Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] fenetres intempestives

frozz

Par frozz
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Procédons par ordre:

 

1)Copiez collez le contenu de c:\Combofix.txt

 

2)désinstallez combofix

Pour supprimer Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

 

3)Si vous voulez installer la console de récupération,retéléchargez et suivez la procédure indiquée.

Modifié par pear

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)
j'ai pas de fichier combofix dans C:\

 

Faites une recherche de combofix.txt dans C:\

IL se serait peut-être logé ailleurs qu'à la racine,bien que je n'y croie guère.

 

Sinon, faites la suite, au moins le 2.

 

Dans un message précédent ,vous m'aviez interrogé sur mes liens.

Sans trop en comprendre la raison, j'avais répondu "oui, pourquoi".

 

Depuis je me suis aperçu que le site Mabul qui hébergeait les gifs animés était en panne.

J'ai donc modifié les liens en conséquence.

Ca fonctionne désormais pour la Console.

Modifié par pear
  • 3 semaines après...
frozz Junior Member

frozz

Posté(e)
  • Auteur
Posté(e)

Bonjour, désolé pour le grand retard milles excuses, voici le rapport:

 

 

 

ComboFix 09-03-01.01 - erdt 2009-03-02 17:41:22.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.576 [GMT 1:00]

Lancé depuis: c:\documents and settings\erdt\Bureau\101010.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated)

FW: Norton AntiVirus *enabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\setup.exe

c:\windows\system32\_002951_.tmp.dll

c:\windows\system32\_002952_.tmp.dll

c:\windows\system32\_002953_.tmp.dll

c:\windows\system32\advapi32new.dll

c:\windows\system32\apphelpnew.dll

c:\windows\system32\AutoRun.inf

c:\windows\system32\crypt32new.dll

c:\windows\system32\d3d10core.dll

c:\windows\system32\kernel32new.dll

c:\windows\system32\MabryObj.dll

c:\windows\system32\msvcrtnew.dll

c:\windows\system32\ntdsapinew.dll

c:\windows\system32\powrprofnew.dll

c:\windows\system32\Process.exe

c:\windows\system32\secur32new.dll

c:\windows\system32\user32new.dll

c:\windows\system32\winstanew.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-02 17:34 . 2009-03-02 17:34 <REP> d----c--- C:\erdt

2009-03-02 17:29 . 2009-03-02 17:32 <REP> d----c--- C:\ComboFix

2009-03-02 17:28 . 2009-03-02 17:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-03-02 17:24 . 2009-03-02 17:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard

2009-03-02 17:24 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2009-03-02 17:20 . 2009-03-02 17:20 <REP> d-------- c:\program files\Hewlett-Packard

2009-03-02 17:19 . 2009-03-02 17:19 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard

2009-03-02 17:17 . 2009-03-02 17:38 <REP> d-------- c:\windows\LastGood

2009-03-02 17:17 . 2007-03-18 07:11 675,840 --a------ c:\windows\system32\hpowiax3.dll

2009-03-02 17:17 . 2007-03-18 07:11 569,344 --a------ c:\windows\system32\hpotscl3.dll

2009-03-02 17:17 . 2007-03-18 07:11 303,104 --a------ c:\windows\system32\hpovst10.dll

2009-03-02 17:17 . 2007-03-31 06:07 267,864 --a------ c:\windows\system32\hpzids01.dll

2009-03-02 17:16 . 2009-03-02 17:16 <REP> d-------- c:\program files\HP

2009-03-02 17:15 . 2009-03-02 17:25 132,529 --a------ c:\windows\hpoins14.dat

2009-03-02 17:15 . 2007-09-21 12:59 1,996 --------- c:\windows\hpomdl14.dat

2009-03-01 12:52 . 2009-03-01 12:52 <REP> d-------- c:\documents and settings\erdt\Application Data\XemiComputers

2009-03-01 11:28 . 2009-03-01 11:31 <REP> d-------- c:\program files\TGTSoft

2009-03-01 11:28 . 2009-03-01 11:28 88 --a------ c:\windows\StyleBuilder.INI

2009-02-28 20:52 . 2009-02-28 20:52 <REP> d----c--- C:\Dell

2009-02-28 20:49 . 2009-02-28 20:49 <REP> d-------- c:\windows\OPTIONS

2009-02-28 00:42 . 2009-02-28 01:27 <REP> d-------- c:\documents and settings\erdt\Application Data\Ventrilo

2009-02-28 00:40 . 2009-02-28 01:33 <REP> d-------- c:\program files\VentSrv

2009-02-28 00:39 . 2009-02-28 01:33 <REP> d-------- c:\program files\Ventrilo

2009-02-28 00:38 . 2009-02-28 00:39 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2009-02-28 00:37 . 2009-02-28 00:39 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

2009-02-27 09:27 . 2009-02-27 09:33 <REP> d--h-c--- c:\windows\ie8

2009-02-27 00:57 . 2009-02-27 00:58 <REP> d-------- c:\documents and settings\erdt\Application Data\dvdcss

2009-02-27 00:56 . 2009-02-27 11:40 <REP> d-------- c:\documents and settings\erdt\Application Data\vlc

2009-02-27 00:54 . 2009-02-27 00:54 <REP> d-------- c:\program files\VideoLAN

2009-02-27 00:18 . 2009-02-27 00:18 <REP> d-------- c:\program files\Safari

2009-02-27 00:17 . 2009-02-27 00:17 <REP> d-------- c:\program files\Bonjour

2009-02-26 17:15 . 2009-02-26 17:15 <REP> d-------- c:\program files\MzRam

2009-02-25 22:32 . 2009-02-28 13:37 3,688 --a------ c:\windows\system32\d3d9caps.dat

2009-02-25 20:53 . 2006-08-22 21:05 520,192 --------- c:\windows\system32\ati2sgag.exe

2009-02-25 20:51 . 2006-11-10 12:29 <REP> d----c--- C:\Driver

2009-02-25 20:51 . 2006-11-10 12:29 <REP> d----c--- C:\ACE

2009-02-25 20:51 . 2006-08-23 09:05 1,686,484 --a--c--- C:\data1.cab

2009-02-25 20:51 . 2009-02-25 20:51 1,529,216 --a--c--- C:\GenuineCheck.exe

2009-02-25 20:51 . 2006-08-23 09:05 512 --a--c--- C:\data2.cab

2009-02-25 20:45 . 2009-02-25 20:47 45,490,823 --a--c--- C:\ati catalyst-mobility-6.9-all-kxp.exe

2009-02-25 15:50 . 2009-02-25 15:50 <REP> d----c--- C:\DirectX10 RC2 Fix 3-Pre-Final

2009-02-25 15:50 . 2009-02-28 23:57 716,153 --a------ c:\windows\system32\unins000.exe

2009-02-25 15:50 . 2008-03-05 16:03 329,224 --a------ c:\windows\system32\DXErr.exe

