Rapport hijackthis, comprend pas :(

[Dadishome]

Bonsoir,

J'ai un probleme depuis hier, en fait, je ne peux pas charger certains sites comme google par exemple voir meme le localhost qui me permet de gerer mes bases de données.

A chaque fois que je lance mozilla ou internet explorer et que je cherche a aller sur ces sites ça charge pendant un bon moment pour ne rien donner...

J'ai installé spybot et j'ai viré tous les spywares, j'ai fait une analyse de virus avec mcafee mais il n'y avait rien , j'ai tenté un nettoyage avec Ccleaner mais ça n'a rien changé ,et pour finir j'ai utiliser hijackthis dont voici le rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:19:53, on 12/06/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

C:\Windows\system32\conime.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe

C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe

C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe

C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\user\Desktop\HiJackThis.exe

 

 

Si quelqu'un pouvait m'aider ce serait sympa...

merci.

[LoGiC]

salut,

 

ton rapport n'est pas complet.

 

relance HijackThis ==> Do a system scan and save a log file" et poste le rapport complet stp.

 

@+

[Dadishome]

Merci pour ta réponse, voici le rapport complet :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:10:50, on 13/06/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\user\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: (no name) - {2587F5F9-BCDF-4076-98EF-AFC65C5BD816} - (no file)

O2 - BHO: (no name) - {2EF44844-04E6-452E-855F-13E2FA457882} - (no file)

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {73F38FF1-5589-4054-8854-D9CC3D41BF98} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Sigma plugin - {7DBF8390-552B-4D55-9F62-00D032032691} - C:\Windows\tosect32.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {C36625A1-9D20-4D9D-84D9-79505549B922} - (no file)

O2 - BHO: (no name) - {E737D12F-5D58-46AE-B23A-2E10B9B59493} - (no file)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {CF9BAB30-8E3C-4D10-B8C1-428B16A38D69} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [bM23e97a39] Rundll32.exe "C:\Windows\system32\xluatstu.dll",s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: adgpfoxs - {7E08209E-5485-4911-810E-E36D92377DA9} - (no file)

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

 

--

End of file - 10147 bytes

 

 

 

 

j'ai deja testé le rapport sur http://www.hijackthis.de/fr et j'ai viré ce qu'ils m'ont dit de virer mais ça n'a rien changer.

merci, bonne aprem

[facks]

Bonjour, ils aurait pu te conseiller de supprimer les toolbar. Se sont vraiment des sources d'em....s. Vois ici: http://assiste.com.free.fr/p/abc/a/barres_...ls_toolbar.html

Modifié le 13 juin 2008 par facks

[Falkra]

Bonjour,

 

toolbars, à oublier, ce n'est aps le problème ici, il y a de très belles infections, et actives.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  
• Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
  

[Dadishome]

Voici le rapport de Combofix :

ComboFix 08-06-12.2 - user 2008-06-14 11:36:14.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1159 [GMT 2:00]

Endroit: C:\Users\user\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

* Resident AV is active

 

