Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

trojan

raz39

Par raz39
dans Analyses et éradication malwares

 Partager

Messages recommandés

raz39 Member

raz39

Posté(e)
  • Auteur
Posté(e)

2006-09-14 09:20 53 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML.vir

2008-04-22 23:58 1540617 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vgvvyids.ini.vir

2008-04-23 00:58 207880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lTEKUtwa.ini2.vir

2008-04-23 00:59 207880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lTEKUtwa.ini.vir

2008-04-23 11:15 272384 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\khfCrPHB.dll.vir

2008-04-24 12:21 1504642 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\oentylci.ini.vir

2008-04-24 12:23 1504702 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\peeixktj.ini.vir

2008-04-24 20:03 251727 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\BHPrCfhk.ini.vir

2008-04-24 20:03 251727 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\BHPrCfhk.ini2.vir

2008-04-26 10:14 22 --a------ C:\Qoobox\Quarantine\catchme2008-04-24_200621,21.zip

2008-05-26 13:10 58368 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXNHwvs.dll.vir

2008-05-26 13:11 58368 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmmJBQ.dll.vir

2008-05-26 13:15 371200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYPFYP.dll.vir

2008-05-26 13:16 124928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxdipkmf.dll.vir

2008-05-26 13:18 134144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hxjemkxn.dll.vir

2008-05-26 13:21 2560 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\oobtqbps.exe.vir

2008-06-01 20:51 2560 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\phhcrfvw.exe.vir

2008-06-01 20:54 132096 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\srlpclij.dll.vir

2008-06-01 20:55 1486433 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ycxpsnoq.ini.vir

2008-06-09 18:21 100864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mgaxfupq.dll.vir

2008-06-09 18:22 109056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wdaphfwm.dll.vir

2008-06-09 18:22 1583885 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\axjkdogh.ini.vir

2008-06-10 18:22 100352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bnmcunnh.dll.vir

2008-06-10 18:23 1578625 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tlcdtaly.ini.vir

2008-06-10 18:24 100352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pcdmbmgh.dll.vir

2008-06-10 18:48 1563860 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wnwnfnqo.ini.vir

2008-06-10 18:49 157184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\saqllrxx.dll.vir

2008-06-10 18:51 157184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kufgwwrp.dll.vir

2008-06-10 22:18 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir

2008-06-11 18:28 1564169 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\onceirdy.ini.vir

2008-06-11 18:28 303 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir

2008-06-11 18:52 89600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eluaqthe.dll.vir

2008-06-11 18:52 98816 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fqlcmacf.dll.vir

2008-06-11 19:18 1615376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tujjonql.ini.vir

2008-06-11 19:54 109835 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMfbff3eb4.xml.vir

2008-06-11 20:03 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir

2008-06-11 20:03 426584 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\PYFPYJjl.ini.vir

2008-06-11 20:03 426584 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\PYFPYJjl.ini2.vir

2008-06-11 20:07 362128 --a------ C:\Qoobox\Quarantine\catchme2008-06-11_200718,18.zip

2008-06-11 20:32 601 --a------ C:\Qoobox\Quarantine\catchme.log

 

 

ComboFix 08-04-22.5 - Pc 2008-04-24 20:03:06.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.506 [GMT 2:00]

Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\amuuvvpr.dll

C:\WINDOWS\system32\BHPrCfhk.ini

C:\WINDOWS\system32\BHPrCfhk.ini2

C:\WINDOWS\system32\geBTMeFY.dll

C:\WINDOWS\system32\ikpvkncn.dll

C:\WINDOWS\system32\jtkxieep.dll

C:\WINDOWS\system32\khfCrPHB.dll

C:\WINDOWS\system32\lTEKUtwa.ini

C:\WINDOWS\system32\lTEKUtwa.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\peeixktj.ini

C:\WINDOWS\system32\sfessocu.dll

C:\WINDOWS\system32\tybpagks.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-24 13:44 . 2008-04-24 17:31 <REP> d-------- C:\Program Files\Unlocker

2008-04-23 11:18 . 2008-04-24 12:21 1,504,642 ---hs---- C:\WINDOWS\system32\oentylci.ini

