14:32 . 2009-01-22 14:33 <REP> d-------- c:\program files\QuickTime
2009-01-22 10:54 . 2009-01-22 10:54 <REP> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-20 16:11 . 2009-01-30 08:47 <REP> d-------- c:\windows\Easy CD-DA Extractor 12
2009-01-20 16:11 . 2009-01-20 16:11 <REP> d-------- c:\program files\Easy CD-DA Extractor 12
2009-01-20 16:11 . 2009-01-20 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-01-19 09:17 . 2009-01-29 08:20 <REP> d-------- c:\program files\Safescan Time Attendance
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 07:16 --------- d-----w c:\program files\SPAMfighter
2009-02-02 14:27 --------- d-----w c:\program files\Yahoo!
2009-02-02 14:27 --------- d-----w c:\program files\Common Files
2009-02-02 14:26 --------- d-----w c:\program files\Google
2009-01-30 07:28 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-27 15:59 --------- d-----w c:\program files\TelCD
2009-01-22 13:34 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-22 13:23 --------- d-----w c:\program files\Bonjour
2009-01-22 13:20 --------- d-----w c:\program files\Canon
2009-01-22 09:53 --------- d-----w c:\program files\Fichiers communs\Canon
2009-01-21 06:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 15:20 --------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-01-20 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-19 07:10 --------- d-----w c:\program files\IKEA HomePlanner
2009-01-19 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 13:40 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\iWin
2008-12-15 13:40 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-15 13:36 --------- d-----w c:\program files\GameHouse
2008-12-15 13:36 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\GameHouse
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:25 --------- d-----w c:\program files\Fichiers communs\Borland Shared
2008-12-11 10:24 --------- d-----w c:\program files\Hachette Multimédia
2008-12-10 15:42 --------- d-----w c:\program files\Ultra Mobile 3GP Video Converter
2008-12-05 14:36 32,768 ----a-w c:\windows\system32\drivers\ati8bqxx.sys
2008-12-05 14:21 0 ----a-w C:\jucaspj.exe
2008-12-05 14:21 0 ----a-w C:\ipjy.exe
2008-12-05 14:21 0 ----a-w C:\gihj.exe
2008-12-05 14:21 0 ----a-w C:\blyssq.exe
2008-12-05 14:18 --------- d-----w c:\program files\vso
2008-12-05 14:18 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\Vso
2008-12-03 15:26 --------- d-----w c:\program files\Windows Media Components
2008-12-03 14:23 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-03 14:23 --------- d-----w c:\program files\AVS4YOU
2008-12-03 13:52 --------- d-----w c:\program files\Fichiers communs\Nero
2008-12-03 13:51 --------- d-----w c:\program files\Nero
2008-12-03 13:39 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\Nero
2008-12-03 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-03 13:33 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-12-03 13:33 --------- d-----w c:\program files\Ahead
2008-12-03 13:19 --------- d-----w c:\program files\Windows Sidebar
2008-12-03 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft
2008-12-03 08:27 --------- d-----w c:\program files\SlySoft
2008-12-02 15:45 128 ----a-w C:\muxmp4.bat
2008-05-28 08:38 47,360 ----a-w c:\documents and settings\Jean-Charles\Application Data\pcouffin.sys
2008-05-26 09:30 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2002-07-26 15:02 153,088 ----a-w c:\program files\UNWISE.EXE
2008-06-19 08:16 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2008-02-11 13:31 88 --sh--r c:\windows\system32\C805CE2829.sys
2008-03-10 15:27 8,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-09 13:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050920080510\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-22 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2008-12-01 89024]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
"vidc.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8bqxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jean-Charles^Menu Démarrer^Programmes^Démarrage^widget_programmes.lnk]
path=c:\documents and settings\Jean-Charles\Menu Démarrer\Programmes\Démarrage\widget_programmes.lnk
backup=c:\windows\pss\widget_programmes.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-30 08:33 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--------- 2008-10-07 14:54 75048 c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 00:00 45056 c:\program files\Creative\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
--a------ 2007-06-04 18:24 599600 c:\progra~1\CYBERL~1\InstantBurn\Win2K\IBurn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2008-05-14 14:48 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-10-22 19:57 2363392 c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maplom]
