[Résolu] Virus dans mon PC

[pear]

Très bien.

J'avais un doute parce que ce sont des fichiers utilisés , parfois, par les malwares.

 

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage.

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mise.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed.

La console de Récupération

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combofix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoiil vous est instament conseillé d' installer d'abord la Console de Récupération sur le pc .

Les utilisateurs de Windows Vista peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Environnement de réparation Vista)

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

Si c'est déjà fait, passez au point 2).

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture >

 

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

* Lorsque ce sera terminé, un message vous dira que la Console a bien été installée puis un rapport nommé CF_RC.txt va s'afficher:

postez en le contenu .

 

Vous allez télécharger Combofix.

 

Renommer ComboFix seulement si on vous le demande

Dans certains cas, Ver Bagle, Rootkit Tdss par exemple,il est nécessaire de renommer ComboFix.exe avant le téléchargement pour traiter l' infection.

SupprimezComboFix.exe (du Bureau, généralement),s'il est sur votre machine, puis télécharger une nouvelle copie

 

Attention, par défaut, Firefox ne permet pas le renommage avant sauvegarde, utiliser plutôt IE

Pour le renommer:

Clic droit sur http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisir "Enregistrer la cible du lien..sous....votre nom.exe ( par exemple dupont.exe)

Choisir le bureau

En bas, à Nom du Fichier:

Vous devez obtenir -> votre nom.exe

Cliquez enfin sur -> Enregistrer

Lancez votrenom.exe

En cas de problème, :

méthode illustrée

 

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

Avant de l'installer,lisez ce Mode opératoire:

Ensuite

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs car ils pourraient perturber le fonctionnement de cet outil

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

 

*Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

Connecter tous les disques amovibles (disque dur externe, clé USB…).

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:Soyez patient!

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[Ibeaux]

voici le rapport :

ComboFix 09-02-10.03 - Ibrahim_Demirel 2009-02-11 16:44:33.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.234 [GMT 1:00]

Lancé depuis: c:\documents and settings\Demirel.TECBIOMEDICUS\Bureau\ibeaux.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\IE4 Error Log.txt

c:\windows\system32\mdm.exe

E:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit

2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- c:\program files\Trend Micro

2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll

2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- c:\windows\ERUNT

2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- c:\program files\Prevx

2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ c:\windows\system32\drivers\pxscan.sys

2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI

2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ c:\windows\wininit.ini

2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- c:\program files\Panda Security

2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD

2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ c:\windows\SonySNCRZ25.ini

2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- c:\program files\RealVNC

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-11 15:57 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\stickies

2009-02-11 15:56 --------- d-----w c:\program files\SysMetrix

2009-02-11 15:55 --------- d-----w c:\program files\PestPatrol

2009-02-10 08:10 --------- d-----w c:\program files\Island Top 9

2009-02-09 12:45 91,648 ----a-w c:\windows\Internet Logs\xDBB5.tmp

2009-02-09 07:35 6,705,664 ----a-w c:\windows\Internet Logs\xDBB4.tmp

2009-02-09 07:35 26,624 ----a-w c:\windows\Internet Logs\xDBB8.tmp

2009-02-09 06:47 6,781,952 ----a-w c:\windows\Internet Logs\xDBB0.tmp

2009-02-09 06:46 1,489,920 ----a-w c:\windows\Internet Logs\xDBB3.tmp

2009-02-09 06:44 --------- d-----w c:\program files\ScanSpyware v3.8.0.2

2009-02-06 13:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\U3

2009-02-05 15:22 --------- d-----w c:\program files\UltraVNC

2009-01-28 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2009-01-14 11:14 --------- d-----w c:\program files\Microsoft ActiveSync

2009-01-09 15:42 --------- d-----w c:\program files\INCU

2009-01-09 11:00 73,216 ----a-w c:\windows\ST6UNST.EXE

2009-01-09 11:00 249,856 ------w c:\windows\Setup1.exe

2009-01-09 07:34 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-22 15:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss

2008-12-11 14:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Canon

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 15:51 6,550,016 ----a-w c:\windows\Internet Logs\xDBAF.tmp