2009-02-25 15:50 . 2008-03-05 16:03 209,416 --a------ c:\windows\system32\dxcpl.exe

2009-02-25 15:50 . 2009-02-28 23:57 12,731 --a------ c:\windows\system32\unins000.dat

2009-02-25 15:48 . 2009-02-25 15:49 4,764,495 --a--c--- C:\DirectX10_RC2_Fix_3-Pre-Final.zip

2009-02-25 15:22 . 2009-02-25 15:33 26,699,048 --a--c--- C:\SafariSetup.exe

2009-02-23 17:10 . 2009-03-01 12:51 <REP> d-------- c:\program files\Teamspeak2_RC2

2009-02-23 16:42 . 2009-02-23 16:42 1,657,659 --a--c--- C:\ts2_server_rc2_202319.exe

2009-02-23 16:39 . 2009-02-23 16:39 <REP> d-------- c:\documents and settings\erdt\Application Data\teamspeak2

2009-02-23 16:38 . 2009-02-23 16:38 5,862,994 --a--c--- C:\ts2_client_rc2_2032.exe

2009-02-23 16:38 . 2009-02-23 16:38 34,064 --a------ c:\windows\system32\lhacm.acm

2009-02-22 19:49 . 2009-02-22 19:49 <REP> d-------- c:\program files\TaskSwitchXP

2009-02-22 19:40 . 2009-02-27 17:09 <REP> d--h----- c:\windows\NiwradSoft Shell Pack

2009-02-22 16:49 . 2009-02-22 16:49 <REP> d--hs---- c:\windows\ftpcache

2009-02-22 16:48 . 2009-02-22 16:50 <REP> d-------- c:\program files\iSpeed

2009-02-22 14:48 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe

2009-02-22 14:48 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf

2009-02-22 00:42 . 2009-02-22 00:42 <REP> d-------- c:\documents and settings\erdt\Application Data\dBpoweramp

2009-02-21 12:24 . 2009-01-24 15:30 219,648 --a------ c:\windows\system32\uxtheme.dll.backup

2009-02-20 18:31 . 2003-08-03 15:31 90,624 --a------ c:\program files\tclock2.exe

2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll

2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll

2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys

2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys

2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf

2009-02-18 19:42 . 2009-02-18 19:42 <REP> d-------- c:\documents and settings\erdt\Application Data\River Past G5

2009-02-18 19:42 . 2009-02-22 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\River Past G5

2009-02-18 18:16 . 2009-02-18 18:16 27,958 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.bmp

2009-02-18 18:16 . 2009-02-18 18:16 2,180 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat

2009-02-18 18:08 . 2009-02-18 18:08 <REP> d-------- c:\documents and settings\erdt\Application Data\AccurateRip

2009-02-18 18:07 . 2009-02-18 18:07 <REP> d-------- c:\program files\Illustrate

2009-02-18 18:07 . 2009-02-18 18:16 167,936 --a------ c:\windows\system32\SpoonUninstall.exe

2009-02-18 18:07 . 2009-02-18 18:07 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp

2009-02-18 18:07 . 2009-02-18 18:07 13,785 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-02-17 23:16 . 2009-02-17 23:16 <REP> d-------- c:\program files\Fichiers communs\DVDVIDEOSOFT

2009-02-17 23:16 . 2002-01-05 15:37 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-02-16 22:35 . 2009-02-16 23:06 <REP> d-------- c:\documents and settings\erdt\Application Data\LimeWire

2009-02-16 22:31 . 2009-02-16 22:35 <REP> d-------- c:\program files\LimeWire

2009-02-15 18:43 . 2009-02-27 11:57 <REP> d----c--- C:\Nexon

2009-02-15 17:10 . 2008-04-13 19:33 21,504 --a------ c:\windows\system32\hidserv.dll

2009-02-15 17:10 . 2008-04-13 19:33 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll

2009-02-15 17:10 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys

2009-02-15 17:10 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\dllcache\kbdhid.sys

2009-02-15 14:39 . 2009-02-15 14:39 22,200 --ah----- c:\windows\system32\mlfcache.dat

2009-02-14 20:57 . 2009-02-14 21:09 <REP> d-------- c:\program files\CleanUp!

2009-02-14 17:56 . 2009-02-14 17:59 <REP> d----c--- C:\rsit

2009-02-14 17:46 . 2008-04-13 19:34 230,912 --a------ c:\windows\system32\dllcache\regedit.exe.exe.exe

2009-02-14 17:44 . 2009-02-14 17:44 543 --a------ c:\windows\Raccourci vers regedit.exe.exe.lnk

2009-02-14 15:52 . 2009-02-14 21:14 4,411 --a------ c:\windows\pop.htm

2009-02-14 15:33 . 2009-02-14 15:33 <REP> d--hs---- c:\documents and settings\erdt\PrivacIE

2009-02-14 15:32 . 2009-02-14 15:32 <REP> d--hs---- c:\documents and settings\erdt\IECompatCache

2009-02-14 15:31 . 2009-02-14 15:31 <REP> d--hs---- c:\documents and settings\erdt\IETldCache

2009-02-14 13:47 . 2009-02-14 13:47 4,158 --a------ c:\program files\hijackthis.vbs

2009-02-14 12:14 . 2009-02-14 12:14 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-14 12:14 . 2009-02-14 12:14 <REP> d-------- c:\documents and settings\erdt\Application Data\Malwarebytes

2009-02-14 12:14 . 2009-02-14 12:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-14 12:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-14 12:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-14 11:15 . 2009-02-14 11:15 401,720 --a--c--- c:\program files\Karcher.exe

2009-02-14 11:13 . 2009-02-27 09:34 <REP> d-------- c:\windows\ie8updates

2009-02-14 10:48 . 2009-01-11 06:00 79,360 --------- c:\windows\system32\dllcache\iecompat.dll

2009-02-14 10:15 . 2009-02-14 10:57 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-02-14 10:05 . 2009-02-14 10:14 <REP> d-------- c:\program files\Navilog1

2009-02-14 08:57 . 2009-02-14 08:57 <REP> d-------- c:\program files\Lavasoft

2009-02-14 08:57 . 2009-02-14 08:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-13 22:07 . 2009-02-13 22:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-13 20:39 . 2009-02-13 20:40 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-02-13 20:39 . 2009-02-22 15:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-13 20:32 . 2009-02-13 20:32 <REP> d-------- c:\program files\SpywareBlaster

2009-02-13 20:32 . 2009-02-13 20:32 <REP> d-------- c:\documents and settings\All Users\Application Data\TEMP