--a------ 2007-08-14 17:34 4876288 c:\program files\SlySoft\Game Jackal\GameJackal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 16:16 169312 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 23:43 8466432 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-28 23:43 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
--------- 2007-09-27 08:15 109640 c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-07-23 14:46 2499880 c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2008-07-21 17:32 87336 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a------ 2009-01-16 10:10 325768 c:\program files\SPAMfighter\SFAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2007-02-20 02:07 199752 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2008-08-29 15:48 435536 c:\program files\Fichiers communs\ACD Systems\EN\DevDetect.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"NoteNotifier"=c:\windows\system32\NoteNotifier.exe
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HPWG myPrintMileage Agent"=c:\program files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DT LGE"=c:\program files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"CTxfiHlp"=CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-30 64160]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-11-28 16048]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-11-28 18:07:54 61424]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-11-28 162096]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2002-01-01 2521624]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S0 ati8bqxx;ati8bqxx;c:\windows\system32\drivers\ati8bqxx.sys [2008-12-05 32768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-06-30 79360]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [2005-10-17 70272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2007-11-04 1527900]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [2005-10-17 37248]
S3 UPnPService;UPnPService;c:\program files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2007-11-04 548864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1030be73-54c3-11dd-ae61-001d60c8a807}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa6f10d-11c4-11dd-adf9-001d60c8a807}]
\Shell\AutoRun\command - n:\wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-02 08:33]
2008-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]
2009-02-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Java Update - c:\docume~1\JEAN-C~1\LOCALS~1\Temp\firefox.exe
MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
FF - ProfilePath - c:\documents and settings\Jean-Charles\Application Data\Mozilla\Firefox\Profiles\xvg5trrr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - component: c:\documents and settings\Jean-Charles\Application Data\Mozilla\Firefox\Profiles\xvg5trrr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 08:18:17
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,6b,86,fb,4b,0e,10,60,17,c6,9a,94,ef,ac,00,b7,4b,a5,a6,f2,f5,9c,08,
a9,3c,5f,aa,91,3d,10,a0,6f,6d,98,8d,1c,56,40,24,43,3a,33,da,f1,19,78,42,95,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5c,d5,b5,ae,0e,
49,b4,ce,c8,28,51,af,b0,29,a3,98,fc,1d,f1,92,b6,9f,21,cf,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,85,c6,05,80,29,
df,8f,f7,71,3b,04,66,8b,46,0d,96,16,e1,37,53,04,e6,9e,7d,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7b,8f,b3,20,9d,
82,77,3d,25,da,ec,7e,55,20,c9,26,1b,3d,d9,59,96,4f,bc,b0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,52,d0,10,81,81,
cd,5e,17,3e,1e,9e,e0,57,5a,93,61,5b,f0,74,11,0c,89,d8,50,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a8,62,91,34,52,
d2,82,c8,cd,44,cd,b9,a6,33,6c,cd,23,d1,b6,94,1c,01,41,fa,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,85,ae,97,27,de,
c9,47,bb,b0,18,ed,a7,3f,8d,37,a4,4b,70,38,98,38,8d,f5,09,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,90,1e,c1,97,73,
65,75,b8,31,77,e1,ba,b1,f8,68,02,b3,97,d2,b7,e2,6e,40,eb,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,9d,e7,dd,6d,55,
d0,13,0f,83,6c,56,8b,a0,85,96,ab,cb,e3,3d,38,c4,76,f3,6b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,c9,8a,45,12,15,
8c,c7,ca,51,fa,6e,91,28,9e,14,cc,84,48,e4,1f,5e,46,55,67,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,21,1f,a7,b2,83,
60,0f,39,b1,cd,45,5a,a8,c4,f8,b9,3e,06,7e,19,5a,45,65,e8,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a3,51,b4,db,6c,
e9,04,86,e3,0e,66,d5,eb,bc,2f,6b,e3,7c,5f,c6,07,a3,90,19,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,f0,10,3a,6b,
f5,a9,98,fa,ea,66,7f,d4,3b,6b,70,dd,0d,cb,58,4d,fe,1a,d8,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\drivers\WTSrv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\CTxfispi.exe
c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-03 8:22:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-03 07:22:56
Avant-CF: 245'434'556'416 octets libres
Après-CF: 245,633,191,936 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /NOEXECUTE=OPTIN /FASTDETECT
463 --- E O F --- 2009-01-19 06:52:31
je viens d'effectuer un test avec combofix et je vous envoye ci-joint le rapport pour analyse.