2008-12-05 15:51 48,640 ----a-w c:\windows\Internet Logs\xDBB1.tmp

2008-11-27 15:52 6,521,856 ----a-w c:\windows\Internet Logs\xDBAE.tmp

2008-11-27 15:51 20,992 ----a-w c:\windows\Internet Logs\xDBB2.tmp

2008-11-27 13:56 23,040 ----a-w c:\windows\Internet Logs\xDB149.tmp

2008-11-27 13:49 6,521,856 ----a-w c:\windows\Internet Logs\xDB148.tmp

2008-11-27 07:38 6,521,856 ----a-w c:\windows\Internet Logs\xDBAA.tmp

2008-11-27 07:32 229,888 ----a-w c:\windows\Internet Logs\xDBAB.tmp

2008-11-21 13:59 68,352 ----a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT

2008-07-30 10:23 34,924 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin

2005-03-02 07:26 560 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat

2008-08-21 12:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]

"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-03-14 136512]

"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304]

"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-04-01 693520]

"Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448]

"OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 44032]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2004-09-14 684032]

"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 36864]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-11-14 1115336]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-11-14 1852314]

"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-11-14 135168]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Demirel\Menu D‚marrer\Programmes\D‚marrage\

Stickies.lnk - c:\program files\stickies\stickies.exe [2007-01-22 700416]

 

c:\documents and settings\Demirel.TECBIOMEDICUS\Menu D‚marrer\Programmes\D‚marrage\

PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-09-16 1666048]

Stickies.lnk - c:\program files\stickies\stickies.exe [2007-01-22 700416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

"msacm.avis"= c:\program files\ffdshow\ffdshow.ax

"MSACM.CEGSM"= mobilev.acm

"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

"VIDC.MJPG"= pvmjpg21.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\stickies\\stickies.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"=

"c:\\Program Files\\Island Top 9\\startup.exe"=

"c:\\Program Files\\ICQLite\\ICQLite.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"=

"c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"=

"c:\\Program Files\\SOTI\\Pocket Controller-Professional\\PocketController.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-02-07 17264]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512]

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-05-11 59904]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2004-12-21 18240]

R3 G200;G200;c:\windows\system32\drivers\g200mini.sys [2004-09-14 260992]

S2 KC180;IRXpress USB IrDA Device;c:\windows\system32\drivers\kcirusb.sys [2004-12-06 17904]

S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2004-12-06 11856]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-10 38496]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-04-14 20736]

S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-07-16 299904]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2006-09-05 14468]

S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2008-07-15 311684]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - AcrSch2Svc

*Deregistered* - ALG

*Deregistered* - AudioSrv

*Deregistered* - bgsvcgen

*Deregistered* - Browser

*Deregistered* - CryptSvc

*Deregistered* - CSIScanner

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - helpsvc

*Deregistered* - ImapiService

*Deregistered* - Irmon

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - McAfeeFramework

*Deregistered* - McShield

*Deregistered* - McTaskManager

*Deregistered* - MDM

*Deregistered* - MGABGEXE

*Deregistered* - Netlogon

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - UleadBurningHelper

*Deregistered* - vsmon

*Deregistered* - W32Time

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - wwSecSvc

*Deregistered* - WZCSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - pook.com

\Shell\open\Command - pook.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}]

\Shell\AutoRun\command - H:\a2h2.com

\Shell\open\Command - H:\a2h2.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}]

\Shell\AutoRun\command - iqe68o.bat

\Shell\explore\Command - iqe68o.bat

\Shell\open\Command - iqe68o.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}]

\Shell\AutoRun\command - I:\hl80c6b1.com

\Shell\open\Command - I:\hl80c6b1.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}]

\Shell\AutoRun\command - H:\hl80c6b1.com

\Shell\open\Command - H:\hl80c6b1.com

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

Contenu du dossier 'Tâches planifiées'

 

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

 

2005-10-17 c:\windows\Tasks\XoftSpy.job

- c:\program files\XoftSpy\XoftSpy.exe []

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

HKLM-Run-PestPatrolCL - (no file)

MSConfigStartUp-WinVNC - c:\program files\UltraVNC\WinVNC.exe

 

 

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = 1

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = hxxp://intranet

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: foto.com\be

Trusted Zone: foto.com\www

TCP: {34A93789-78F4-48BC-8CDF-09F7E9EBDA2A} = 192.168.162.5,192.168.162.3

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://asp.photoprintit.de/microsite/999/defaults/activex/ips/IPSUploader4.cab

DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab

FF - ProfilePath - c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - component: c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-11 16:54:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Type"="wellknown"

"Order"=dword:00000001

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]

"Name"="IESettings"

"Type"="IESettings"

"Order"=dword:00000004

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]

"Name"="MediaFiles"