2009-02-12 18:11 . 2009-02-23 23:44 <REP> d-------- c:\program files\eMule

2009-02-12 17:24 . 2009-02-13 20:26 <REP> d-------- c:\program files\Steam

2009-02-11 17:50 . 2009-02-11 17:50 <REP> d-------- c:\program files\XP

2009-02-11 17:50 . 2009-02-11 17:50 <REP> d-------- c:\program files\NeXT

2009-02-11 17:50 . 2009-02-11 17:50 <REP> d-------- c:\program files\Language

2009-02-11 17:50 . 2009-02-11 17:50 <REP> d-------- c:\program files\Digital

2009-02-11 17:50 . 2009-02-11 17:50 <REP> d-------- c:\program files\Default

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-01 20:14 --------- d-----w c:\program files\Fichiers communs\Symantec Shared

2009-03-01 10:23 --------- d-----w c:\documents and settings\erdt\Application Data\uTorrent

2009-02-28 20:20 413,696 ----a-w c:\windows\system32\wrap_oal.dll

2009-02-28 20:20 110,592 ----a-w c:\windows\system32\OpenAL32.dll

2009-02-28 19:49 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-28 19:48 164,864 ----a-w c:\windows\system32\drivers\RTL8180.sys

2009-02-27 08:14 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-02-25 21:42 64,061 ----a-w c:\program files\AUG2007_d3dx9_35_x64.cab

2009-02-25 19:52 --------- d-----w c:\program files\ATI Technologies

2009-02-22 18:40 219,648 ----a-w c:\windows\system32\uxtheme.dll

2009-02-21 18:18 --------- d-----w c:\program files\ViStart

2009-02-21 01:32 --------- d-----w c:\program files\Windows Live

2009-02-17 15:34 --------- d-----w c:\program files\SQLyog Community

2009-02-17 15:34 --------- d-----w c:\documents and settings\erdt\Application Data\SQLyog

2009-02-14 16:59 --------- d-----w c:\program files\Trend Micro

2009-02-14 10:20 9,502 ----a-w c:\program files\hijackthis.log

2009-02-07 19:08 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment

2009-01-31 22:42 --------- d-----w c:\documents and settings\erdt\Application Data\Apple Computer

2009-01-31 20:33 --------- d-----w c:\program files\iTunes

2009-01-31 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-31 20:32 --------- d-----w c:\program files\iPod

2009-01-31 20:32 --------- d-----w c:\program files\Fichiers communs\Apple

2009-01-31 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-31 20:31 --------- d-----w c:\program files\QuickTime

2009-01-28 20:31 --------- d-----w c:\program files\MySQL

2009-01-28 20:15 --------- d-----w c:\documents and settings\erdt\Application Data\Grisoft

2009-01-28 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft

2009-01-28 15:24 --------- d-----w c:\program files\No-IP

2009-01-28 15:19 --------- d-----w c:\program files\DIFX

2009-01-27 21:10 --------- d-----w c:\program files\SystemRequirementsLab

2009-01-27 21:10 --------- d-----w c:\documents and settings\erdt\Application Data\SystemRequirementsLab

2009-01-27 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-01-27 16:44 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-27 16:44 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL

2009-01-27 16:44 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-27 16:44 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-27 16:44 --------- d-----w c:\program files\Symantec

2009-01-27 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia

2009-01-27 13:24 --------- d-----w c:\program files\Nokia

2009-01-27 13:23 --------- d-----w c:\program files\Fichiers communs\Nokia

2009-01-27 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2009-01-26 20:44 --------- d-----w c:\program files\OpenOffice.org 3

2009-01-26 20:44 --------- d-----w c:\program files\JRE

2009-01-26 20:43 --------- d-----w c:\program files\Java

2009-01-26 20:39 --------- d-----w c:\program files\Fichiers communs\Java

2009-01-26 20:02 --------- d-----w c:\program files\Fichiers communs\Adobe

2009-01-26 19:59 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-25 17:02 --------- d-----w c:\program files\Reference Assemblies

2009-01-25 17:02 --------- d-----w c:\program files\MSBuild

2009-01-25 16:55 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}

2009-01-25 11:43 --------- d-----w c:\program files\Cacheman

2009-01-25 11:21 --------- d-----w c:\program files\GlobFX Technologies

2009-01-25 02:29 --------- d-----w c:\program files\Full Speed

2009-01-25 01:59 --------- d-----w c:\documents and settings\All Users\Application Data\NexonEU

2009-01-25 01:43 --------- d-----w c:\program files\CCleaner

2009-01-25 00:58 --------- d-----w c:\program files\Act 3d

2009-01-25 00:57 --------- d-----w c:\program files\Apple Software Update

2009-01-25 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2009-01-25 00:10 --------- d---a-w c:\program files\TrueTransparency

2009-01-25 00:08 5,650,944 ----a-w c:\windows\system32\logonuiX.exe

2009-01-25 00:05 --------- d-----w c:\program files\Stardock

2009-01-25 00:05 --------- d-----w c:\program files\Fichiers communs\Stardock

2009-01-24 23:49 --------- d-----w c:\program files\TB

2009-01-24 23:41 --------- d-----w c:\program files\wallpaper

2009-01-24 23:41 --------- d-----w c:\program files\UNRAR

2009-01-24 23:41 --------- d-----w c:\program files\shadow

2009-01-24 23:41 --------- d-----w c:\program files\msstyles

2009-01-24 23:41 --------- d-----w c:\program files\image

2009-01-24 23:41 --------- d-----w c:\documents and settings\erdt\Application Data\Styler

2009-01-24 23:31 --------- d-----w c:\program files\Vista Styler

2009-01-24 15:15 193,220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe

2009-01-24 15:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-01-24 15:11 --------- d-----w c:\program files\Microsoft

2009-01-24 15:05 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-24 14:56 --------- d-----w c:\program files\WinCustomize

2009-01-24 14:47 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-01-24 14:44 --------- d-----w c:\program files\Norton AntiVirus

2009-01-24 14:41 --------- d-----w c:\program files\Windows Media Connect 2

2009-01-24 14:37 --------- d-----w c:\program files\uTorrent

2009-01-24 14:33 --------- d-----w c:\program files\Fichiers communs\Windows Live

2009-01-24 14:32 --------- d-----w c:\program files\Windows Sidebar

2009-01-24 14:30 64,026 ----a-w c:\windows\BricoPackUninst.cmd

2009-01-24 14:30 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd

2009-01-24 14:29 --------- d-----w c:\documents and settings\erdt\Application Data\ViStart

2009-01-24 14:16 --------- d-----w c:\program files\Google

2009-01-24 12:18 --------- d-----w c:\documents and settings\erdt\Application Data\Symantec

2009-01-24 12:14 --------- d-----w c:\program files\Opera

2009-01-24 10:38 --------- d-----w c:\program files\CyberLink

2009-01-24 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2009-01-24 10:34 --------- d-----w c:\program files\Virtual CD v4 SDK

2009-01-24 10:30 --------- d-----w c:\program files\Real

2009-01-24 10:30 --------- d-----w c:\program files\Fichiers communs\xing shared

2009-01-24 10:30 --------- d-----w c:\program files\Fichiers communs\Real

2009-01-24 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime

2009-01-24 10:29 --------- d-----w c:\program files\Fichiers communs\TVNavigTechnologies Shared

2009-01-24 10:29 --------- d-----w c:\program files\Fichiers communs\InstallShield

2009-01-24 10:27 --------- d-----w c:\documents and settings\erdt\Application Data\InterTrust

2009-01-24 10:27 --------- d-----w c:\documents and settings\Administrateur\Application Data\InterTrust

2009-01-24 10:20 --------- d-----w c:\program files\Synaptics

2009-01-24 10:19 --------- d-----w c:\program files\VIA

.