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\p4p

C:\Program Files\p4p\P4P.exe

C:\Program Files\p4p\RING.WAV

C:\Windows\Fonts\CALIBRIB.TTF

C:\Windows\nogxfvbllna.dll

C:\Windows\system32\alqpfidc.ini

C:\Windows\system32\avhcfhtv.ini

C:\Windows\system32\bsknvyik.ini

C:\Windows\system32\dkrpswrw.ini

C:\Windows\system32\dxgesxce.dll

C:\Windows\system32\fmmcreqx.ini

C:\Windows\system32\hbncnsax.ini

C:\Windows\system32\jyoixidx.ini

C:\Windows\system32\kidcltfn.ini

C:\Windows\system32\lh30645.dll

C:\Windows\System32\Lkmllnmp.ini

C:\Windows\System32\Lkmllnmp.ini2

C:\Windows\system32\mhcyqrlf.ini

C:\Windows\System32\nTDehggh.ini

C:\Windows\System32\nTDehggh.ini2

C:\Windows\system32\olafcfrb.ini

C:\Windows\System32\oonVxyxx.ini

C:\Windows\System32\oonVxyxx.ini2

C:\Windows\system32\qbbvvvwf.ini

C:\Windows\system32\qbpcjldr.ini

C:\Windows\System32\QsrsDfhk.ini

C:\Windows\System32\QsrsDfhk.ini2

C:\Windows\system32\rpscsorn.ini

C:\Windows\System32\rrsDNpVw.ini

C:\Windows\System32\rrsDNpVw.ini2

C:\Windows\System32\RYISBJjl.ini

C:\Windows\System32\RYISBJjl.ini2

C:\Windows\System32\ttwadfhk.ini

C:\Windows\System32\ttwadfhk.ini2

C:\Windows\system32\uhtxwosi.ini

C:\Windows\System32\VDLUwGgh.ini

C:\Windows\System32\VDLUwGgh.ini2

C:\Windows\system32\xekgrruj.ini

C:\Windows\system32\xluatstu.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier cr‚‚ dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-14 09:16 --------- d---a-w C:\ProgramData\TEMP

2008-06-13 14:02 --------- d-----w C:\ProgramData\Google Updater

2008-06-13 13:32 --------- d-----w C:\Program Files\McAfee

2008-06-13 08:52 --------- d-----w C:\Program Files\Enigma Software Group

2008-06-13 07:46 --------- d-----w C:\Users\user\AppData\Roaming\SiteAdvisor

2008-06-13 06:30 --------- d-----w C:\Program Files\Trojan Remover

2008-06-13 06:29 --------- d-----w C:\Users\user\AppData\Roaming\Simply Super Software

2008-06-13 06:29 --------- d-----w C:\ProgramData\Simply Super Software

2008-06-12 20:21 --------- d-----w C:\Users\user\AppData\Roaming\Grisoft

2008-06-12 20:21 --------- d-----w C:\ProgramData\Grisoft

2008-06-12 18:58 --------- d-----w C:\Program Files\WinamaxPoker

2008-06-12 18:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-06-12 17:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-06-12 15:45 --------- d-----w C:\ProgramData\SiteAdvisor

2008-06-12 15:45 --------- d-----w C:\ProgramData\McAfee

2008-06-12 15:45 --------- d-----w C:\Program Files\SiteAdvisor

2008-06-12 15:43 --------- d-----w C:\Program Files\Common Files\McAfee

2008-06-12 15:42 --------- d-----w C:\Program Files\McAfee.com

2008-06-12 15:37 --------- d-----w C:\Users\user\AppData\Roaming\BitComet Turbo

2008-06-10 07:40 --------- d-----w C:\ProgramData\Avira

2008-06-09 16:36 94,208 ----a-w C:\Windows\eobp.exe

2008-06-08 15:43 --------- d-----w C:\Program Files\PokerStars.NET

2008-06-04 15:37 --------- d-----w C:\Users\user\AppData\Roaming\DBDesigner4

2008-06-03 08:02 --------- d-----w C:\Program Files\fabFORCE

2008-06-03 07:50 --------- d-----w C:\Program Files\Common Files\fabFORCE

2008-06-02 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-29 09:26 --------- d-----w C:\Program Files\UltraVNC

2008-05-20 19:41 --------- d-----w C:\Program Files\BitComet Turbo

2008-05-20 14:49 --------- d-----w C:\Program Files\Common Files\ESRI

2008-05-20 14:47 --------- d-----w C:\Program Files\Common Files\SAP Shared

2008-05-20 14:45 --------- d-----w C:\Program Files\SAP

2008-05-20 14:29 --------- d-----w C:\Program Files\Common Files\Deterministic Networks

2008-05-20 14:29 --------- d-----w C:\Program Files\Cisco Systems

2008-05-16 14:50 --------- d-----w C:\Program Files\EasyPHP 2.0b1

2008-05-16 14:48 --------- d-----w C:\Program Files\EasyPHP1-8

2008-05-15 13:07 0 ----a-w C:\Users\user\hsqlprefs.dat

2008-05-15 07:43 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-15 07:43 --------- d-----w C:\Program Files\Windows Mail

2008-04-30 12:31 --------- d-----w C:\Program Files\glassfish-v2ur2

2008-04-30 12:28 --------- d-----w C:\Program Files\NetBeans 6.1

2008-04-30 12:24 --------- d-----w C:\Program Files\Sun

2008-04-30 12:24 --------- d-----w C:\Program Files\Java

2008-04-30 10:18 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-19 16:47 --------- d-----w C:\Program Files\TVAnts