"Type"="MediaFiles"

"Order"=dword:00000003

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]

"Name"="NPW"

"Param1"="NPW"

"Type"="wellknown"

"Order"=dword:00000002

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]

"Name"="Outlook"

"DisplayName"="Microsoft Outlook"

"Param1"="Outlook"

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:00000020

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9e,84,09,44,17,

58,cd,de,a6,f3,14,71,8a,c5,9a,35,74,57,27,9b,54,d1,4d,40,a6,f3,14,71,8a,c5,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a2,fd,9d,69,45,

a0,8f,fb,d0,98,d4,bd,0a,e6,79,92,32,ab,5f,41,f9,4f,b5,16,d0,98,d4,bd,0a,e6,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,a9,0f,f6,38,

6b,6b,c7,09,61,1a,a3,11,00,a2,ae,a9,e5,72,73,67,f7,f0,3a,09,61,1a,a3,11,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5c,7a,1e,62,56,

5d,fb,cf,08,e7,68,d6,5c,b4,cd,f1,58,32,c0,f8,46,d9,77,ad,08,e7,68,d6,5c,b4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,25,05,16,9e,6c,

55,a2,d0,8d,be,12,1e,a1,91,16,6f,48,7d,e3,1e,ee,dc,4e,71,8d,be,12,1e,a1,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,23,d0,51,58,ff,

e7,ff,8f,a3,c5,b5,43,94,bd,19,2e,ab,02,be,84,78,5c,1f,34,a3,c5,b5,43,94,bd,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,2e,87,ab,e7,

de,c7,f0,b8,7b,c0,b9,09,14,fe,bc,cc,31,f7,7b,30,2e,3c,0a,b8,7b,c0,b9,09,14,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,a4,de,03,9d,

46,7f,4d,5d,43,4a,2f,77,91,33,47,55,7e,b7,69,06,3d,ce,6d,5d,43,4a,2f,77,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,65,26,17,1a,d2,

81,20,0d,7e,4b,89,21,03,b8,4e,43,45,ba,5d,9a,29,5a,f0,31,7e,4b,89,21,03,b8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,be,1b,47,66,db,

9d,e5,4c,06,f6,ae,ea,2d,07,2a,77,c5,ac,a4,5e,89,d4,5a,bf,06,f6,ae,ea,2d,07,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c1,a8,c5,5d,10,

f3,67,f0,f7,e9,ec,6d,49,1d,94,58,a5,24,f1,6b,6a,d0,3f,2c,f7,e9,ec,6d,49,1d,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d3,6a,35,1f,89,

03,cc,cb,4d,88,5b,1b,af,d7,a0,d1,06,82,f8,4f,f7,b5,9a,12,4d,88,5b,1b,af,d7,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(892)

c:\windows\system32\relog_ap.dll

c:\windows\system32\EntApi.dll

 

- - - - - - - > 'explorer.exe'(1260)

c:\windows\system32\EntApi.dll

c:\program files\PANICWARE\DON'T_PANIC_FR!\DPHOOK32.DLL

c:\windows\PANICNT.dll

c:\program files\Caere\OmniPagePro90\ophook32.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Prevx\prevx.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Network Associates\VirusScan\mcshield.exe

c:\program files\Network Associates\VirusScan\vstskmgr.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\mgabg.exe

c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\ZoneLabs\vsmon.exe

c:\program files\Network Associates\Common Framework\naPrdMgr.exe

c:\windows\system32\wwSecure.exe

c:\program files\Prevx\prevx.exe

c:\program files\Network Associates\Common Framework\Mctray.exe

c:\windows\system32\ntvdm.exe

c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

.

**************************************************************************

.

Heure de fin: 2009-02-11 17:08:35 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-11 16:08:04

 

Avant-CF: 8.212.127.744 octets libres

AprÞs-CF: 8,131,014,656 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

412 --- E O F --- 2009-01-14 13:49:37

[pear]

Rendez vous à cette addresse:

http://www.virustotal.com/fr/

 

Cliquez sur parcourir pour trouver ce fichier, en gras:

c:\windows\Setup1.exe

 

et cliquez sur "envoyer le fichier"

 

Copiez /collez la réponse dans votre prochain message.