Merci du temps que vous voulez bien m'accorder.
Amicalement.
ComboFix 09-02-02.04 - 2009-02-03 8:12:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2796 [GMT 1:00]
Lancé depuis: h:\anti malware\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\20547.exe
C:\23326.exe
C:\25760.exe
C:\40265.exe
C:\4758.exe
C:\570.exe
C:\68892.exe
C:\70552.exe
C:\86464.exe
C:\93224.exe
c:\documents and settings\Jean-Charles\Application Data\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.
2009-02-03 07:38 . 2009-02-03 07:38 <REP> d-------- c:\program files\Trend Micro
2009-02-03 07:37 . 2009-02-03 07:37 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\Malwarebytes
2009-02-03 07:36 . 2009-02-03 07:36 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 07:36 . 2009-02-03 07:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 07:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 07:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 17:34 . 2009-02-03 07:29 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-02 17:34 . 2009-02-03 07:29 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-02 17:33 . 2009-02-02 17:33 <REP> d-------- c:\program files\Kaspersky Lab
2009-02-02 17:33 . 2009-02-03 08:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-02 17:33 . 2009-02-03 08:17 3,469,344 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-02 17:33 . 2009-02-03 08:17 606,240 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-02 17:33 . 2009-02-03 08:17 32,376 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-02 17:33 . 2009-02-03 08:17 3,152 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-02 17:32 . 2009-02-02 17:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 08:55 . 2009-01-30 08:56 <REP> d-------- c:\program files\DxO Labs
2009-01-30 08:48 . 2009-02-02 08:33 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-30 08:34 . 2009-01-30 08:33 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-30 08:28 . 2009-01-30 08:28 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\program files\widget_programmes
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1
2009-01-29 07:30 . 2009-01-29 07:30 <REP> d-------- c:\program files\Fichiers communs\Application
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\program files\Fichiers communs\PACE Anti-Piracy
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\PACE Anti-Piracy
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\DxO Labs
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-01-28 15:01 . 2009-01-28 15:01 <REP> d-------- c:\program files\InterLok
2009-01-23 10:05 . 2009-01-23 10:05 <REP> d-------- c:\windows\GAMES
2009-01-23 10:05 . 2009-01-23 10:05 83,648 --a------ c:\windows\system\knps.dll
2009-01-23 10:05 . 2009-01-23 10:05 54,976 --a------ c:\windows\system\knpg.dll
2009-01-23 10:05 . 2009-01-23 10:05 29,536 --a------ c:\windows\system\dib.drv
2009-01-23 10:05 . 2009-01-23 10:05 19 --a------ c:\windows\KNP.INI
2009-01-22 14:34 . 2009-01-22 14:35 <REP> d-------- c:\program files\iTunes
2009-01-22 14:34 . 2009-01-22 14:34 <REP> d-------- c:\program files\iPod
2009-01-22 14:34 . 2009-01-22 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 14:32 . 2009-01-22 14:33 <REP> d-------- c:\program files\QuickTime
2009-01-22 10:54 . 2009-01-22 10:54 <REP> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-20 16:11 . 2009-01-30 08:47 <REP> d-------- c:\windows\Easy CD-DA Extractor 12
2009-01-20 16:11 . 2009-01-20 16:11 <REP> d-------- c:\program files\Easy CD-DA Extractor 12
2009-01-20 16:11 . 2009-01-20 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-01-19 09:17 . 2009-01-29 08:20 <REP> d-------- c:\program files\Safescan Time Attendance
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 07:16 --------- d-----w c:\program files\SPAMfighter
2009-02-02 14:27 --------- d-----w c:\program files\Yahoo!