 

------- Sigcheck -------

 

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\NiwradSoft Shell Pack\TempFiles\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\ServicePackFiles\i386\user32.dll

2005-03-02 19:21 562176 6eef91ad23c3474c934174d11c6da321 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp1qfe\user32.dll

2005-03-02 19:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\user32.dll

2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\user32.dll

2002-08-30 13:00 561152 0abf2f5280940d32d1d52bd3500b0c37 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\user32.dll

2005-03-02 19:21 562176 6eef91ad23c3474c934174d11c6da321 c:\windows\SoftwareDistribution\Download\cbdc1787b6b277961f5fc0d18aa5c3d2\sp1qfe\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\system32\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\system32\dllcache\user32.dll

 

2008-08-14 19:26 2068096 755b50949d0dbc0f0136b0db58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\Driver Cache\i386\ntkrnlpa.exe

2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\NiwradSoft Shell Pack\TempFiles\ntkrnlpa.exe

2008-08-14 14:23 2229248 11ed3598aef0dd03dddc9526e76f42a8 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

2004-10-28 02:27 1959424 939a0369e78bfb0bd342302e86390a09 c:\windows\SoftwareDistribution\Download\08fcc408139b43fa0e9fa6d9360a7752\sp1qfe\ntkrnlpa.exe

2005-03-02 19:17 1959424 d0a4b5f428873b73a75178605b6db10d c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp1qfe\ntkrnlpa.exe

2005-03-02 19:07 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\ntkrnlpa.exe

2005-03-02 19:13 2059008 5311776074b6c13f983dc75baeac9c0c c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\ntkrnlpa.exe

2003-02-05 11:28 1951872 c43bd608a00e80d499a660ae103f0fe3 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\ntkrnlpa.exe

2008-08-14 14:23 2229248 11ed3598aef0dd03dddc9526e76f42a8 c:\windows\system32\ntkrnlpa.exe

2008-08-14 14:23 2229248 11ed3598aef0dd03dddc9526e76f42a8 c:\windows\system32\dllcache\ntkrnlpa.exe

 

2008-08-14 19:26 2191232 d79210549bbf09b7638e860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\NiwradSoft Shell Pack\TempFiles\ntoskrnl.exe

2008-08-14 14:23 2352384 4c0d5bc0de23f79a02a8d7c1d7741519 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

2004-10-28 02:27 2092032 a8a188ac824aac564048c3a61a94ab9c c:\windows\SoftwareDistribution\Download\08fcc408139b43fa0e9fa6d9360a7752\sp1qfe\ntoskrnl.exe

2005-03-02 19:17 2044416 131b4b0968e429b4221a7f0d8f0a26c7 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp1qfe\ntoskrnl.exe

2005-03-02 19:08 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\ntoskrnl.exe

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\ntoskrnl.exe

2002-08-29 11:42 2045824 f58b3ce36566d6061a496dc595a8aaa3 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\ntoskrnl.exe

2008-08-14 14:23 2352384 4c0d5bc0de23f79a02a8d7c1d7741519 c:\windows\system32\ntoskrnl.exe

2008-08-14 14:23 2352384 4c0d5bc0de23f79a02a8d7c1d7741519 c:\windows\system32\dllcache\ntoskrnl.exe

 

2008-04-13 19:34 1544704 0f884302612083417931cc9d64eb930a c:\windows\explorer.exe

2008-04-13 19:34 1571328 68536f1b366f990f9094ce6ed64dec41 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

2008-04-13 19:34 1571328 68536f1b366f990f9094ce6ed64dec41 c:\windows\NiwradSoft Shell Pack\TempFiles\explorer.exe

2008-04-13 19:34 1544704 0f884302612083417931cc9d64eb930a c:\windows\ServicePackFiles\i386\explorer.exe

2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\explorer.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-24 151597]

"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

 

c:\documents and settings\erdt\Menu D‚marrer\Programmes\D‚marrage\

Teamspeak RC2.lnk - c:\program files\Teamspeak2_RC2\TeamSpeak.exe [2003-08-29 1436160]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms EU\\NMService.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"e:\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8080:TCP"= 8080:TCP:accès au serveur web

"8085:TCP"= 8085:TCP:Royaume 1

"8084:TCP"= 8084:TCP:Royaume 2

"80:TCP"= 80:TCP:O

"3306:TCP"= 3306:TCP:connexion à la db de mangos

"3427:TCP"= 3427:TCP:PO

"3724:TCP"= 3724:TCP:connexion à la base Realmd

"3306:UDP"= 3306:UDP:tnw

"8767:TCP"= 8767:TCP:ts

"8767:UDP"= 8767:UDP:tS

"3784:TCP"= 3784:TCP:ca

"3784:UDP"= 3784:UDP:combatarms

 

R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [2009-01-24 49232]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2008-01-25 149352]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [2009-01-24 139264]

R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [1980-01-01 68224]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]

R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2009-01-24 164864]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - NET_DRIVER_HPZ12

*NewlyCreated* - PML_DRIVER_HPZ12

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

 

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-01-24 c:\windows\Tasks\HDReg.job

- c:\apps\HDReg\HDRegRem.exe [2002-10-02 11:57]

 

2009-01-24 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - erdt.job

- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

 

2009-01-24 c:\windows\Tasks\Rappel d'enregistrement 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:34]

 

2009-01-24 c:\windows\Tasks\Rappel d'enregistrement 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:34]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-Active Desktop Calendar - c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-02 17:44:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1504)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1568)

c:\windows\system32\SETUPAPI.dll

.