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

 

File::

H:\a2h2.com

I:\hl80c6b1.com

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}]

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Modifié le 11 février 2009 par pear

[Ibeaux]

Bonjour Pear,

 

Hier, j'ai oublié de connecter les clés USB. Je les ai fait ce matin et voici le rapport log.txt :

 

ComboFix 09-02-10.03 - 2009-02-12 8:32:46.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.226 [GMT 1:00]

Lancé depuis: c:\documents and settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit

2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- c:\program files\Trend Micro

2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll

2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- c:\windows\ERUNT

2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- c:\program files\Prevx

2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ c:\windows\system32\drivers\pxscan.sys

2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI

2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ c:\windows\wininit.ini

2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- c:\program files\Panda Security

2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD

2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ c:\windows\SonySNCRZ25.ini

2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- c:\program files\RealVNC

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-12 07:46 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\stickies

2009-02-12 07:45 --------- d-----w c:\program files\SysMetrix

2009-02-12 07:44 --------- d-----w c:\program files\PestPatrol

2009-02-10 08:10 --------- d-----w c:\program files\Island Top 9

2009-02-09 12:45 91,648 ----a-w c:\windows\Internet Logs\xDBB5.tmp

2009-02-09 07:35 6,705,664 ----a-w c:\windows\Internet Logs\xDBB4.tmp

2009-02-09 07:35 26,624 ----a-w c:\windows\Internet Logs\xDBB8.tmp

2009-02-09 06:47 6,781,952 ----a-w c:\windows\Internet Logs\xDBB0.tmp

2009-02-09 06:46 1,489,920 ----a-w c:\windows\Internet Logs\xDBB3.tmp

2009-02-09 06:44 --------- d-----w c:\program files\ScanSpyware v3.8.0.2

2009-02-06 13:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\U3

2009-02-05 15:22 --------- d-----w c:\program files\UltraVNC

2009-01-28 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2009-01-14 11:14 --------- d-----w c:\program files\Microsoft ActiveSync

2009-01-09 15:42 --------- d-----w c:\program files\INCU

2009-01-09 11:00 73,216 ----a-w c:\windows\ST6UNST.EXE

2009-01-09 11:00 249,856 ------w c:\windows\Setup1.exe

2009-01-09 07:34 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-22 15:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-05 15:51 6,550,016 ----a-w c:\windows\Internet Logs\xDBAF.tmp

2008-12-05 15:51 48,640 ----a-w c:\windows\Internet Logs\xDBB1.tmp

2008-11-27 15:52 6,521,856 ----a-w c:\windows\Internet Logs\xDBAE.tmp

2008-11-27 15:51 20,992 ----a-w c:\windows\Internet Logs\xDBB2.tmp

2008-11-27 13:56 23,040 ----a-w c:\windows\Internet Logs\xDB149.tmp

2008-11-27 13:49 6,521,856 ----a-w c:\windows\Internet Logs\xDB148.tmp

2008-11-27 07:38 6,521,856 ----a-w c:\windows\Internet Logs\xDBAA.tmp

2008-11-27 07:32 229,888 ----a-w c:\windows\Internet Logs\xDBAB.tmp

2008-11-21 13:59 68,352 ----a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT

2008-07-30 10:23 34,924 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin

2005-03-02 07:26 560 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat

2008-08-21 12:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-02-11_17.04.01.64 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll

+ 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll

+ 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll

+ 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll

+ 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll

+ 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe

+ 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll

+ 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll

+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll

+ 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll

+ 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll

+ 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll

+ 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll

+ 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe

+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe

+ 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll

+ 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll

+ 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll

+ 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll

+ 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll

+ 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll

+ 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll

+ 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll

+ 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll

+ 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll

+ 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll

+ 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll

+ 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll

- 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2008-12-20 22:46:48 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

- 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-12-20 22:46:48 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-12-20 22:46:48 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-12-20 22:46:49 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-10-16 13:12:20 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-12-19 09:11:12 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-12-20 22:46:49 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

- 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-12-20 22:46:49 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

- 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-10-16 20:18:32 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-12-20 22:46:50 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

+ 2008-12-20 22:46:54 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

- 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe

+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe

- 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-12-20 22:46:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2009-01-16 20:15:42 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-12-20 22:47:01 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-12-20 22:47:01 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-12-20 22:47:02 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll

+ 2008-12-20 22:47:02 102,912 -c----w c:\windows\system32\dllcache\occache.dll

- 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-12-20 22:47:02 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll

+ 2008-12-20 22:47:02 105,984 -c----w c:\windows\system32\dllcache\url.dll

- 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-12-20 22:47:03 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