2008-04-22 23:58 . 2008-04-22 23:58 1,540,617 ---hs---- C:\WINDOWS\system32\vgvvyids.ini

2008-04-22 23:58 . 2008-04-24 13:14 109,810 --a------ C:\WINDOWS\BMfbff3eb4.xml

2008-04-22 23:58 . 2008-04-22 23:58 97,856 --------- C:\WINDOWS\system32\ddnkiova.dll_old

2008-04-22 17:32 . 2008-04-22 17:32 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR

2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Canal

2008-04-10 13:45 . 2008-04-10 13:45 <REP> d-------- C:\Program Files\MSXML 6.0

2008-03-26 20:47 . 2008-03-26 20:47 <REP> d-------- C:\Program Files\Lavasoft

2008-03-26 20:47 . 2008-03-26 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-26 18:42 . 2008-03-26 18:44 <REP> d-------- C:\Program Files\Orange

2008-03-26 18:42 . 2008-03-26 18:42 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

2008-03-26 18:42 . 2006-03-01 20:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll

2008-03-26 18:42 . 2007-09-25 20:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll

2008-03-26 18:42 . 2003-09-23 12:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys

2008-03-26 18:42 . 2006-03-01 20:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys

2008-03-26 18:37 . 2008-03-26 18:37 <REP> d-------- C:\Program Files\SAGEM

2008-03-26 18:36 . 2008-03-26 18:36 <REP> d-------- C:\Program Files\Securitoo

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-24 17:31 --------- d-----w C:\Program Files\Java

2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this

2008-04-24 00:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-26 18:47 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-03-26 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-22 13:09 --------- d-----w C:\Documents and Settings\Pc\Application Data\DMCache

2008-03-21 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2008-03-21 19:11 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ulead Systems

2008-03-21 19:01 --------- d-----w C:\Program Files\DomPlayer

2008-03-19 18:44 --------- d-----w C:\Program Files\Fichiers communs\InterVideo

2008-03-19 18:43 --------- d-----w C:\Program Files\Windows Media Components

2008-03-19 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2008-03-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia

2008-03-19 15:44 --------- d-----w C:\Program Files\PhotoFiltre

2008-03-19 13:49 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ahead

2008-03-18 17:46 --------- d-----w C:\Documents and Settings\Pc\Application Data\ArcSoft

2008-03-05 09:21 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-03 19:46 --------- d-----w C:\Program Files\Norton AntiVirus

2008-03-03 19:44 --------- d-----w C:\Program Files\SymNetDrv

2008-03-03 19:44 --------- d-----w C:\Program Files\Symantec

2008-03-03 19:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec

2008-03-02 18:43 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-03-02 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-02 17:33 --------- d-----w C:\Program Files\BitComet

2008-02-28 13:25 --------- d-----w C:\Program Files\VideoLAN

2008-02-27 11:43 --------- d-----w C:\Program Files\Windows Live

2008-02-16 16:03 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys

.

 

------- Sigcheck -------

 

2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe]

"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"PKR Pal"="./\pkrpal.exe" [ ]

"ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 17:29 58984]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]

"Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.alf2cd"= alf2cd.acm

"msacm.scg726"= scg726.acm

"vidc.dvsd"= mcdvd_32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9768:TCP"= 9768:TCP:BitComet 9768 TCP

"9768:UDP"= 9768:UDP:BitComet 9768 UDP

 

R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-04-07 18:11]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4d67262-111b-11dd-9e36-001921b308a8}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}]

C:\WINDOWS\system32:lpr.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-11 18:51:43 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-04-24 16:09:39 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-24 20:08:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE

C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\cscript.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-24 20:13:09 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-24 18:12:52

ComboFix2.txt 2008-02-18 18:40:53

 

Pre-Run: 102,175,367,168 octets libres

Post-Run: 102,230,671,360 octets libres

 

218 --- E O F --- 2008-04-10 22:51:02

 

 

ComboFix 08-04-22.5 - Pc 2008-04-24 20:20:29.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.508 [GMT 2:00]

Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Pc\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\geBTMeFY.dll