2009-02-02 14:27 --------- d-----w c:\program files\Common Files
2009-02-02 14:26 --------- d-----w c:\program files\Google
2009-01-30 07:28 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-27 15:59 --------- d-----w c:\program files\TelCD
2009-01-22 13:34 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-22 13:23 --------- d-----w c:\program files\Bonjour
2009-01-22 13:20 --------- d-----w c:\program files\Canon
2009-01-22 09:53 --------- d-----w c:\program files\Fichiers communs\Canon
2009-01-21 06:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 15:20 --------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-01-20 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-19 07:10 --------- d-----w c:\program files\IKEA HomePlanner
2009-01-19 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 13:40 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\iWin
2008-12-15 13:40 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-15 13:36 --------- d-----w c:\program files\GameHouse
2008-12-15 13:36 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\GameHouse
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:25 --------- d-----w c:\program files\Fichiers communs\Borland Shared
2008-12-11 10:24 --------- d-----w c:\program files\Hachette Multimédia
2008-12-10 15:42 --------- d-----w c:\program files\Ultra Mobile 3GP Video Converter
2008-12-05 14:36 32,768 ----a-w c:\windows\system32\drivers\ati8bqxx.sys
2008-12-05 14:21 0 ----a-w C:\jucaspj.exe
2008-12-05 14:21 0 ----a-w C:\ipjy.exe
2008-12-05 14:21 0 ----a-w C:\gihj.exe
2008-12-05 14:21 0 ----a-w C:\blyssq.exe
2008-12-05 14:18 --------- d-----w c:\program files\vso
2008-12-05 14:18 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\Vso
2008-12-03 15:26 --------- d-----w c:\program files\Windows Media Components
2008-12-03 14:23 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-03 14:23 --------- d-----w c:\program files\AVS4YOU
2008-12-03 13:52 --------- d-----w c:\program files\Fichiers communs\Nero
2008-12-03 13:51 --------- d-----w c:\program files\Nero
2008-12-03 13:39 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\Nero
2008-12-03 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-03 13:33 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-12-03 13:33 --------- d-----w c:\program files\Ahead
2008-12-03 13:19 --------- d-----w c:\program files\Windows Sidebar
2008-12-03 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft
2008-12-03 08:27 --------- d-----w c:\program files\SlySoft
2008-12-02 15:45 128 ----a-w C:\muxmp4.bat
2008-05-28 08:38 47,360 ----a-w c:\documents and settings\Jean-Charles\Application Data\pcouffin.sys
2008-05-26 09:30 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2002-07-26 15:02 153,088 ----a-w c:\program files\UNWISE.EXE
2008-06-19 08:16 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2008-02-11 13:31 88 --sh--r c:\windows\system32\C805CE2829.sys
2008-03-10 15:27 8,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-09 13:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050920080510\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-22 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2008-12-01 89024]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
"vidc.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8bqxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jean-Charles^Menu Démarrer^Programmes^Démarrage^widget_programmes.lnk]
path=c:\documents and settings\Jean-Charles\Menu Démarrer\Programmes\Démarrage\widget_programmes.lnk
backup=c:\windows\pss\widget_programmes.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-30 08:33 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--------- 2008-10-07 14:54 75048 c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 00:00 45056 c:\program files\Creative\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
--a------ 2007-06-04 18:24 599600 c:\progra~1\CYBERL~1\InstantBurn\Win2K\IBurn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2008-05-14 14:48 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-10-22 19:57 2363392 c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maplom]
--a------ 2007-08-14 17:34 4876288 c:\program files\SlySoft\Game Jackal\GameJackal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 16:16 169312 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 23:43 8466432 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-28 23:43 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
--------- 2007-09-27 08:15 109640 c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-07-23 14:46 2499880 c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2008-07-21 17:32 87336 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a------ 2009-01-16 10:10 325768 c:\program files\SPAMfighter\SFAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2007-02-20 02:07 199752 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2008-08-29 15:48 435536 c:\program files\Fichiers communs\ACD Systems\EN\DevDetect.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"NoteNotifier"=c:\windows\system32\NoteNotifier.exe
