virus win32 cryptor [résolu]

[fleafly]

Bonjour à tous,

suite à une inactivation involontaire de mon anti-virus (AVG), mon ordinateur est infecté par le virus win32 cryptor (décelé par ce même AVG).

Depuis qqes jours, ma connexion internet ne dure que quelques minutes avant de planter et la restauration système est impossible. De plus, j'ai de nombreux plantages au démarrage.

Que faire pour me débarrasser de ce virus et retrouver un ordi fonctionnel?

Je n'ai pas de grandes connaissances en informatique, votre aide me sera donc précieuse.

D'avance, merci!

[Falkra]

Bonsoir, bienvenue sur la section sécurité de zebulon.

 

Messages : 1

Si jamais tu as besoin de quelques infos ou dun peu d'aide pour retrouver tes posts :

• Comment participer à un forum
  
• Retrouver ses messages
  

 

 

Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests. Voici comment démarrer.

Poste un rapport HijackThis dans ta prochaine réponse stp.

 

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

 

Double-clique sur l'icône HijackThis :

 

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

 

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.

[fleafly]

merci beaucoup pour la rapidité de votre réponse

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:11:18, on 13/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\MSN\MSNCoreFiles\msn6.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Documents and Settings\BRICE\Mes documents\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_2_0.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUplo...geUploader3.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

 

--

End of file - 7779 bytes

 

j'attends la suite des événements...

[Falkra]

On ne voit aucune infection active dans le rapport.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : Si MBAM te demande à redémarrer, fais-le.

[fleafly]

ça se complique...

L'installation de MBAM a d'abord échoué au cours de la finalisation puis, après désinstallation et de nombreux essais, échoue au cours de l'extraction des fichiers. Impossible d'installer ce logiciel...

Que puis-je faire?

[Falkra]

Cela donne un indice supplémentaire.

 

Abandonne pour MBAM provisoirement, on s'en occupera plus tard.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[fleafly]

voilà, voilà...

 

ComboFix 09-04-14.09 - BRICE 14/04/2009 18:48.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.503.208 [GMT 2:00]

Lancé depuis: c:\documents and settings\BRICE\Bureau\pouet.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FW: ZoneAlarm Firewall *enabled*

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\\setup.exe

c:\windows\emMON.exe

c:\windows\system32\drivers\UACptkyprqx.sys

c:\windows\system32\UACaothjqlo.dll

c:\windows\system32\UACfammqujb.log

c:\windows\system32\UACfjpkexte.db

c:\windows\system32\uacinit.dll

c:\windows\system32\UACloanstaw.log

c:\windows\system32\UAClqeeajgi.log

c:\windows\system32\UACnbsmkamq.dll

c:\windows\system32\UACplvreecb.dll

c:\windows\system32\UACrxkavfvm.dll

c:\windows\system32\UACvxvgubxy.dll

c:\windows\system32\UACwtiqqfth.dat

c:\windows\system32\UACyqqkmpqb.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_UACd.sys

-------\Legacy_FAD

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-14 16:19 . 2009-04-14 16:23 687104 ----a-w c:\windows\isRS-000.tmp

2009-04-14 16:19 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-14 16:19 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-14 16:14 . 2009-04-14 16:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-10 06:52 . 2009-04-10 06:52 0 ----a-w c:\windows\system32\uactmp.db

2009-04-03 17:19 . 2009-04-03 17:19 -------- d-sh--w c:\documents and settings\BRICE\IECompatCache

2009-03-27 20:46 . 2009-03-27 20:46 -------- d-sh--w c:\documents and settings\BRICE\PrivacIE

2009-03-27 16:52 . 2009-03-27 16:52 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache

2009-03-27 16:51 . 2009-03-27 16:51 -------- d-sh--w c:\documents and settings\BRICE\IETldCache