C:\WINDOWS\system32\khfCrPHB.dll

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-24 13:44 . 2008-04-24 17:31 <REP> d-------- C:\Program Files\Unlocker

2008-04-23 11:18 . 2008-04-24 12:21 1,504,642 ---hs---- C:\WINDOWS\system32\oentylci.ini

2008-04-22 23:58 . 2008-04-22 23:58 1,540,617 ---hs---- C:\WINDOWS\system32\vgvvyids.ini

2008-04-22 23:58 . 2008-04-24 13:14 109,810 --a------ C:\WINDOWS\BMfbff3eb4.xml

2008-04-22 23:58 . 2008-04-22 23:58 97,856 --------- C:\WINDOWS\system32\ddnkiova.dll_old

2008-04-22 17:32 . 2008-04-22 17:32 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR

2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Canal

2008-04-10 13:45 . 2008-04-10 13:45 <REP> d-------- C:\Program Files\MSXML 6.0

2008-03-26 20:47 . 2008-03-26 20:47 <REP> d-------- C:\Program Files\Lavasoft

2008-03-26 20:47 . 2008-03-26 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-26 18:42 . 2008-03-26 18:44 <REP> d-------- C:\Program Files\Orange

2008-03-26 18:42 . 2008-03-26 18:42 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

2008-03-26 18:42 . 2006-03-01 20:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll

2008-03-26 18:42 . 2007-09-25 20:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll

2008-03-26 18:42 . 2003-09-23 12:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys

2008-03-26 18:42 . 2006-03-01 20:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys

2008-03-26 18:37 . 2008-03-26 18:37 <REP> d-------- C:\Program Files\SAGEM

2008-03-26 18:36 . 2008-03-26 18:36 <REP> d-------- C:\Program Files\Securitoo

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-24 17:31 --------- d-----w C:\Program Files\Java

2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this

2008-04-24 00:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-26 18:47 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-03-26 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-22 13:09 --------- d-----w C:\Documents and Settings\Pc\Application Data\DMCache

2008-03-21 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2008-03-21 19:11 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ulead Systems

2008-03-21 19:01 --------- d-----w C:\Program Files\DomPlayer

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 18:44 --------- d-----w C:\Program Files\Fichiers communs\InterVideo

2008-03-19 18:43 --------- d-----w C:\Program Files\Windows Media Components

2008-03-19 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2008-03-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia

2008-03-19 15:44 --------- d-----w C:\Program Files\PhotoFiltre

2008-03-19 13:49 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ahead

2008-03-18 17:46 --------- d-----w C:\Documents and Settings\Pc\Application Data\ArcSoft

2008-03-05 09:21 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-03 19:46 --------- d-----w C:\Program Files\Norton AntiVirus

2008-03-03 19:44 --------- d-----w C:\Program Files\SymNetDrv

2008-03-03 19:44 --------- d-----w C:\Program Files\Symantec

2008-03-03 19:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec

2008-03-02 18:43 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-03-02 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-02 17:34 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-03-02 17:33 --------- d-----w C:\Program Files\BitComet

2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-28 13:25 --------- d-----w C:\Program Files\VideoLAN

2008-02-27 11:43 --------- d-----w C:\Program Files\Windows Live

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 16:03 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-12 17:04 37,888 ----a-w C:\WINDOWS\system32\rar.exe

2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys

.

 

------- Sigcheck -------

 

2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe]

"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"PKR Pal"="./\pkrpal.exe" [ ]

"ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 17:29 58984]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]

"Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58 323646]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.alf2cd"= alf2cd.acm

"msacm.scg726"= scg726.acm

"vidc.dvsd"= mcdvd_32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9768:TCP"= 9768:TCP:BitComet 9768 TCP

"9768:UDP"= 9768:UDP:BitComet 9768 UDP

 

R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-04-07 18:11]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}]

C:\WINDOWS\system32:lpr.exe

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-04-11 18:51:43 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-04-24 16:09:39 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-24 20:21:38

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-04-24 20:22:27

ComboFix-quarantined-files.txt 2008-04-24 18:22:10

ComboFix2.txt 2008-04-24 18:13:11

ComboFix3.txt 2008-02-18 18:40:53

 