Heure de fin: 2009-03-02 17:47:57

ComboFix-quarantined-files.txt 2009-03-02 16:47:46

 

Avant-CF: 29,182,623,744 octets libres

Après-CF: 29,581,676,544 octets libres

 

422 --- E O F --- 2009-02-25 20:27:49

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

 

 

 

 

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

c:\program files\Bonjour

 

File::

c:\windows\system32\d3d9caps.dat

c:\Program Files\Bonjour\mDNSResponder.exe

c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Driver::

mDNSResponder

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

frozz Junior Member

frozz

Posté(e)
  • Auteur
Posté(e)

Voici le rapport du premier scan, je m occupe a l instant du prochain :

 

 

 

ComboFix 09-03-01.01 - erdt 2009-03-02 21:11:05.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.756 [GMT 1:00]

Lancé depuis: c:\documents and settings\erdt\Bureau\101010.exe

Commutateurs utilisés :: c:\documents and settings\erdt\Mes documents\CFScript.txt

AV: Norton AntiVirus *On-access scanning disabled* (Updated)

FW: Norton AntiVirus *enabled*

* Un nouveau point de restauration a été créé

 

FILE ::

c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\d3d9caps.dat

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Bonjour

c:\program files\Bonjour\About Bonjour.rtf

c:\program files\Bonjour\mdnsNSP.dll

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\d3d9caps.dat

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-02 19:09 . 2009-03-02 19:09 <REP> d-------- c:\documents and settings\erdt\Application Data\HP

2009-03-02 19:03 . 2009-03-02 19:03 <REP> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY

2009-03-02 19:01 . 2009-03-02 19:01 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

2009-03-02 19:01 . 2009-03-02 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\HP

2009-03-02 19:00 . 2009-03-02 19:00 <REP> d-------- c:\program files\Fichiers communs\HP

2009-03-02 18:54 . 2009-03-02 17:25 132,529 --------- c:\windows\hpoins14.dat.temp

2009-03-02 18:54 . 2007-09-21 12:59 1,996 --------- c:\windows\hpomdl14.dat.temp

2009-03-02 18:00 . 2009-03-02 18:00 <REP> d---s---- c:\documents and settings\NetworkService\Favoris

2009-03-02 17:34 . 2009-03-02 17:34 <REP> d----c--- C:\erdt

2009-03-02 17:29 . 2009-03-02 17:32 <REP> d----c--- C:\ComboFix

2009-03-02 17:28 . 2009-03-02 17:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-03-02 17:24 . 2009-03-02 17:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard

2009-03-02 17:24 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2009-03-02 17:20 . 2009-03-02 17:20 <REP> d-------- c:\program files\Hewlett-Packard

2009-03-02 17:19 . 2009-03-02 17:19 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard

2009-03-02 17:17 . 2007-03-18 07:11 675,840 --a------ c:\windows\system32\hpowiax3.dll

2009-03-02 17:17 . 2007-03-18 07:11 569,344 --a------ c:\windows\system32\hpotscl3.dll

2009-03-02 17:17 . 2007-03-18 07:11 303,104 --a------ c:\windows\system32\hpovst10.dll

2009-03-02 17:17 . 2007-03-31 06:07 267,864 --a------ c:\windows\system32\hpzids01.dll

2009-03-02 17:16 . 2009-03-02 19:04 <REP> d-------- c:\program files\HP

2009-03-02 17:15 . 2009-03-02 19:09 160,115 --a------ c:\windows\hpoins14.dat

2009-03-02 17:15 . 2007-09-21 11:48 2,000 --------- c:\windows\hpomdl14.dat

2009-03-01 12:52 . 2009-03-01 12:52 <REP> d-------- c:\documents and settings\erdt\Application Data\XemiComputers

2009-03-01 11:28 . 2009-03-01 11:31 <REP> d-------- c:\program files\TGTSoft

2009-03-01 11:28 . 2009-03-01 11:28 88 --a------ c:\windows\StyleBuilder.INI

2009-02-28 20:52 . 2009-02-28 20:52 <REP> d----c--- C:\Dell

2009-02-28 20:49 . 2009-02-28 20:49 <REP> d-------- c:\windows\OPTIONS

2009-02-28 00:42 . 2009-02-28 01:27 <REP> d-------- c:\documents and settings\erdt\Application Data\Ventrilo

2009-02-28 00:40 . 2009-02-28 01:33 <REP> d-------- c:\program files\VentSrv

2009-02-28 00:39 . 2009-02-28 01:33 <REP> d-------- c:\program files\Ventrilo

2009-02-28 00:38 . 2009-02-28 00:39 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2009-02-28 00:37 . 2009-02-28 00:39 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

2009-02-27 09:27 . 2009-02-27 09:33 <REP> d--h-c--- c:\windows\ie8

2009-02-27 00:57 . 2009-02-27 00:58 <REP> d-------- c:\documents and settings\erdt\Application Data\dvdcss

2009-02-27 00:56 . 2009-02-27 11:40 <REP> d-------- c:\documents and settings\erdt\Application Data\vlc

2009-02-27 00:54 . 2009-02-27 00:54 <REP> d-------- c:\program files\VideoLAN

2009-02-27 00:18 . 2009-02-27 00:18 <REP> d-------- c:\program files\Safari

2009-02-26 17:15 . 2009-02-26 17:15 <REP> d-------- c:\program files\MzRam

2009-02-25 20:53 . 2006-08-22 21:05 520,192 --------- c:\windows\system32\ati2sgag.exe

2009-02-25 20:51 . 2006-11-10 12:29 <REP> d----c--- C:\Driver

2009-02-25 20:51 . 2006-11-10 12:29 <REP> d----c--- C:\ACE

2009-02-25 20:51 . 2006-08-23 09:05 1,686,484 --a--c--- C:\data1.cab

2009-02-25 20:51 . 2009-02-25 20:51 1,529,216 --a--c--- C:\GenuineCheck.exe

2009-02-25 20:51 . 2006-08-23 09:05 512 --a--c--- C:\data2.cab

2009-02-25 20:45 . 2009-02-25 20:47 45,490,823 --a--c--- C:\ati catalyst-mobility-6.9-all-kxp.exe

2009-02-25 15:50 . 2009-02-25 15:50 <REP> d----c--- C:\DirectX10 RC2 Fix 3-Pre-Final

2009-02-25 15:50 . 2009-02-28 23:57 716,153 --a------ c:\windows\system32\unins000.exe

2009-02-25 15:50 . 2008-03-05 16:03 329,224 --a------ c:\windows\system32\DXErr.exe

2009-02-25 15:50 . 2008-03-05 16:03 209,416 --a------ c:\windows\system32\dxcpl.exe

2009-02-25 15:50 . 2009-02-28 23:57 12,731 --a------ c:\windows\system32\unins000.dat

2009-02-25 15:48 . 2009-02-25 15:49 4,764,495 --a--c--- C:\DirectX10_RC2_Fix_3-Pre-Final.zip

2009-02-25 15:22 . 2009-02-25 15:33 26,699,048 --a--c--- C:\SafariSetup.exe

2009-02-23 17:10 . 2009-03-01 12:51 <REP> d-------- c:\program files\Teamspeak2_RC2

2009-02-23 16:42 . 2009-02-23 16:42 1,657,659 --a--c--- C:\ts2_server_rc2_202319.exe

2009-02-23 16:39 . 2009-02-23 16:39 <REP> d-------- c:\documents and settings\erdt\Application Data\teamspeak2

2009-02-23 16:38 . 2009-02-23 16:38 5,862,994 --a--c--- C:\ts2_client_rc2_2032.exe

2009-02-23 16:38 . 2009-02-23 16:38 34,064 --a------ c:\windows\system32\lhacm.acm