+ 2008-12-20 22:47:03 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

- 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-12-20 22:47:04 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-12-20 22:46:48 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-12-20 22:46:48 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-12-20 22:46:49 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-12-19 09:11:12 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-12-20 22:46:49 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-12-20 22:46:49 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-12-20 22:46:50 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll

- 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-12-20 22:46:54 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-12-20 22:46:56 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe

+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe

- 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll

- 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-12-20 22:47:01 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-12-20 22:47:01 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-12-20 22:47:02 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-12-20 22:47:02 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll

+ 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll

- 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll

- 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll

+ 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2009-02-12 07:45:42 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2dc.dat

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]

"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-03-14 136512]

"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304]

"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-04-01 693520]

"Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448]

"OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 44032]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2004-09-14 684032]

"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 36864]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-11-14 1115336]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-11-14 1852314]

"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-11-14 135168]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-11-10 49254]

Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-10 113664]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

"msacm.avis"= c:\program files\ffdshow\ffdshow.ax

"MSACM.CEGSM"= mobilev.acm

"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

"VIDC.MJPG"= pvmjpg21.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\stickies\\stickies.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"=

"c:\\Program Files\\Island Top 9\\startup.exe"=

"c:\\Program Files\\ICQLite\\ICQLite.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"=

"c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"=

"c:\\Program Files\\SOTI\\Pocket Controller-Professional\\PocketController.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-02-07 17264]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512]

R0 snapman;Acronis Snapshots Manager;c:\windows\system32\drivers\snapman.sys [2008-07-30 99776]

R0 timounter;Acronis True Image Backup Archive Explorer;c:\windows\system32\drivers\timntr.sys [2008-07-30 392320]

R1 cdrbsdrv;cdrbsdrv;c:\windows\system32\drivers\cdrbsdrv.sys [2005-02-24 32256]

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-05-11 59904]

R1 P3;Pilote processeur Intel Pentium III;c:\windows\system32\drivers\p3.sys [2002-08-29 46848]

R1 StarOpen;StarOpen;c:\windows\system32\drivers\StarOpen.sys [2008-05-07 5632]

R2 AcrSch2Svc;Acronis Scheduler2 Service;c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2006-11-14 397312]

R2 bgsvcgen;B's Recorder GOLD Library General Service;c:\windows\system32\bgsvcgen.exe [2008-10-28 86016]

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-06 4107832]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2004-12-21 18240]

R2 irda;Protocole IrDA;c:\windows\system32\drivers\irda.sys [2004-12-06 88192]

R2 Irmon;Moniteur infrarouge;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336]

R2 MGABGEXE;MGABGEXE;c:\windows\system32\mgabg.exe [2002-01-16 81920]

R2 tifsfilter;Acronis True Image FS Filter;c:\windows\system32\drivers\tifsfilt.sys [2008-07-30 32768]

R2 UleadBurningHelper;Ulead Burning Helper;c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2008-02-06 49152]

R3 ASAPIW2k;ASAPIW2K;c:\windows\system32\drivers\asapiW2k.sys [2005-07-05 11264]

R3 E100B;Pilote de carte Intel ® PRO;c:\windows\system32\drivers\e100b325.sys [2004-11-05 117760]

R3 EntDrv51;EntDrv51;c:\windows\system32\drivers\entdrv51.sys [2007-11-26 8320]

R3 G200;G200;c:\windows\system32\drivers\g200mini.sys [2004-09-14 260992]

R3 Rasirda;Miniport réseau étendu (IrDA);c:\windows\system32\drivers\rasirda.sys [2004-12-06 19584]

S1 cdrbsvsd;cdrbsvsd; [x]

S2 KC180;IRXpress USB IrDA Device;c:\windows\system32\drivers\kcirusb.sys [2004-12-06 17904]

S3 DWMRCS;DameWare Mini Remote Control;c:\windows\SYSTEM32\DWRCS.EXE -service --> c:\windows\SYSTEM32\DWRCS.EXE -service [?]