Pre-Run: 102,207,967,232 octets libres

Post-Run: 102,196,539,392 octets libres

 

173 --- E O F --- 2008-04-10 22:51:02

 

 

ComboFix 08-06-10.5 - Pc 2008-06-11 20:03:22.6 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.397 [GMT 2:00]

Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BMfbff3eb4.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\axjkdogh.ini

C:\WINDOWS\system32\bnmcunnh.dll

C:\WINDOWS\system32\cbXNHwvs.dll

C:\WINDOWS\system32\eluaqthe.dll

C:\WINDOWS\system32\fqlcmacf.dll

C:\WINDOWS\system32\hxjemkxn.dll

C:\WINDOWS\system32\kufgwwrp.dll

C:\WINDOWS\system32\ljJYPFYP.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mgaxfupq.dll

C:\WINDOWS\system32\onceirdy.ini

C:\WINDOWS\system32\oobtqbps.exe

C:\WINDOWS\system32\pcdmbmgh.dll

C:\WINDOWS\system32\phhcrfvw.exe

C:\WINDOWS\system32\pmnmmJBQ.dll

C:\WINDOWS\system32\PYFPYJjl.ini

C:\WINDOWS\system32\PYFPYJjl.ini2

C:\WINDOWS\system32\saqllrxx.dll

C:\WINDOWS\system32\srlpclij.dll

C:\WINDOWS\system32\tlcdtaly.ini

C:\WINDOWS\system32\tujjonql.ini

C:\WINDOWS\system32\wdaphfwm.dll

C:\WINDOWS\system32\wnwnfnqo.ini

C:\WINDOWS\system32\xxdipkmf.dll

C:\WINDOWS\system32\ycxpsnoq.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-11 20:09 . 2008-06-11 20:09 294 ---hs---- C:\WINDOWS\system32\tujjonql.ini

2008-06-11 18:54 . 2008-06-11 18:54 80,896 --a------ C:\WINDOWS\system32\lqnojjut.dll

2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard

2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign

2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll

2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM

2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo

2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor

2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys

2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys

2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 20:25 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus

2008-05-21 12:59 --------- d-----w C:\Program Files\Orange

2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker

2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro

2008-04-24 17:31 --------- d-----w C:\Program Files\Java

2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT

2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys

.

 

------- Sigcheck -------

 

2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-04-24_20.11.48.68 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll

+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll

+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll

+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll

+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll

+ 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll

+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll

+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll

+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll

+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll

+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll

+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll

+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll

+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll

+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll

+ 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll

+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll

+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll

+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe

+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll

+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe

+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll

- 2008-04-24 18:08:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-03-12 09:33:01 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe

+ 2008-05-14 23:19:20 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe

- 2008-03-12 09:33:01 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2008-05-14 23:19:20 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe

- 2008-03-12 09:33:01 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe

+ 2008-05-14 23:19:20 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe

- 2008-03-12 09:33:00 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2008-05-14 23:19:20 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2008-03-12 09:33:01 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2008-05-14 23:19:20 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2008-03-12 09:33:01 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2008-05-14 23:19:20 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2008-03-12 09:33:01 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2008-05-14 23:19:20 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

- 2008-03-12 09:33:00 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2008-05-14 23:19:20 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2008-03-12 09:33:00 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe

+ 2008-05-14 23:19:20 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe

- 2008-03-12 09:33:01 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2008-05-14 23:19:20 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2008-03-12 09:33:00 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2008-05-14 23:19:20 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2008-03-12 09:33:00 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2008-05-14 23:19:20 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe

- 2008-03-12 09:32:43 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-05-14 23:19:28 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-03-12 09:32:43 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe

+ 2008-05-14 23:19:28 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe

- 2006-03-24 03:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll

+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll

+ 2004-08-03 22:54:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll

+ 2004-08-03 22:45:14 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys

- 2006-03-24 03:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll

- 2006-03-24 03:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

- 2006-03-24 03:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll

- 2006-03-24 03:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

- 2006-03-24 03:00:00 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll

+ 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll

- 2006-03-24 03:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll

- 2006-03-24 03:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

- 2006-03-24 03:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll

+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll

- 2006-03-24 03:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

- 2006-03-24 03:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

- 2006-03-24 03:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

- 2006-03-24 03:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

- 2006-03-24 03:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll

+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll

- 2006-03-24 03:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

- 2006-03-24 03:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

+ 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

- 2006-03-24 03:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

+ 2004-08-03 22:45:14 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys

+ 2004-08-03 22:54:28 21,504 ----a-w C:\WINDOWS\system32\hidserv.dll

- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

- 2006-03-24 03:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll

- 2006-03-24 03:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll

- 2006-03-24 03:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll

- 2006-03-24 03:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

- 2006-03-24 03:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll

+ 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

- 2006-03-24 03:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll

- 2006-03-24 03:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll

- 2006-03-24 03:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

- 2006-03-24 03:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll

- 2006-03-24 03:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll

- 2006-03-24 03:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll

- 2006-03-24 03:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll

- 2006-03-24 03:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll

+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll

- 2006-03-24 03:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll

- 2006-03-24 03:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll

+ 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

- 2006-03-24 03:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll

- 2008-03-30 09:27:04 64,336 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-05-20 18:20:33 64,336 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-03-30 09:27:04 78,148 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-05-20 18:20:33 78,148 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-03-30 09:27:04 407,806 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-05-20 18:20:33 407,806 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-03-30 09:27:04 476,284 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-05-20 18:20:33 476,284 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-09 18:08:33 177,636 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe]

"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056]

"Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]

"f8cc0d28"="C:\WINDOWS\system32\lqnojjut.dll" [2008-06-11 18:54 80896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9768:TCP"= 9768:TCP:BitComet 9768 TCP

"9768:UDP"= 9768:UDP:BitComet 9768 UDP

 

R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-06-11 16:53]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}]

C:\WINDOWS\system32:lpr.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-06-11 16:25:35 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 20:09:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\lqnojjut.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-11 20:17:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-11 18:17:15

ComboFix2.txt 2008-04-24 18:22:28

ComboFix3.txt 2008-04-24 18:13:11

ComboFix4.txt 2008-02-18 18:40:53

 

Pre-Run: 80,482,230,272 octets libres

Post-Run: 80,473,669,632 octets libres

 

337 --- E O F --- 2008-05-16 23:06:48

 

 

ComboFix 08-06-10.5 - Pc 2008-06-11 20:27:30.8 - NTFSx86

Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-11 20:09 . 2008-06-11 20:27 534 ---hs---- C:\WINDOWS\system32\tujjonql.ini

2008-06-11 18:54 . 2008-06-11 18:54 80,896 --a------ C:\WINDOWS\system32\lqnojjut.dll

2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard

2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign

2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll

2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM

2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo

2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor

2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys

2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys

2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 20:25 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus

2008-05-21 12:59 --------- d-----w C:\Program Files\Orange

2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker

2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro

2008-04-24 17:31 --------- d-----w C:\Program Files\Java

2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT

2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys

.

 

------- Sigcheck -------

 

2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot_2008-06-11_20.13.29.68 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-11 18:19:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe]

"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056]

"Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]

"f8cc0d28"="C:\WINDOWS\system32\lqnojjut.dll" [2008-06-11 18:54 80896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58 323646]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9768:TCP"= 9768:TCP:BitComet 9768 TCP

"9768:UDP"= 9768:UDP:BitComet 9768 UDP

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}]

C:\WINDOWS\system32:lpr.exe

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-06-11 16:25:35 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 20:28:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-06-11 20:31:27

ComboFix-quarantined-files.txt 2008-06-11 18:31:25

ComboFix2.txt 2008-06-11 18:17:22

ComboFix3.txt 2008-04-24 18:22:28

ComboFix4.txt 2008-04-24 18:13:11

ComboFix5.txt 2008-02-18 18:40:53

 

Pre-Run: 80,479,952,896 octets libres

Post-Run: 80,460,021,760 octets libres

 

141 --- E O F --- 2008-05-16 23:06:48

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e) (modifié)

il y avait du monde!!!