2009-03-27 16:48 . 2009-03-27 16:48 -------- d--h--w c:\windows\msdownld.tmp

2009-03-27 16:48 . 2009-03-27 16:48 -------- d-----w c:\windows\ie8updates

2009-03-27 16:43 . 2009-03-27 16:46 -------- dc-h--w c:\windows\ie8

2009-03-27 16:39 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

2009-03-23 23:23 . 2009-03-23 23:23 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com

2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\drivers\b57xp32.sys

2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\dllcache\b57xp32.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-14 17:01 . 2007-08-07 17:22 28278816 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-14 17:01 . 2007-08-07 17:22 28278816 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-14 16:58 . 2007-08-07 17:22 332228 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-14 16:27 . 2009-04-14 15:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-14 15:51 . 2007-10-03 18:09 32423435 ----a-w c:\windows\Internet Logs\tvDebug.zip

2009-04-13 21:05 . 2008-04-10 17:42 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-04-10 22:55 . 2007-08-07 17:10 -------- d-----w c:\program files\SpywareBlaster

2009-04-10 22:50 . 2009-04-10 22:50 3190688 ----a-w c:\program files\ccsetup218.exe

2009-04-10 22:35 . 2008-06-05 21:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-04-10 22:33 . 2008-06-05 21:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-04-10 22:33 . 2008-06-05 21:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-10 22:33 . 2008-06-05 21:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-04-10 22:30 . 2009-04-10 22:28 63752952 ----a-w c:\program files\avg_free_stf_en_85_287a1483.exe

2009-04-10 07:04 . 2006-04-11 00:10 98304 ----a-w c:\windows\DUMP4882.tmp

2009-04-09 14:34 . 2009-04-09 14:34 305664 ----a-w c:\program files\Xtremsplit.exe

2009-04-09 14:13 . 2006-12-12 14:33 -------- d-----w c:\program files\eMule

2009-04-09 14:10 . 2007-06-07 19:12 -------- d-----w c:\documents and settings\BRICE\Application Data\utorrent

2009-04-09 12:46 . 2009-04-05 20:45 3342809 ----a-w c:\program files\eMule0.49c-Installer.exe

2009-04-09 10:44 . 2006-11-11 15:55 -------- d-----w c:\program files\DivX

2009-04-09 10:44 . 2009-04-09 10:44 -------- d-----w c:\program files\Fichiers communs\DivX Shared

2009-04-07 16:52 . 2007-06-17 20:21 -------- d-----w c:\program files\Fichiers communs\Ahead

2009-04-07 16:48 . 2006-04-11 00:25 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-29 10:30 . 2004-08-20 09:24 90300 ----a-w c:\windows\system32\perfc00C.dat

2009-03-29 10:30 . 2004-08-20 09:24 499892 ----a-w c:\windows\system32\perfh00C.dat

2009-03-27 17:25 . 2009-03-27 17:25 373025 ----a-w c:\program files\44fr712a.cab

2009-03-27 17:09 . 2006-04-11 00:25 -------- d-----w c:\program files\Dell

2009-03-27 16:02 . 2006-04-11 00:26 -------- d-----w c:\program files\Broadcom

2009-03-27 15:33 . 2009-03-27 15:29 6841280 ----a-w c:\program files\R85255.EXE

2009-03-26 10:18 . 2009-01-25 20:30 -------- d-----w c:\program files\Fichiers communs\Adobe AIR

2009-03-25 22:37 . 2008-11-09 09:38 -------- d-----w c:\documents and settings\BRICE\Application Data\dvdcss

2009-03-23 23:24 . 2009-03-23 23:23 -------- d-----w c:\program files\ma-config.com

2009-03-23 19:09 . 2009-03-23 19:09 -------- d-----w c:\program files\Microsoft Silverlight

2009-03-23 12:46 . 2009-03-23 07:10 -------- d-----w c:\program files\WinXP

2009-03-23 12:45 . 2009-03-23 12:45 40016 ----a-w c:\program files\winxp_amd_x86_64-4.60.zip