S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2004-12-06 11856]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-10 38496]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-04-14 20736]

S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-07-16 299904]

S3 MSIRCOMM;Microsoft IR Communications Driver;c:\windows\system32\drivers\msircomm.sys [2004-12-14 22016]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2006-09-05 14468]

S3 NdisIP;Connection TV/vidéo Microsoft;c:\windows\system32\drivers\ndisip.sys [2008-07-15 10880]

S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2008-07-15 311684]

S3 SLIP;Détrameur décalage BDA;c:\windows\system32\drivers\slip.sys [2008-07-15 11136]

S3 StillCam;Pilote d'appareil photo numérique série;c:\windows\system32\drivers\serscan.sys [2004-11-16 6912]

S3 usb_rndisx;USB RNDIS Adapter;c:\windows\system32\drivers\usb8023x.sys [2004-08-04 12800]

S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [2005-07-26 104576]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - ENTDRV51

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - pook.com

\Shell\open\Command - pook.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}]

\Shell\AutoRun\command - iqe68o.bat

\Shell\explore\Command - iqe68o.bat

\Shell\open\Command - iqe68o.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}]

\Shell\AutoRun\command - I:\hl80c6b1.com

\Shell\open\Command - I:\hl80c6b1.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}]

\Shell\AutoRun\command - H:\hl80c6b1.com

\Shell\open\Command - H:\hl80c6b1.com

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

Contenu du dossier 'Tâches planifiées'

 

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

 

2005-10-17 c:\windows\Tasks\XoftSpy.job

- c:\program files\XoftSpy\XoftSpy.exe []

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = 1

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = hxxp://intranet

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: foto.com\be

Trusted Zone: foto.com\www

TCP: {34A93789-78F4-48BC-8CDF-09F7E9EBDA2A} = 192.168.162.5,192.168.162.3

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://asp.photoprintit.de/microsite/999/defaults/activex/ips/IPSUploader4.cab

DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab

FF - ProfilePath - c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - component: c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-12 08:42:25

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Type"="wellknown"

"Order"=dword:00000001

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]

"Name"="IESettings"

"Type"="IESettings"

"Order"=dword:00000004

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]

"Name"="MediaFiles"

"Type"="MediaFiles"

"Order"=dword:00000003

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]

"Name"="NPW"

"Param1"="NPW"

"Type"="wellknown"

"Order"=dword:00000002

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]

"Name"="Outlook"

"DisplayName"="Microsoft Outlook"

"Param1"="Outlook"

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:00000020

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9e,84,09,44,17,

58,cd,de,a6,f3,14,71,8a,c5,9a,35,74,57,27,9b,54,d1,4d,40,a6,f3,14,71,8a,c5,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a2,fd,9d,69,45,

a0,8f,fb,d0,98,d4,bd,0a,e6,79,92,32,ab,5f,41,f9,4f,b5,16,d0,98,d4,bd,0a,e6,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,a9,0f,f6,38,

6b,6b,c7,09,61,1a,a3,11,00,a2,ae,a9,e5,72,73,67,f7,f0,3a,09,61,1a,a3,11,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5c,7a,1e,62,56,

5d,fb,cf,08,e7,68,d6,5c,b4,cd,f1,58,32,c0,f8,46,d9,77,ad,08,e7,68,d6,5c,b4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,25,05,16,9e,6c,

55,a2,d0,8d,be,12,1e,a1,91,16,6f,48,7d,e3,1e,ee,dc,4e,71,8d,be,12,1e,a1,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,23,d0,51,58,ff,

e7,ff,8f,a3,c5,b5,43,94,bd,19,2e,ab,02,be,84,78,5c,1f,34,a3,c5,b5,43,94,bd,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,2e,87,ab,e7,

de,c7,f0,b8,7b,c0,b9,09,14,fe,bc,cc,31,f7,7b,30,2e,3c,0a,b8,7b,c0,b9,09,14,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,a4,de,03,9d,

46,7f,4d,5d,43,4a,2f,77,91,33,47,55,7e,b7,69,06,3d,ce,6d,5d,43,4a,2f,77,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,65,26,17,1a,d2,

81,20,0d,7e,4b,89,21,03,b8,4e,43,45,ba,5d,9a,29,5a,f0,31,7e,4b,89,21,03,b8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,be,1b,47,66,db,

9d,e5,4c,06,f6,ae,ea,2d,07,2a,77,c5,ac,a4,5e,89,d4,5a,bf,06,f6,ae,ea,2d,07,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c1,a8,c5,5d,10,

f3,67,f0,f7,e9,ec,6d,49,1d,94,58,a5,24,f1,6b,6a,d0,3f,2c,f7,e9,ec,6d,49,1d,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d3,6a,35,1f,89,

03,cc,cb,4d,88,5b,1b,af,d7,a0,d1,06,82,f8,4f,f7,b5,9a,12,4d,88,5b,1b,af,d7,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(952)

c:\windows\system32\relog_ap.dll

c:\windows\system32\EntApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\Network Associates\VirusScan\mcshield.exe

c:\program files\Network Associates\VirusScan\vstskmgr.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Network Associates\Common Framework\naPrdMgr.exe

c:\windows\system32\wwSecure.exe

c:\program files\Network Associates\Common Framework\Mctray.exe

c:\windows\system32\ntvdm.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\stickies\stickies.exe

.