Rappel : une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.

Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...

Sélectionne le texte suivant (Ctrl+A):

File::

C:\WINDOWS\system32\tujjonql.ini

C:\WINDOWS\system32\lqnojjut.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"f8cc0d28"=-

Copie le texte sélectionné (CTRL+C).

Ouvre le Bloc-notes (Démarrer/Tous les programmes/Accessoires/Bloc-notes).

Colle le texte copié dans ce Bloc-notes (CTRL+V).

Sauvegarde ce fichier sur ton Bureau sous le nom de CFScript.txt (CFScript)

CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur ComboFix.exe(ComboFix)

Une fenêtre à fond bleu va s'ouvrir: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Laisse ComboFix travailler

Patiente le temps de l'analyse. Le Bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le nettoyage n'est pas terminé.

Un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

Modifié par chrifleur
raz39 Member

raz39

Posté(e)
  • Auteur
Posté(e)

ComboFix 08-06-10.5 - Pc 2008-06-12 12:23:44.10 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.469 [GMT 2:00]

Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Pc\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\lqnojjut.dll

C:\WINDOWS\system32\tujjonql.ini

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\lqnojjut.dll

C:\WINDOWS\system32\tujjonql.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-12 07:45 . 2008-06-12 07:45 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard

2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign

2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll

2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM

2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo

2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor

2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys

2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys

2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-12 08:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus

2008-05-21 12:59 --------- d-----w C:\Program Files\Orange

2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker

2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro

2008-04-24 17:31 --------- d-----w C:\Program Files\Java

2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT

2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys

.

 

------- Sigcheck -------

 

2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys

2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot_2008-06-11_20.13.29.68 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-12 10:27:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll

+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll

+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll

+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll

+ 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll

+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe

+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll

+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll

+ 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll

+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll

+ 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll

+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll

+ 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe

+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe

+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll

+ 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll

+ 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll

+ 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll

+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll

+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll

+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll

+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll

+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll

+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll

+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll

+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll

+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

- 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-04-23 04:16:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2008-03-01 12:58:06 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-04-23 04:16:39 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2004-08-03 22:40:30 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys

+ 2008-04-14 15:52:45 272,768 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys

- 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-04-23 04:16:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-03-01 12:58:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-04-23 04:16:39 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-03-01 12:58:06 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-04-23 04:16:39 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-04-23 04:16:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-02-29 08:56:41 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-04-22 07:41:08 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-03-01 12:58:06 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-04-23 04:16:39 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-03-01 12:58:06 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-04-23 04:16:39 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-04-23 04:16:39 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-03-01 12:58:07 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-04-23 04:16:39 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-04-23 04:16:39 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-03-01 12:58:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-04-23 04:16:39 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-04-23 04:16:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-02-29 08:57:05 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-04-22 07:41:30 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-03-01 12:58:08 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-04-23 04:16:40 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2006-03-24 03:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll

+ 2008-02-26 12:00:31 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll

- 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-04-23 04:16:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-04-23 04:16:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-04-23 20:16:42 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-03-01 12:58:09 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-04-23 04:16:40 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-03-01 12:58:10 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-04-23 04:16:40 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-03-01 12:58:10 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-04-23 04:16:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2008-03-01 12:58:10 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-04-23 04:16:40 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-04-23 04:16:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-10-29 22:36:31 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2008-05-07 04:55:47 1,294,336 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

- 2008-03-01 12:58:10 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-04-23 04:16:40 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-04-23 04:16:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-03-01 12:58:11 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-04-23 04:16:40 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-03-01 12:58:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-04-23 04:16:40 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-04-23 04:16:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-04-23 04:16:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-04-23 04:16:39 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-04-23 04:16:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-04-23 04:16:39 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-04-23 04:16:39 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-04-23 04:16:39 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-04-23 04:16:39 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-04-23 04:16:39 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-04-23 04:16:39 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-04-23 04:16:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

- 2006-03-24 03:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll

+ 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

- 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe]

"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056]

"Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9768:TCP"= 9768:TCP:BitComet 9768 TCP

"9768:UDP"= 9768:UDP:BitComet 9768 UDP

 

R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-06-11 16:53]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}]

C:\WINDOWS\system32:lpr.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-06-12 08:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-12 12:28:05

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE

C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Canal\Canal Widget\Canal Widget.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Messenger\msmsgs.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-12 12:33:38 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-12 10:33:32

ComboFix2.txt 2008-06-11 18:33:43

ComboFix3.txt 2008-06-11 18:31:30

ComboFix4.txt 2008-06-11 18:17:22

ComboFix5.txt 2008-04-24 18:22:28

 

Pre-Run: 79,523,852,288 octets libres

Post-Run: 79,513,956,352 octets libres

 

344 --- E O F --- 2008-06-12 05:48:20

 

 

le message d'erreur concernant les mises à jour a disparu depuis hier soir

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e)

super nouvelle!!

j'ai un doute sur un fichier alors tu vas faire ceci

Ouvrir l'Explorateur Windows: > Démarrer > Programmes > Accessoires > Explorateur Windows ou Démarrer > Programmes > Explorateur Windows.

 

Cliquer sur Outils > Options des dossiers > Affichage.

 

Sélectionner :

 

Cocher : Afficher les fichiers et dossiers cachés.

 

Décocher : Masquer les extensions des fichiers dont le type est connu.

 

Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)

 

Cliquer sur Appliquer et Ok

 

Cliquer sur ce lien

 

http://www.virustotal.com/

 

Et tester ceci: C:\WINDOWS\system32\advpack.dll

 

Cliquer sur Parcourir et indiquer le chemin du ou des fichier(s) que j’ai désigné(s).

 

Cliquer sur Send File

 

Au message Sending File, ne pas fermer cette fenêtre.

 

Patienter, au bout de quelques minutes, vous aurez dans l'encadré: Current status: finishedeued waiting scanning

 

Faire un copier/coller du résultat et postez-le dans votre prochain message.

 

Recacher les fichiers dossiers

 

Décocher : Afficher les fichiers et dossiers cachés.

 

Recocher : Masquer les extensions des fichiers dont le type est connu.

 

Cocher : Masquer les fichiers protégés du système d'exploitation (recommandé)

 

Cliquer sur Appliquer et Ok

raz39 Member

raz39

Posté(e)
  • Auteur
Posté(e)

Fichier advpack.dll reçu le 2008.06.13 16:45:02 (CET)

Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/32 (0%)

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e)

Faire un Scan antivirus en ligne avec Internet explorer et accepter l'ActiveX

poster le rapport ici ensuite

http://www.bitdefender.fr/

 

En bas, à gauche de la fenêtre, clique sur Bit Defender SCAN ONLINE

Dans la nouvelle fenêtre, clique sur j’accepte

La fenêtre change encore, clique sur Scanner

Les signatures se chargent, etc.

raz39 Member

raz39

Posté(e)
  • Auteur
Posté(e)

BitDefender Online Scanner - Rapport virus en temps réel

 

 

 

Généré à: Sat, Jun 14, 2008 - 01:02:39

 

 

--------------------------------------------------------------------------------

 

 

 

 

 

Info d'analyse

 

 

 

Fichiers scannés

210475

 

Infectés Fichiers

23

 

 

 

 

 

 

 

 

Virus Détectés

 

 

 

Trojan.LowZones.SG

2

 

Trojan.Vundo.ERA

4

 

Trojan.Vundo.EOQ

2

 

Trojan.Vundo.ERC

1

 

Trojan.Delf.Inject.AC

1

 

Trojan.Vundo.ESF

2

 

Trojan.Vundo.ESY

4

 

Trojan.Vundo.EQY

1

 

Trojan.Vundo.ESK

2

 

Adware.VHW

2

 

Trojan.Spy.Wsnpoem.CO

2

 

 

 

 

 

 

 

 

 

 

--------------------------------------------------------------------------------

 

 

 

Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.

chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e)

il me faudrait le rapport complet avec le nom et le chemin des fichiers infectés ainsi que ce qu'a exactement réussi à faire Bit Defender

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...