2009-03-23 07:09 . 2009-03-23 07:09 35041 ----a-w c:\program files\winxp_32-4.60.zip

2009-03-14 09:27 . 2009-03-14 10:38 2649088 ----a-w c:\windows\Internet Logs\xDB22.tmp

2009-03-08 13:09 . 2006-11-07 02:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll

2009-03-08 13:09 . 2006-10-17 11:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe

2009-03-08 03:41 . 2006-09-14 08:38 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll

2009-03-08 03:39 . 2007-05-11 20:45 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll

2009-03-08 03:34 . 2006-09-14 08:38 914944 ----a-w c:\windows\system32\dllcache\wininet.dll

2009-03-08 03:34 . 2004-08-20 09:24 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 03:34 . 2006-09-14 08:38 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll

2009-03-08 03:34 . 2006-11-07 20:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll

2009-03-08 03:34 . 2006-10-17 11:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll

2009-03-08 03:34 . 2004-08-20 09:23 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 03:34 . 2006-10-17 11:05 105984 ----a-w c:\windows\system32\dllcache\url.dll

2009-03-08 03:34 . 2006-10-17 11:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll

2009-03-08 03:34 . 2006-09-14 08:38 193536 ----a-w c:\windows\system32\dllcache\msrating.dll

2009-03-08 03:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll

2009-03-08 03:33 . 2009-03-08 03:33 18944 ------w c:\windows\system32\dllcache\corpol.dll

2009-03-08 03:33 . 2004-08-20 09:23 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 03:33 . 2006-09-14 08:38 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll

2009-03-08 03:33 . 2008-05-09 10:55 726528 ----a-w c:\windows\system32\dllcache\jscript.dll

2009-03-08 03:33 . 2006-11-07 02:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll

2009-03-08 03:33 . 2008-05-09 10:55 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll

2009-03-08 03:33 . 2004-08-20 09:24 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 03:33 . 2006-11-07 02:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll

2009-03-08 03:32 . 2006-11-07 02:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll

2009-03-08 03:32 . 2004-08-20 09:23 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 03:32 . 2006-11-07 02:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2009-03-08 03:32 . 2006-11-07 02:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll

2009-03-08 03:32 . 2006-11-07 02:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll

2009-03-08 03:32 . 2006-11-07 02:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll

2009-03-08 03:32 . 2004-08-20 09:23 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 03:32 . 2006-11-07 02:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll

2009-03-08 03:32 . 2006-09-14 08:38 94720 ----a-w c:\windows\system32\dllcache\inseng.dll

2009-03-08 03:32 . 2007-05-11 20:45 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll

2009-03-08 03:32 . 2007-05-11 20:45 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll

2009-03-08 03:32 . 2006-09-14 08:38 611840 ----a-w c:\windows\system32\dllcache\mstime.dll

2009-03-08 03:24 . 2006-10-17 10:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll

2009-03-08 03:22 . 2006-11-07 20:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll

2009-03-08 03:22 . 2004-08-20 09:23 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-08 03:11 . 2007-05-11 20:45 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll

2009-03-03 16:00 . 2009-03-03 16:00 20882215 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_16_53_46_full.dmp.zip

2009-03-02 16:17 . 2009-03-02 16:19 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-02 16:17 . 2006-04-11 00:22 -------- d-----w c:\program files\Java

2009-02-17 21:51 . 2007-12-09 18:54 -------- d-----w c:\documents and settings\BRICE\Application Data\Skype

2009-02-17 21:17 . 2007-12-09 18:56 -------- d-----w c:\documents and settings\BRICE\Application Data\skypePM

2009-02-09 14:05 . 2008-10-16 10:03 1846912 ------w c:\windows\system32\dllcache\win32k.sys

2009-02-09 14:05 . 2004-08-20 09:24 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-07 10:03 . 2009-02-07 10:03 6598232 ----a-w c:\program files\Juice22Setup.exe