**************************************************************************

.

Heure de fin: 2009-02-12 8:55:08 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-12 07:54:39

ComboFix2.txt 2009-02-11 16:47:29

ComboFix3.txt 2009-02-11 16:09:14

 

Avant-CF: 8.060.502.016 octets libres

Après-CF: 7,972,007,936 octets libres

 

504 --- E O F --- 2009-02-12 02:08:55

[Ibeaux]

Je viens d'envoyer pour analyse le fichier setup1.exe et voici le rapport :

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.73 2009.01.04 -

AhnLab-V3 2008.12.31.0 2009.01.04 -

AntiVir 7.9.0.45 2009.01.04 -

Authentium 5.1.0.4 2009.01.04 -

Avast 4.8.1281.0 2009.01.04 -

AVG 8.0.0.199 2009.01.04 -

BitDefender 7.2 2009.01.05 -

CAT-QuickHeal 10.00 2009.01.03 -

ClamAV 0.94.1 2009.01.04 -

Comodo 874 2009.01.04 -

DrWeb 4.44.0.09170 2009.01.04 -

eTrust-Vet 31.6.6289 2009.01.02 -

Ewido 4.0 2008.12.31 -

F-Prot 4.4.4.56 2009.01.04 -

F-Secure 8.0.14470.0 2009.01.05 -

Fortinet 3.117.0.0 2009.01.04 -

GData 19 2009.01.05 -

Ikarus T3.1.1.45.0 2009.01.03 -

K7AntiVirus 7.10.575 2009.01.03 -

Kaspersky 7.0.0.125 2009.01.05 -

McAfee 5484 2009.01.04 -

McAfee+Artemis 5484 2009.01.04 -

Microsoft 1.4205 2009.01.05 -

NOD32 3735 2009.01.04 -

Norman 5.80.02 2009.01.02 -

Panda 9.0.0.4 2009.01.04 -

PCTools 4.4.2.0 2009.01.04 -

Prevx1 V2 2009.01.05 -

Rising 21.10.62.00 2009.01.04 -

SecureWeb-Gateway 6.7.6 2009.01.04 -

Sophos 4.37.0 2009.01.05 -

Sunbelt 3.2.1809.2 2008.12.22 -

TheHacker 6.3.1.4.205 2009.01.05 -

TrendMicro 8.700.0.1004 2009.01.04 -

VBA32 3.12.8.10 2009.01.04 -

ViRobot 2009.1.3.1541 2009.01.03 -

VirusBuster 4.5.11.0 2009.01.04 -

Information additionnelle

File size: 249856 bytes

MD5...: 5365986bd88284801b2e9099a1436574

SHA1..: d3d3982279b2172b0189c9e73afaf2d4861afdbf

SHA256: abd1894cfba767db39f26ce0180fda3c95272013569572b8c106512c413f69d4

SHA512: 7ef79a08c963b96e45e4bd636668bca23259e3ab060a0e1c80d357882c74637e

73d4b8300bd4a28070e27fd80cadba7c6adbae282c4cd6c7dee2a898a74440e1

 

ssdeep: 6144:0ZIKgce2fzNn3mzSAj0UTp1bDQwZefWnwJIB:0Zvaj0UTp1XtV

 

PEiD..: -

TrID..: File type identification

Win32 Executable Microsoft Visual Basic 6 (71.5%)

Win32 Executable MS Visual C++ (generic) (21.3%)

Win32 Executable Generic (4.8%)

Generic Win/DOS Executable (1.1%)

DOS Executable Generic (1.1%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x4037e0

timedatestamp.....: 0x36fb7f82 (Fri Mar 26 12:37:22 1999)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x350ec 0x36000 6.00 2e908fa76d0554a5c14c50b724bdb060

.data 0x37000 0x5390 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110

.rsrc 0x3d000 0x4edc 0x5000 3.53 5a00390dca08fbd73762cd18629c078f

 

( 1 imports )