2008-04-19 07:40 174 --sha-w C:\Program Files\desktop.ini

2008-04-19 07:38 --------- d-----w C:\Program Files\Windows Calendar

2008-04-18 18:10 --------- d-----w C:\Program Files\Google

2008-04-18 14:54 --------- d-----w C:\Program Files\VideoLAN

2008-04-18 14:49 --------- d-----w C:\Program Files\Neuf

2008-04-18 12:26 --------- d-----w C:\ProgramData\EPSON

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2587F5F9-BCDF-4076-98EF-AFC65C5BD816}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EF44844-04E6-452E-855F-13E2FA457882}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73F38FF1-5589-4054-8854-D9CC3D41BF98}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C36625A1-9D20-4D9D-84D9-79505549B922}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E737D12F-5D58-46AE-B23A-2E10B9B59493}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

 

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-04 14:50 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 20:08 68856]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]

"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]

"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-02-22 23:53 33136]

"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-02-22 23:53 37232]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 23:57 36640]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-04 15:02 1006264]

"BM23e97a39"="C:\Windows\system32\xluatstu.dll" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 20:08:03 124400]

VPN Client.lnk - C:\Windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-05-20 16:30:32 6144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.HFYU"= huffyuv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3650AB65-A6D1-4DC5-9BE4-DBC503793191}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{F110D963-24A4-4A32-AECB-4D7B92F57578}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"UDP Query User{0593DCFB-547A-44F4-AD8D-575623AAFA1A}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"{83E02905-2596-472E-84B3-9906644AB6B7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{CE1C8D65-D55F-4CAE-A1A2-1F51F3AD3D9D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{011E3821-BF95-4DDE-A19D-B10419DC7029}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{D5854082-714F-4C4C-BDDF-8DECEF86579D}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{2F671D2A-8B07-49C3-8AE8-FDBE7D95D0DA}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"TCP Query User{4AD0D25E-F2C1-4274-BD9B-0D104EF0C931}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"UDP Query User{19FA8CDF-1538-4D69-BDFB-2E95D8600CD6}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"TCP Query User{CBF28D7D-DFCF-4402-A908-985547FA5C79}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{677664CF-46B1-422D-B82F-9108385E457F}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"TCP Query User{6F296CA2-41C4-4AF1-8D12-E9B8271C99C5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{DB254BB1-8B43-4838-ABE4-F3E32F7428D4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{3B7F721A-80A7-46F3-A6C6-C37958CBF703}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{468E9032-FBEC-47E6-AB79-F64579BD7718}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{3CCC03D9-1155-48DF-9221-ED727760AB6E}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{09AB9664-2986-4F55-9D58-3190D403A65A}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"TCP Query User{BDA099A4-DF21-4F41-B405-EDD2F71E2381}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary

"UDP Query User{3E586B84-42EF-4716-8834-F2C127715748}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary

"TCP Query User{A8E1B1F3-1589-46B8-BC41-34D46C361507}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary

"UDP Query User{210AD7BD-E7FF-4FC9-A067-5859176ED567}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary

"TCP Query User{61E54E16-BE82-4C6F-82DD-35645AA7107E}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"UDP Query User{3540DB27-803B-4F09-A658-4F64E0D56941}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"TCP Query User{0826FC94-172E-46E2-91B1-2E3A2227F439}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"UDP Query User{F9FB7A6B-F70F-4EBE-9B04-98C3A17F9D5C}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"TCP Query User{904330A8-C8B7-41F9-9F3D-7BAFA47B099D}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"UDP Query User{45E3FB52-0C41-4C7D-BDB5-86CE097A054B}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"TCP Query User{59781AF4-1D08-441A-80F8-99C5C8DF833F}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"UDP Query User{0226F0BE-DC1E-4C9C-A823-F9CD791AE0D2}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"TCP Query User{3786AC85-0F63-4976-BB58-B42642C820DD}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse

"UDP Query User{3E2DE422-197E-4DB6-84EA-6C13B9EAE37B}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse

"TCP Query User{46264452-1B1C-4375-9AC2-FD57FCA0062B}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary

"UDP Query User{66AF4D16-CB3B-4026-BC90-D324FACA0349}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary

"TCP Query User{3C4C991F-3255-4A5D-8725-010AD2210EE3}C:\\mysql\\bin\\mysqld.exe"= UDP:C:\mysql\bin\mysqld.exe:mysqld

"UDP Query User{A78CA393-57F1-4796-A9F3-629960ADE8AF}C:\\mysql\\bin\\mysqld.exe"= TCP:C:\mysql\bin\mysqld.exe:mysqld

"TCP Query User{F8C41D47-F304-4D68-89A9-05446C4D59A5}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"UDP Query User{0C3D2A7E-96AD-44DE-88D8-E8DC2B797591}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"TCP Query User{5CDA859E-B4BA-4ECF-84D0-702A56AE2760}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"UDP Query User{168505D0-67EA-4C58-BFC1-3DB43DD59FA0}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"TCP Query User{18FB9B8B-DCB5-4653-9D01-0B3A81E9E3CB}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse

"UDP Query User{EAD1218D-0EBD-42B1-B84E-D1C92CCAF563}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse

"TCP Query User{B8E3D5D2-8284-4107-AF23-631851660F1F}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{2153339C-9B55-41A8-8D19-462B1CB1E54A}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{3EAEAB78-386C-4E0F-BFC8-2CC70D3DF1CF}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32

"UDP Query User{61850D05-BAB6-4ADB-9516-6103D20855F6}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32

"{7D7C7041-32B1-47FE-9A53-E84F69D169B3}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 04:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012adae3-1d95-11dd-a9c0-001d604ea05b}]

\shell\Auto\command - cmd /C launch.bat

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eeea8b7-e9ec-11dc-9444-001d604ea05b}]

\shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f8c8ce-0638-11dd-b9eb-001d604ea05b}]

\shell\AutoRun\command - explorer.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e388286b-eab9-11dc-bc70-001d604ea05b}]

\shell\AutoRun\command - I:\autorun.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-12 18:46:32 C:\Windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-06-12 18:46:32 C:\Windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-14 11:54:26

Windows 6.0.6000 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

C:\ADSM_PData_0150

C:\Users\user\AppData\Local\Temp\Cab779F.tmp 27466 bytes

C:\Users\user\AppData\Local\Temp\Tar77A0.tmp 0 bytes

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 3

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\Windows\explorer.exe

-> C:\Program Files\SiteAdvisor\6172\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\Ati2evxx.exe

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\ATK Hotkey\HControl.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\System32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\McAfee\MSC\mcuimgr.exe

C:\Windows\System32\conime.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-14 12:01:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-14 10:01:06

 

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

 

297 --- E O F --- 2008-06-06 13:43:00

[Falkra]

Excellent ! Poste un nouveau rapport HijackThis stp.

[Dadishome]

voila :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:07:09, on 14/06/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe

C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe

C:\Windows\system32\conime.exe

C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe

C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinamaxPoker\WinamaxPoker.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\user\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [bM23e97a39] Rundll32.exe "C:\Windows\system32\xluatstu.dll",s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

 

--

End of file - 9624 bytes

 

 

Depuis que j'ai utilisé Combofix il n'y a plus de probleme donc merci beaucoup Falkra en esperant que ca dure...

[Falkra]

Désactive TeaTimer de spybot (qui par ailleurs ne sert pas à grand chose, ne le réactive pas).

 

• Ouvre le bloc notes. Copie colle ceci dedans :
  

 

File::

C:\Windows\system32\xluatstu.dll

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BM23e97a39"=-

"PowerForPhone"=-

 

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  

• Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

Ca devrait aller mieux après.