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HPWG myPrintMileage Agent"=c:\program files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DT LGE"=c:\program files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"CTxfiHlp"=CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-30 64160]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-11-28 16048]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-11-28 18:07:54 61424]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-11-28 162096]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2002-01-01 2521624]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S0 ati8bqxx;ati8bqxx;c:\windows\system32\drivers\ati8bqxx.sys [2008-12-05 32768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-06-30 79360]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [2005-10-17 70272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2007-11-04 1527900]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [2005-10-17 37248]
S3 UPnPService;UPnPService;c:\program files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2007-11-04 548864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1030be73-54c3-11dd-ae61-001d60c8a807}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa6f10d-11c4-11dd-adf9-001d60c8a807}]
\Shell\AutoRun\command - n:\wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-02 08:33]
2008-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]
2009-02-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Java Update - c:\docume~1\JEAN-C~1\LOCALS~1\Temp\firefox.exe
MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
FF - ProfilePath - c:\documents and settings\Jean-Charles\Application Data\Mozilla\Firefox\Profiles\xvg5trrr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - component: c:\documents and settings\Jean-Charles\Application Data\Mozilla\Firefox\Profiles\xvg5trrr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 08:18:17
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,6b,86,fb,4b,0e,10,60,17,c6,9a,94,ef,ac,00,b7,4b,a5,a6,f2,f5,9c,08,
a9,3c,5f,aa,91,3d,10,a0,6f,6d,98,8d,1c,56,40,24,43,3a,33,da,f1,19,78,42,95,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5c,d5,b5,ae,0e,
49,b4,ce,c8,28,51,af,b0,29,a3,98,fc,1d,f1,92,b6,9f,21,cf,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,85,c6,05,80,29,
df,8f,f7,71,3b,04,66,8b,46,0d,96,16,e1,37,53,04,e6,9e,7d,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7b,8f,b3,20,9d,
82,77,3d,25,da,ec,7e,55,20,c9,26,1b,3d,d9,59,96,4f,bc,b0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,52,d0,10,81,81,
cd,5e,17,3e,1e,9e,e0,57,5a,93,61,5b,f0,74,11,0c,89,d8,50,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a8,62,91,34,52,
d2,82,c8,cd,44,cd,b9,a6,33,6c,cd,23,d1,b6,94,1c,01,41,fa,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,85,ae,97,27,de,
c9,47,bb,b0,18,ed,a7,3f,8d,37,a4,4b,70,38,98,38,8d,f5,09,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,90,1e,c1,97,73,
65,75,b8,31,77,e1,ba,b1,f8,68,02,b3,97,d2,b7,e2,6e,40,eb,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,9d,e7,dd,6d,55,
d0,13,0f,83,6c,56,8b,a0,85,96,ab,cb,e3,3d,38,c4,76,f3,6b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,c9,8a,45,12,15,
8c,c7,ca,51,fa,6e,91,28,9e,14,cc,84,48,e4,1f,5e,46,55,67,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,21,1f,a7,b2,83,
60,0f,39,b1,cd,45,5a,a8,c4,f8,b9,3e,06,7e,19,5a,45,65,e8,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a3,51,b4,db,6c,
e9,04,86,e3,0e,66,d5,eb,bc,2f,6b,e3,7c,5f,c6,07,a3,90,19,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,f0,10,3a,6b,
f5,a9,98,fa,ea,66,7f,d4,3b,6b,70,dd,0d,cb,58,4d,fe,1a,d8,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\drivers\WTSrv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\CTxfispi.exe
c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-03 8:22:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-03 07:22:56
Avant-CF: 245'434'556'416 octets libres
Après-CF: 245,633,191,936 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /NOEXECUTE=OPTIN /FASTDETECT
463 --- E O F --- 2009-01-19 06:52:31
Autres pages sur : rapport combofix
Lassé par la pub ? Créez un compte
Angeldark a dit :
Nan mais pourquoi tu as utilisé Combofix ?parece que plus rien n'allait et que l'on ma dit de faire une double analyse (antimalware + combofix)
j'ai tenu compte de la mise en garde copncernant combofix
j'ai recupéré la console de recupe que j'avai perdue
tous à l'air de fonctionner parfaitement, j'ai l'impression d'avoir une nouvelle machine.
merci encore de tes réponse
bonne journée
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumUn diagnostic sur rapport combofix
- ForumRapport, combofix
- ForumAnalyse de rapport combofix
- ForumRapport combofix , ordinateur propre
- ForumAide rapport combofix et hijackthis
- ForumRapport combofix a interpretter, svp
- ForumAnalyse rapport combofix
- ForumInterpretation d'un rapport combofix
- ForumRapport combofix et hijackthis uc100
- ForumEnvoi rapport combofix pour analyse
- Voir plus