> MSVBVM60.DLL: __vbaVarTstGt, __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLineInputStr, __vbaLenBstr, -, __vbaStrVarMove, -, -, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, __vbaResume, __vbaStrCat, __vbaRecDestruct, __vbaSetSystemError, __vbaNameFile, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaBoolStr, __vbaExitProc, __vbaFileCloseAll, -, __vbaCyAdd, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVar, __vbaForEachCollVar, -, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, __vbaLateMemStAd, __vbaNextEachCollObj, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, -, __vbaCyI2, __vbaStrCmp, __vbaVarTstEq, __vbaCyI4, __vbaNextEachCollVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaFpCmpCy, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaVarDiv, -, __vbaFPException, __vbaInStrVar, -, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaDateVar, -, __vbaI2Var, -, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, -, __vbaInStr, __vbaNew2, -, __vbaCyMulI2, _adj_fdiv_m32i, -, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, -, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, -, _adj_fdiv_r, -, -, -, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, __vbaVarCopy, -, __vbaVarLateMemCallLd, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaStrVarCopy, -, _allmul, __vbaLenVarB, __vbaLateIdSt, _CItan, -, __vbaAryUnlock, _CIexp, __vbaMidStmtBstr, -, __vbaFreeStr, __vbaFreeObj, -

 

( 0 exports )

 

ThreatExpert info: http://www.threatexpert.com/report.aspx?md...b2e9099a1436574

[pear]

C'est bien.

 

J'attends le rapport Combofix en suite à mon message #23

[Ibeaux]

Il est en cours, ça met un peu plus de temps que d'habitude, dès que je l'ai, je le poste.

Bonne journée,

[Ibeaux]

Voilà le rapport de combofix:

 

Je peux activer l'option pour visualiser les fichiers cachées ainsi que les dossiers.

 

ComboFix 09-02-10.03 - 2009-02-12 9:47:07.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.281 [GMT 1:00]

Lancé depuis: C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe

Commutateurs utilisés :: C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

H:\a2h2.com

I:\hl80c6b1.com

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit

2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- C:\Program Files\Trend Micro

2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- C:\WINDOWS\ERUNT

2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes

2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- C:\Program Files\Prevx

2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ C:\WINDOWS\system32\drivers\pxscan.sys

2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI

2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ C:\WINDOWS\wininit.ini

2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- C:\Program Files\Panda Security

2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD

2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ C:\WINDOWS\SonySNCRZ25.ini

2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- C:\Program Files\RealVNC

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-12 08:56 --------- d-----w C:\Program Files\SysMetrix

2009-02-12 08:56 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\stickies

2009-02-12 08:54 --------- d-----w C:\Program Files\PestPatrol

2009-02-10 08:10 --------- d-----w C:\Program Files\Island Top 9

2009-02-09 12:45 91,648 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp

2009-02-09 07:35 6,705,664 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp

2009-02-09 07:35 26,624 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp

2009-02-09 06:47 6,781,952 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp

2009-02-09 06:46 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp

2009-02-09 06:44 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.2

2009-02-06 13:33 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\U3

2009-02-05 15:22 --------- d-----w C:\Program Files\UltraVNC

2009-01-28 06:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2009-01-14 11:14 --------- d-----w C:\Program Files\Microsoft ActiveSync

2009-01-09 15:42 --------- d-----w C:\Program Files\INCU

2009-01-09 11:00 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2009-01-09 11:00 249,856 ------w C:\WINDOWS\Setup1.exe

2009-01-09 07:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-12-22 15:33 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss

2008-12-20 22:47 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-12-05 15:51 6,550,016 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp

2008-12-05 15:51 48,640 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp

2008-11-27 15:52 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp

2008-11-27 15:51 20,992 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp

2008-11-27 13:56 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB149.tmp

2008-11-27 13:49 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDB148.tmp

2008-11-27 07:38 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp

2008-11-27 07:32 229,888 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp

2008-11-21 13:59 68,352 ----a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT

2008-07-30 10:23 34,924 -c--a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin

2005-03-02 07:26 560 -c--a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat

2008-08-21 12:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat

.

[pear]

Le rapport est tronqué , non?

[Ibeaux]

Effectivement, il a l'air tronqué. Je pensais n'avoir copier/coller qu'une partie, mais c'est pas le cas.

Il n'y a que cela dans le rapport.

Je recommance la procédure en mode sans échec peut-être?

Le fichier, c'est bien celui qui est dans le répértoire C:\combofix\combofix.txt