[Dadishome]

Voici le rapport :

 

ComboFix 08-06-12.2 - user 2008-06-14 21:13:05.2 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.921 [GMT 2:00]

Endroit: G:\ComboFix.exe

Command switches used :: C:\Users\user\Desktop\CFScript.txt

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier créé dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-14 19:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-06-14 19:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-06-14 15:02 --------- d-----w C:\ProgramData\Google Updater

2008-06-14 09:16 --------- d---a-w C:\ProgramData\TEMP

2008-06-13 13:32 --------- d-----w C:\Program Files\McAfee

2008-06-13 08:52 --------- d-----w C:\Program Files\Enigma Software Group

2008-06-13 07:46 --------- d-----w C:\Users\user\AppData\Roaming\SiteAdvisor

2008-06-13 06:30 --------- d-----w C:\Program Files\Trojan Remover

2008-06-13 06:29 --------- d-----w C:\Users\user\AppData\Roaming\Simply Super Software

2008-06-13 06:29 --------- d-----w C:\ProgramData\Simply Super Software

2008-06-12 20:21 --------- d-----w C:\Users\user\AppData\Roaming\Grisoft

2008-06-12 20:21 --------- d-----w C:\ProgramData\Grisoft

2008-06-12 18:58 --------- d-----w C:\Program Files\WinamaxPoker

2008-06-12 15:45 --------- d-----w C:\ProgramData\SiteAdvisor

2008-06-12 15:45 --------- d-----w C:\ProgramData\McAfee

2008-06-12 15:45 --------- d-----w C:\Program Files\SiteAdvisor

2008-06-12 15:43 --------- d-----w C:\Program Files\Common Files\McAfee

2008-06-12 15:42 --------- d-----w C:\Program Files\McAfee.com

2008-06-12 15:37 --------- d-----w C:\Users\user\AppData\Roaming\BitComet Turbo

2008-06-10 07:40 --------- d-----w C:\ProgramData\Avira

2008-06-09 16:36 94,208 ----a-w C:\Windows\eobp.exe

2008-06-08 15:43 --------- d-----w C:\Program Files\PokerStars.NET

2008-06-04 15:37 --------- d-----w C:\Users\user\AppData\Roaming\DBDesigner4

2008-06-03 08:02 --------- d-----w C:\Program Files\fabFORCE

2008-06-03 07:50 --------- d-----w C:\Program Files\Common Files\fabFORCE

2008-06-02 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-29 09:26 --------- d-----w C:\Program Files\UltraVNC

2008-05-20 19:41 --------- d-----w C:\Program Files\BitComet Turbo

2008-05-20 14:49 --------- d-----w C:\Program Files\Common Files\ESRI

2008-05-20 14:47 --------- d-----w C:\Program Files\Common Files\SAP Shared

2008-05-20 14:45 --------- d-----w C:\Program Files\SAP

2008-05-20 14:29 --------- d-----w C:\Program Files\Common Files\Deterministic Networks

2008-05-20 14:29 --------- d-----w C:\Program Files\Cisco Systems

2008-05-16 14:50 --------- d-----w C:\Program Files\EasyPHP 2.0b1

2008-05-16 14:48 --------- d-----w C:\Program Files\EasyPHP1-8

2008-05-15 13:07 0 ----a-w C:\Users\user\hsqlprefs.dat

2008-05-15 07:43 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-15 07:43 --------- d-----w C:\Program Files\Windows Mail

2008-04-30 12:31 --------- d-----w C:\Program Files\glassfish-v2ur2

2008-04-30 12:28 --------- d-----w C:\Program Files\NetBeans 6.1

2008-04-30 12:24 --------- d-----w C:\Program Files\Sun

2008-04-30 12:24 --------- d-----w C:\Program Files\Java

2008-04-30 10:18 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-19 16:47 --------- d-----w C:\Program Files\TVAnts

2008-04-19 07:40 174 --sha-w C:\Program Files\desktop.ini

2008-04-19 07:38 --------- d-----w C:\Program Files\Windows Calendar

2008-04-18 18:10 --------- d-----w C:\Program Files\Google

2008-04-18 14:54 --------- d-----w C:\Program Files\VideoLAN

2008-04-18 14:49 --------- d-----w C:\Program Files\Neuf

2008-04-18 12:26 --------- d-----w C:\ProgramData\EPSON

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-14_12.00.22.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-14 09:53:35 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-14 17:41:59 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-14 19:12:48 6,119,424 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT

- 2008-06-14 09:53:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-06-14 12:04:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-06-14 09:53:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-06-14 12:04:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-06-13 08:01:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-06-14 12:08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-06-13 08:01:49 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-14 12:08:36 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-13 08:01:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-14 12:08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-06-14 09:54:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-06-14 12:07:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-06-14 12:07:33 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-06-14 09:56:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-06-14 19:27:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-06-14 08:56:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-06-14 12:04:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-06-14 08:56:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-14 12:04:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-14 08:56:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-14 12:04:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe

+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe

- 2008-06-12 20:59:40 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-06-14 12:11:56 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2008-06-14 09:56:39 7,816 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-109432522-3344556543-3763544848-1000_UserData.bin

+ 2008-06-14 12:07:53 8,102 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-109432522-3344556543-3763544848-1000_UserData.bin

- 2008-06-14 09:56:38 82,064 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-06-14 12:07:52 82,134 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-06-14 09:56:33 46,226 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-06-14 12:07:50 46,448 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-06-12 20:12:16 27,884,300 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-06-14 12:21:40 28,605,917 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthenum.sys

+ 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthport.sys

+ 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\BTHUSB.SYS

+ 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\fsquirt.exe

+ 2008-04-29 01:35:24 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthenum.sys

+ 2008-04-29 01:35:25 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthport.sys

+ 2008-04-29 01:35:23 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\BTHUSB.SYS

+ 2008-04-29 01:35:24 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\fsquirt.exe

+ 2008-01-19 05:53:38 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthenum.sys

+ 2008-04-29 01:42:23 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthport.sys

+ 2008-04-29 01:42:21 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\BTHUSB.SYS

+ 2008-04-29 03:54:02 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\fsquirt.exe

+ 2008-04-29 01:43:50 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthenum.sys

+ 2008-04-29 01:43:50 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthport.sys

+ 2008-04-29 01:43:48 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\BTHUSB.SYS

+ 2008-04-29 01:43:51 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\fsquirt.exe

+ 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16681_none_a98fa7bdf5e9f5de\advpack.dll

+ 2008-04-25 04:06:14 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20823_none_aa5c268b0ed51dd7\advpack.dll

+ 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16681_none_a4347a24f0ff937a\quartz.dll

+ 2008-04-26 07:41:59 1,327,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.20823_none_a500f8f209eabb73\quartz.dll

+ 2008-04-26 08:08:15 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18063_none_a6325936ee141f37\quartz.dll

+ 2008-04-26 07:57:58 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22167_none_a6bff72a072e245d\quartz.dll

+ 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16681_none_eb8ab16d1682dbdd\pngfilt.dll

+ 2008-04-25 04:09:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20823_none_ec57303a2f6e03d6\pngfilt.dll

+ 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll

+ 2008-04-25 04:09:51 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll

+ 2008-04-25 04:35:19 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll

+ 2008-04-25 04:21:54 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll

+ 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16681_none_de89e8e87f8c12b0\mstime.dll

+ 2008-04-25 04:08:10 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20823_none_df5667b598773aa9\mstime.dll

+ 2008-04-25 04:35:16 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18063_none_e087c7fa7ca09e6d\mstime.dll

+ 2008-04-25 04:20:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22167_none_e11565ed95baa393\mstime.dll

+ 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\jsproxy.dll

+ 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll

+ 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\WininetPlugin.dll

+ 2008-04-25 04:07:19 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\jsproxy.dll

+ 2008-04-25 04:09:57 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll

+ 2008-04-25 04:09:57 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\WininetPlugin.dll

+ 2008-04-25 04:35:13 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\jsproxy.dll

+ 2008-04-25 04:35:23 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll

+ 2008-04-25 04:35:24 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\WininetPlugin.dll

+ 2008-04-25 04:19:00 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\jsproxy.dll

+ 2008-04-25 04:22:01 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll

+ 2008-04-25 04:22:01 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\WininetPlugin.dll

+ 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dll

+ 2008-04-25 04:07:00 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dll

+ 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtmsft.dll

+ 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtrans.dll

+ 2008-04-25 04:06:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtmsft.dll

+ 2008-04-25 04:06:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtrans.dll

+ 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16681_none_45ed2bab467e2ce2\mshtmled.dll

+ 2008-04-25 04:07:54 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20823_none_46b9aa785f6954db\mshtmled.dll

+ 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none_110754e02542e30a\mshtml.dll