2009-02-22 19:49 . 2009-02-22 19:49 <REP> d-------- c:\program files\TaskSwitchXP

2009-02-22 19:40 . 2009-02-27 17:09 <REP> d--h----- c:\windows\NiwradSoft Shell Pack

2009-02-22 16:49 . 2009-02-22 16:49 <REP> d--hs---- c:\windows\ftpcache

2009-02-22 16:48 . 2009-02-22 16:50 <REP> d-------- c:\program files\iSpeed

2009-02-22 14:48 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe

2009-02-22 14:48 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf

2009-02-22 00:42 . 2009-02-22 00:42 <REP> d-------- c:\documents and settings\erdt\Application Data\dBpoweramp

2009-02-21 12:24 . 2009-01-24 15:30 219,648 --a------ c:\windows\system32\uxtheme.dll.backup

2009-02-20 18:31 . 2003-08-03 15:31 90,624 --a------ c:\program files\tclock2.exe

2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll

2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll

2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys

2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys

2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf

2009-02-18 19:42 . 2009-02-18 19:42 <REP> d-------- c:\documents and settings\erdt\Application Data\River Past G5

2009-02-18 19:42 . 2009-02-22 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\River Past G5

2009-02-18 18:16 . 2009-02-18 18:16 27,958 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.bmp

2009-02-18 18:16 . 2009-02-18 18:16 2,180 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat

2009-02-18 18:08 . 2009-02-18 18:08 <REP> d-------- c:\documents and settings\erdt\Application Data\AccurateRip

2009-02-18 18:07 . 2009-02-18 18:07 <REP> d-------- c:\program files\Illustrate

2009-02-18 18:07 . 2009-02-18 18:16 167,936 --a------ c:\windows\system32\SpoonUninstall.exe

2009-02-18 18:07 . 2009-02-18 18:07 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp

2009-02-18 18:07 . 2009-02-18 18:07 13,785 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-02-17 23:16 . 2009-02-17 23:16 <REP> d-------- c:\program files\Fichiers communs\DVDVIDEOSOFT

2009-02-17 23:16 . 2002-01-05 15:37 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-02-16 22:35 . 2009-02-16 23:06 <REP> d-------- c:\documents and settings\erdt\Application Data\LimeWire

2009-02-16 22:31 . 2009-02-16 22:35 <REP> d-------- c:\program files\LimeWire

2009-02-15 18:43 . 2009-02-27 11:57 <REP> d----c--- C:\Nexon

2009-02-15 17:10 . 2008-04-13 19:33 21,504 --a------ c:\windows\system32\hidserv.dll

2009-02-15 17:10 . 2008-04-13 19:33 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll

2009-02-15 17:10 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys

2009-02-15 17:10 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\dllcache\kbdhid.sys

2009-02-15 14:39 . 2009-02-15 14:39 22,200 --ah----- c:\windows\system32\mlfcache.dat

2009-02-14 20:57 . 2009-02-14 21:09 <REP> d-------- c:\program files\CleanUp!

2009-02-14 17:56 . 2009-02-14 17:59 <REP> d----c--- C:\rsit

2009-02-14 17:46 . 2008-04-13 19:34 230,912 --a------ c:\windows\system32\dllcache\regedit.exe.exe.exe

2009-02-14 17:44 . 2009-02-14 17:44 543 --a------ c:\windows\Raccourci vers regedit.exe.exe.lnk

2009-02-14 15:52 . 2009-02-14 21:14 4,411 --a------ c:\windows\pop.htm

2009-02-14 15:33 . 2009-02-14 15:33 <REP> d--hs---- c:\documents and settings\erdt\PrivacIE

2009-02-14 15:32 . 2009-02-14 15:32 <REP> d--hs---- c:\documents and settings\erdt\IECompatCache

2009-02-14 15:31 . 2009-02-14 15:31 <REP> d--hs---- c:\documents and settings\erdt\IETldCache

2009-02-14 13:47 . 2009-02-14 13:47 4,158 --a------ c:\program files\hijackthis.vbs

2009-02-14 12:14 . 2009-02-14 12:14 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-14 12:14 . 2009-02-14 12:14 <REP> d-------- c:\documents and settings\erdt\Application Data\Malwarebytes

2009-02-14 12:14 . 2009-02-14 12:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-14 12:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-14 12:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-14 11:15 . 2009-02-14 11:15 401,720 --a--c--- c:\program files\Karcher.exe

2009-02-14 11:13 . 2009-02-27 09:34 <REP> d-------- c:\windows\ie8updates

2009-02-14 10:48 . 2009-01-11 06:00 79,360 --------- c:\windows\system32\dllcache\iecompat.dll

2009-02-14 10:15 . 2009-02-14 10:57 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-02-14 10:05 . 2009-02-14 10:14 <REP> d-------- c:\program files\Navilog1

2009-02-14 08:57 . 2009-02-14 08:57 <REP> d-------- c:\program files\Lavasoft

2009-02-14 08:57 . 2009-02-14 08:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-13 22:07 . 2009-02-13 22:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-13 20:39 . 2009-02-13 20:40 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-02-13 20:39 . 2009-02-22 15:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-13 20:32 . 2009-02-13 20:32 <REP> d-------- c:\program files\SpywareBlaster

2009-02-13 20:32 . 2009-02-13 20:32 <REP> d-------- c:\documents and settings\All Users\Application Data\TEMP

2009-02-12 18:11 . 2009-02-23 23:44 <REP> d-------- c:\program files\eMule

2009-02-12 17:24 . 2009-02-13 20:26 <REP> d-------- c:\program files\Steam

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-02 17:48 --------- d-----w c:\program files\Fichiers communs\Symantec Shared

2009-03-01 10:23 --------- d-----w c:\documents and settings\erdt\Application Data\uTorrent

2009-02-28 19:49 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-28 19:48 164,864 ----a-w c:\windows\system32\drivers\RTL8180.sys

2009-02-27 08:14 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-02-25 21:42 64,061 ----a-w c:\program files\AUG2007_d3dx9_35_x64.cab

2009-02-25 19:52 --------- d-----w c:\program files\ATI Technologies

2009-02-21 18:18 --------- d-----w c:\program files\ViStart

2009-02-21 01:32 --------- d-----w c:\program files\Windows Live

2009-02-17 15:34 --------- d-----w c:\program files\SQLyog Community

2009-02-17 15:34 --------- d-----w c:\documents and settings\erdt\Application Data\SQLyog

2009-02-14 16:59 --------- d-----w c:\program files\Trend Micro

2009-02-14 10:20 9,502 ----a-w c:\program files\hijackthis.log

2009-02-07 19:08 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment

2009-01-31 22:42 --------- d-----w c:\documents and settings\erdt\Application Data\Apple Computer

2009-01-31 20:33 --------- d-----w c:\program files\iTunes

2009-01-31 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-31 20:32 --------- d-----w c:\program files\iPod

2009-01-31 20:32 --------- d-----w c:\program files\Fichiers communs\Apple

2009-01-31 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-31 20:31 --------- d-----w c:\program files\QuickTime

2009-01-28 20:31 --------- d-----w c:\program files\MySQL

2009-01-28 20:15 --------- d-----w c:\documents and settings\erdt\Application Data\Grisoft

2009-01-28 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft

2009-01-28 15:24 --------- d-----w c:\program files\No-IP

2009-01-28 15:19 --------- d-----w c:\program files\DIFX

2009-01-27 21:10 --------- d-----w c:\program files\SystemRequirementsLab

2009-01-27 21:10 --------- d-----w c:\documents and settings\erdt\Application Data\SystemRequirementsLab

2009-01-27 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-01-27 16:44 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-27 16:44 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-27 16:44 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-27 16:44 --------- d-----w c:\program files\Symantec

2009-01-27 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia

2009-01-27 13:24 --------- d-----w c:\program files\Nokia

2009-01-27 13:23 --------- d-----w c:\program files\Fichiers communs\Nokia

2009-01-27 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2009-01-26 20:44 --------- d-----w c:\program files\OpenOffice.org 3

2009-01-26 20:44 --------- d-----w c:\program files\JRE

2009-01-26 20:43 --------- d-----w c:\program files\Java

2009-01-26 20:39 --------- d-----w c:\program files\Fichiers communs\Java

2009-01-26 20:02 --------- d-----w c:\program files\Fichiers communs\Adobe

2009-01-25 17:02 --------- d-----w c:\program files\Reference Assemblies

2009-01-25 17:02 --------- d-----w c:\program files\MSBuild

2009-01-25 16:55 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}

2009-01-25 11:43 --------- d-----w c:\program files\Cacheman

2009-01-25 11:21 --------- d-----w c:\program files\GlobFX Technologies

2009-01-25 02:29 --------- d-----w c:\program files\Full Speed

2009-01-25 01:59 --------- d-----w c:\documents and settings\All Users\Application Data\NexonEU

2009-01-25 01:43 --------- d-----w c:\program files\CCleaner

2009-01-25 00:58 --------- d-----w c:\program files\Act 3d

2009-01-25 00:57 --------- d-----w c:\program files\Apple Software Update

2009-01-25 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2009-01-25 00:10 --------- d---a-w c:\program files\TrueTransparency

2009-01-25 00:05 --------- d-----w c:\program files\Stardock

2009-01-25 00:05 --------- d-----w c:\program files\Fichiers communs\Stardock

2009-01-24 23:49 --------- d-----w c:\program files\TB

2009-01-24 23:41 --------- d-----w c:\program files\wallpaper

2009-01-24 23:41 --------- d-----w c:\program files\UNRAR

2009-01-24 23:41 --------- d-----w c:\program files\shadow

2009-01-24 23:41 --------- d-----w c:\program files\msstyles

2009-01-24 23:41 --------- d-----w c:\program files\image

2009-01-24 23:41 --------- d-----w c:\documents and settings\erdt\Application Data\Styler

2009-01-24 23:31 --------- d-----w c:\program files\Vista Styler

2009-01-24 15:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-01-24 15:11 --------- d-----w c:\program files\Microsoft

2009-01-24 15:05 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-24 14:56 --------- d-----w c:\program files\WinCustomize

2009-01-24 14:47 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-01-24 14:44 --------- d-----w c:\program files\Norton AntiVirus

2009-01-24 14:41 --------- d-----w c:\program files\Windows Media Connect 2

2009-01-24 14:37 --------- d-----w c:\program files\uTorrent

2009-01-24 14:33 --------- d-----w c:\program files\Fichiers communs\Windows Live

2009-01-24 14:32 --------- d-----w c:\program files\Windows Sidebar

2009-01-24 14:30 64,026 ----a-w c:\windows\BricoPackUninst.cmd

2009-01-24 14:30 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd

2009-01-24 14:29 --------- d-----w c:\documents and settings\erdt\Application Data\ViStart

2009-01-24 14:16 --------- d-----w c:\program files\Google

2009-01-24 12:18 --------- d-----w c:\documents and settings\erdt\Application Data\Symantec

2009-01-24 12:14 --------- d-----w c:\program files\Opera

2009-01-24 10:38 --------- d-----w c:\program files\CyberLink

2009-01-24 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2009-01-24 10:34 --------- d-----w c:\program files\Virtual CD v4 SDK

2009-01-24 10:30 --------- d-----w c:\program files\Real

2009-01-24 10:30 --------- d-----w c:\program files\Fichiers communs\xing shared

2009-01-24 10:30 --------- d-----w c:\program files\Fichiers communs\Real

2009-01-24 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime

2009-01-24 10:29 --------- d-----w c:\program files\Fichiers communs\TVNavigTechnologies Shared

2009-01-24 10:29 --------- d-----w c:\program files\Fichiers communs\InstallShield

2009-01-24 10:27 --------- d-----w c:\documents and settings\erdt\Application Data\InterTrust

2009-01-24 10:27 --------- d-----w c:\documents and settings\Administrateur\Application Data\InterTrust

2009-01-24 10:20 --------- d-----w c:\program files\Synaptics

2009-01-24 10:19 --------- d-----w c:\program files\VIA

2008-10-27 09:37 696,881 ----a-w c:\program files\APR2007_d3dx10_33_x86.cab

2008-10-27 09:37 196,782 ----a-w c:\program files\APR2007_XACT_x64.cab

2008-10-27 09:37 183,919 ----a-w c:\program files\AUG2006_XACT_x64.cab

2008-10-27 09:37 180,149 ----a-w c:\program files\Apr2006_XACT_x64.cab

2008-10-27 09:37 152,241 ----a-w c:\program files\APR2007_XACT_x86.cab

2008-10-27 09:37 139,033 ----a-w c:\program files\OCT2006_XACT_x86.cab

2008-10-27 09:37 138,251 ----a-w c:\program files\AUG2006_XACT_x86.cab

.