+ 2008-04-25 04:07:54 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none_11d3d3ad3e2e0b03\mshtml.dll

+ 2008-04-25 04:35:14 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none_130533f222576ec7\mshtml.dll

+ 2008-04-25 04:19:50 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none_1392d1e53b7173ed\mshtml.dll

+ 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16681_none_585fc1aa67576f13\icardie.dll

+ 2008-04-25 04:06:59 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20823_none_592c40778042970c\icardie.dll

+ 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\ieUnatt.exe

+ 2008-04-25 04:22:36 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe

+ 2008-04-25 02:03:49 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\ieUnatt.exe

+ 2008-04-25 02:04:08 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe

+ 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\ie4uinit.exe

+ 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iernonce.dll

+ 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iesetup.dll

+ 2008-04-25 02:03:38 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\ie4uinit.exe

+ 2008-04-25 04:07:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iernonce.dll

+ 2008-04-25 04:07:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iesetup.dll

+ 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16681_none_29ba0dd8684286b9\iebrshim.dll

+ 2008-04-25 04:07:00 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20823_none_2a868ca5812daeb2\iebrshim.dll

+ 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieframe.dll

+ 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieui.dll

+ 2008-04-25 04:07:06 6,068,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieframe.dll

+ 2008-04-25 04:07:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieui.dll

+ 2008-04-25 04:22:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16681_none_e6601b6294bbc56f\ieinstal.exe

+ 2008-04-25 02:04:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20823_none_e72c9a2fada6ed68\ieinstal.exe

+ 2008-04-25 04:22:36 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16681_none_0b08507ed7368521\ieuser.exe

+ 2008-04-25 02:04:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20823_none_0bd4cf4bf021ad1a\ieuser.exe

+ 2008-05-02 22:21:56 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16688_none_f0535e6e6e8d6c76\OESpamFilter.dat

+ 2008-05-02 22:17:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20833_none_f10e0b498786feff\OESpamFilter.dat

+ 2008-05-02 22:18:31 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18071_none_f23d6afa6bb23015\OESpamFilter.dat

+ 2008-05-02 22:17:54 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22178_none_f2ce09cb84c98140\OESpamFilter.dat

+ 2008-05-10 01:21:06 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys

+ 2008-05-10 03:30:50 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll

+ 2008-05-10 01:15:20 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys

+ 2008-05-10 03:14:30 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll

+ 2008-05-10 01:33:10 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys

+ 2008-05-10 01:20:02 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys

+ 2008-05-10 03:22:18 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

 

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-04 14:50 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 20:08 68856]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]

"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]

"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-02-22 23:53 33136]

"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-02-22 23:53 37232]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 23:57 36640]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-04 15:02 1006264]

"BM23e97a39"="C:\Windows\system32\xluatstu.dll" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 20:08:03 124400]

VPN Client.lnk - C:\Windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-05-20 16:30:32 6144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.HFYU"= huffyuv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3650AB65-A6D1-4DC5-9BE4-DBC503793191}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{F110D963-24A4-4A32-AECB-4D7B92F57578}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"UDP Query User{0593DCFB-547A-44F4-AD8D-575623AAFA1A}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"{83E02905-2596-472E-84B3-9906644AB6B7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{CE1C8D65-D55F-4CAE-A1A2-1F51F3AD3D9D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{011E3821-BF95-4DDE-A19D-B10419DC7029}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{D5854082-714F-4C4C-BDDF-8DECEF86579D}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{2F671D2A-8B07-49C3-8AE8-FDBE7D95D0DA}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"TCP Query User{4AD0D25E-F2C1-4274-BD9B-0D104EF0C931}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"UDP Query User{19FA8CDF-1538-4D69-BDFB-2E95D8600CD6}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary

"TCP Query User{CBF28D7D-DFCF-4402-A908-985547FA5C79}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{677664CF-46B1-422D-B82F-9108385E457F}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"TCP Query User{6F296CA2-41C4-4AF1-8D12-E9B8271C99C5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{DB254BB1-8B43-4838-ABE4-F3E32F7428D4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{3B7F721A-80A7-46F3-A6C6-C37958CBF703}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{468E9032-FBEC-47E6-AB79-F64579BD7718}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{3CCC03D9-1155-48DF-9221-ED727760AB6E}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{09AB9664-2986-4F55-9D58-3190D403A65A}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"TCP Query User{BDA099A4-DF21-4F41-B405-EDD2F71E2381}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary

"UDP Query User{3E586B84-42EF-4716-8834-F2C127715748}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary

"TCP Query User{A8E1B1F3-1589-46B8-BC41-34D46C361507}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary

"UDP Query User{210AD7BD-E7FF-4FC9-A067-5859176ED567}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary

"TCP Query User{61E54E16-BE82-4C6F-82DD-35645AA7107E}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"UDP Query User{3540DB27-803B-4F09-A658-4F64E0D56941}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"TCP Query User{0826FC94-172E-46E2-91B1-2E3A2227F439}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"UDP Query User{F9FB7A6B-F70F-4EBE-9B04-98C3A17F9D5C}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary

"TCP Query User{904330A8-C8B7-41F9-9F3D-7BAFA47B099D}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"UDP Query User{45E3FB52-0C41-4C7D-BDB5-86CE097A054B}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"TCP Query User{59781AF4-1D08-441A-80F8-99C5C8DF833F}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"UDP Query User{0226F0BE-DC1E-4C9C-A823-F9CD791AE0D2}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary

"TCP Query User{3786AC85-0F63-4976-BB58-B42642C820DD}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse

"UDP Query User{3E2DE422-197E-4DB6-84EA-6C13B9EAE37B}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse

"TCP Query User{46264452-1B1C-4375-9AC2-FD57FCA0062B}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary

"UDP Query User{66AF4D16-CB3B-4026-BC90-D324FACA0349}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary

"TCP Query User{3C4C991F-3255-4A5D-8725-010AD2210EE3}C:\\mysql\\bin\\mysqld.exe"= UDP:C:\mysql\bin\mysqld.exe:mysqld

"UDP Query User{A78CA393-57F1-4796-A9F3-629960ADE8AF}C:\\mysql\\bin\\mysqld.exe"= TCP:C:\mysql\bin\mysqld.exe:mysqld

"TCP Query User{F8C41D47-F304-4D68-89A9-05446C4D59A5}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"UDP Query User{0C3D2A7E-96AD-44DE-88D8-E8DC2B797591}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"TCP Query User{5CDA859E-B4BA-4ECF-84D0-702A56AE2760}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"UDP Query User{168505D0-67EA-4C58-BFC1-3DB43DD59FA0}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows

"TCP Query User{18FB9B8B-DCB5-4653-9D01-0B3A81E9E3CB}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse

"UDP Query User{EAD1218D-0EBD-42B1-B84E-D1C92CCAF563}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse

"TCP Query User{B8E3D5D2-8284-4107-AF23-631851660F1F}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{2153339C-9B55-41A8-8D19-462B1CB1E54A}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{3EAEAB78-386C-4E0F-BFC8-2CC70D3DF1CF}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32

"UDP Query User{61850D05-BAB6-4ADB-9516-6103D20855F6}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32

"{7D7C7041-32B1-47FE-9A53-E84F69D169B3}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 04:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012adae3-1d95-11dd-a9c0-001d604ea05b}]

\shell\Auto\command - cmd /C launch.bat

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eeea8b7-e9ec-11dc-9444-001d604ea05b}]

\shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f8c8ce-0638-11dd-b9eb-001d604ea05b}]

\shell\AutoRun\command - explorer.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e388286b-eab9-11dc-bc70-001d604ea05b}]

\shell\AutoRun\command - I:\autorun.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-06-12 18:46:32 C:\Windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-06-12 18:46:32 C:\Windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-14 21:27:32

Windows 6.0.6000 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

C:\ADSM_PData_0150

 

Scan terminé avec succès

Les fichiers cachés: 1

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\Windows\explorer.exe

-> C:\Program Files\SiteAdvisor\6172\saHook.dll

-> :\Windows\system32\SXS.DLL

.

Temps d'accomplissement: 2008-06-14 21:30:55

ComboFix-quarantined-files.txt 2008-06-14 19:30:38

ComboFix2.txt 2008-06-14 10:01:23

 

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

 

339 --- E O F --- 2008-06-14 12:16:52