 

------- Sigcheck -------

 

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\NiwradSoft Shell Pack\TempFiles\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\ServicePackFiles\i386\user32.dll

2005-03-02 19:21 562176 6eef91ad23c3474c934174d11c6da321 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp1qfe\user32.dll

2005-03-02 19:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\user32.dll

2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\user32.dll

2002-08-30 13:00 561152 0abf2f5280940d32d1d52bd3500b0c37 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\user32.dll

2005-03-02 19:21 562176 6eef91ad23c3474c934174d11c6da321 c:\windows\SoftwareDistribution\Download\cbdc1787b6b277961f5fc0d18aa5c3d2\sp1qfe\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\system32\user32.dll

2008-04-13 19:33 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\system32\dllcache\user32.dll

 

2008-08-14 19:26 2068096 755b50949d0dbc0f0136b0db58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\Driver Cache\i386\ntkrnlpa.exe

2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\NiwradSoft Shell Pack\TempFiles\ntkrnlpa.exe

2008-08-14 14:23 2229248 11ed3598aef0dd03dddc9526e76f42a8 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

2004-10-28 02:27 1959424 939a0369e78bfb0bd342302e86390a09 c:\windows\SoftwareDistribution\Download\08fcc408139b43fa0e9fa6d9360a7752\sp1qfe\ntkrnlpa.exe

2005-03-02 19:17 1959424 d0a4b5f428873b73a75178605b6db10d c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp1qfe\ntkrnlpa.exe

2005-03-02 19:07 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\ntkrnlpa.exe

2005-03-02 19:13 2059008 5311776074b6c13f983dc75baeac9c0c c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\ntkrnlpa.exe

2003-02-05 11:28 1951872 c43bd608a00e80d499a660ae103f0fe3 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\ntkrnlpa.exe

2008-08-14 14:23 2229248 11ed3598aef0dd03dddc9526e76f42a8 c:\windows\system32\ntkrnlpa.exe

2008-08-14 14:23 2229248 11ed3598aef0dd03dddc9526e76f42a8 c:\windows\system32\dllcache\ntkrnlpa.exe

 

2008-08-14 19:26 2191232 d79210549bbf09b7638e860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\NiwradSoft Shell Pack\TempFiles\ntoskrnl.exe

2008-08-14 14:23 2352384 4c0d5bc0de23f79a02a8d7c1d7741519 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

2004-10-28 02:27 2092032 a8a188ac824aac564048c3a61a94ab9c c:\windows\SoftwareDistribution\Download\08fcc408139b43fa0e9fa6d9360a7752\sp1qfe\ntoskrnl.exe

2005-03-02 19:17 2044416 131b4b0968e429b4221a7f0d8f0a26c7 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp1qfe\ntoskrnl.exe

2005-03-02 19:08 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\ntoskrnl.exe

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\ntoskrnl.exe

2002-08-29 11:42 2045824 f58b3ce36566d6061a496dc595a8aaa3 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\ntoskrnl.exe

2008-08-14 14:23 2352384 4c0d5bc0de23f79a02a8d7c1d7741519 c:\windows\system32\ntoskrnl.exe

2008-08-14 14:23 2352384 4c0d5bc0de23f79a02a8d7c1d7741519 c:\windows\system32\dllcache\ntoskrnl.exe

 

2008-04-13 19:34 1544704 0f884302612083417931cc9d64eb930a c:\windows\explorer.exe

2008-04-13 19:34 1571328 68536f1b366f990f9094ce6ed64dec41 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

2008-04-13 19:34 1571328 68536f1b366f990f9094ce6ed64dec41 c:\windows\NiwradSoft Shell Pack\TempFiles\explorer.exe

2008-04-13 19:34 1544704 0f884302612083417931cc9d64eb930a c:\windows\ServicePackFiles\i386\explorer.exe

2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\backup\explorer.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_17.46.02.45 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-02 18:02:33 65,536 ----a-r c:\windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe

+ 2009-03-02 18:04:01 25,214 ----a-r c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\ARPPRODUCTICON.exe

+ 2009-03-02 18:04:01 25,214 ----a-r c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\hpqSSupply.exe

+ 2009-03-02 18:05:16 25,214 ----a-r c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\ARPPRODUCTICON.exe

+ 2009-03-02 18:05:16 25,214 ----a-r c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\NewShortcut1_8389382B53BA4A87885491E3D80A5AC7.exe

+ 2009-03-02 18:05:16 25,214 ----a-r c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\NewShortcut2_8389382B53BA4A87885491E3D80A5AC7.exe

+ 2009-03-02 18:04:34 65,536 ----a-r c:\windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\ARPPRODUCTICON.exe

+ 2009-03-02 18:04:34 689,720 ----a-r c:\windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe

+ 2009-03-02 18:05:08 25,214 ----a-r c:\windows\Installer\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}\ARPPRODUCTICON.exe

+ 2007-04-23 19:11:18 287,256 ----a-r c:\windows\system32\AbaleZip.dll

+ 2003-03-18 18:05:50 89,088 ----a-w c:\windows\system32\atl71.dll

+ 2007-03-11 20:24:52 1,645,320 ----a-w c:\windows\system32\gdiplus.dll

+ 2007-03-11 20:24:50 190,072 ----a-w c:\windows\system32\Macromed\Flash\FlashUtil9b.exe

+ 2009-03-02 20:17:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a8.dat

+ 2007-03-11 20:32:42 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll

+ 2007-03-11 20:32:42 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll

+ 2007-03-11 20:32:42 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll

+ 2007-03-11 20:32:42 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll

+ 2007-03-11 20:32:42 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll

+ 2007-03-11 20:32:42 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll

+ 2007-03-11 20:32:42 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll

+ 2007-03-11 20:32:42 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll

+ 2007-03-11 20:32:42 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-24 151597]

"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

 

c:\documents and settings\erdt\Menu D‚marrer\Programmes\D‚marrage\

Teamspeak RC2.lnk - c:\program files\Teamspeak2_RC2\TeamSpeak.exe [2003-08-29 1436160]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms EU\\NMService.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"e:\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8080:TCP"= 8080:TCP:accès au serveur web

"8085:TCP"= 8085:TCP:Royaume 1

"8084:TCP"= 8084:TCP:Royaume 2

"80:TCP"= 80:TCP:O

"3306:TCP"= 3306:TCP:connexion à la db de mangos

"3427:TCP"= 3427:TCP:PO

"3724:TCP"= 3724:TCP:connexion à la base Realmd

"3306:UDP"= 3306:UDP:tnw

"8767:TCP"= 8767:TCP:ts

"8767:UDP"= 8767:UDP:tS

"3784:TCP"= 3784:TCP:ca

"3784:UDP"= 3784:UDP:combatarms

 

R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [2009-01-24 49232]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [2008-01-25 149352]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [2009-01-24 139264]

R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [1980-01-01 68224]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]

R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2009-01-24 164864]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-03-02 c:\windows\Tasks\HDReg.job

- c:\apps\HDReg\HDRegRem.exe [2002-10-02 11:57]

 

2009-03-02 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - erdt.job

- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

 

2009-01-24 c:\windows\Tasks\Rappel d'enregistrement 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:34]

 

2009-01-24 c:\windows\Tasks\Rappel d'enregistrement 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:34]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-02 21:19:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1504)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1572)

c:\windows\system32\SETUPAPI.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\notepad.exe

.

**************************************************************************

.

Heure de fin: 2009-03-02 21:27:14 - La machine a redémarré [erdt]

ComboFix-quarantined-files.txt 2009-03-02 20:27:08

ComboFix2.txt 2009-03-02 16:47:59

 

Avant-CF: 28,622,307,328 octets libres

Après-CF: 29,207,154,688 octets libres

 

452 --- E O F --- 2009-02-25 20:27:49

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...