2009-02-06 20:07 . 2007-05-11 20:45 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat

2009-02-05 11:06 . 2009-02-05 11:06 2223653 ----a-w c:\program files\mpc2kxp6490.zip

2009-02-05 10:42 . 2009-02-05 10:42 16320472 ----a-w c:\program files\vlc-0.9.8a-win32.exe

2008-12-30 17:06 . 2008-12-30 17:06 3165824 ----a-w c:\program files\ccsetup215.exe

2008-12-02 16:53 . 2008-09-30 21:15 42609040 ----a-w c:\program files\zlsSetup_70_462_000_fr.exe

2008-11-29 12:08 . 2008-11-29 11:34 54784 -c--a-w c:\program files\SOLDE_LISTE_GUERINOT_-_HOUDELET_27_11_2008.xls

2008-11-28 22:31 . 2008-11-28 22:31 27288880 ----a-w c:\program files\QuickTimeInstaller.exe

2008-11-11 10:53 . 2008-11-11 10:52 2955128 ----a-w c:\program files\ccsetup213.exe

2008-10-17 23:41 . 2008-10-17 23:41 2869536 ----a-w c:\program files\spywareblastersetup41.exe

2008-10-17 23:30 . 2008-10-17 23:30 2934168 ----a-w c:\program files\ccsetup212.exe

2008-09-12 20:11 . 2006-04-16 08:13 95264 -c--a-w c:\documents and settings\VALERIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-09-11 09:09 . 2008-09-11 09:09 828592 ----a-w c:\program files\mp3splitterjoiner_pro.exe

2008-09-09 22:19 . 2008-09-09 22:15 60851834 ----a-w c:\program files\MediaStudio5.zip

2008-09-01 05:45 . 2006-06-23 09:20 95264 ----a-w c:\documents and settings\BRICE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-08-27 22:30 . 2008-08-27 22:25 61832392 ----a-w c:\program files\MediaStudio5_5212.exe

2008-08-10 18:56 . 2008-08-10 18:56 20594000 ----a-w c:\program files\msnsetup_full.exe

2008-08-06 16:15 . 2008-08-06 16:15 1495112 ----a-w c:\program files\install_flash_player.exe

2008-08-03 19:35 . 2008-08-03 19:35 3231826 ----a-w c:\program files\eMule0.49b-Installer1.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-04-10 22:33 10520 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk

backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 21:16 39792 ----a-w c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2005-10-07 05:13 176128 ----a-r c:\program files\Apoint\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2008-07-10 07:47 116040 -c--a-w c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

2005-02-28 09:53 53248 ----a-r c:\windows\VM_STI.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]

2009-02-05 12:53 106040 ----a-w c:\program files\Canal\Canal Widget\Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:33 15360 ----a-w c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-12-15 09:44 839680 ----a-w c:\program files\Dell\QuickSet\quickset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-11-01 02:12 94208 ----a-w c:\program files\Dell\Media Experience\DMXLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

2006-11-08 09:22 696320 ----a-w c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2006-11-08 09:28 802816 ----a-w c:\program files\Intel\Wireless\bin\ZCfgSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 02:56 218032 ----a-w c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-09-11 02:56 218032 ----a-w c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-09-11 02:56 86960 ----a-w c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-07-10 08:51 289064 -c--a-w c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 14:09 413696 ----a-w c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-04-11 00:30 26112 ----a-w c:\program files\Real\RealPlayer\realplay.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]

2007-12-14 15:19 132624 ------w c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-02 16:17 136600 ----a-w c:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\utorrent\\utorrent.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

"c:\\WINDOWS\\system32\\muzapp.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

 

R4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-02-05 61440]

R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70eb7bd3-962e-11dd-b08a-00038a000015}]

\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2006-04-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 02:34]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml

Notify-WgaLogon - (no file)

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

 

 

.

------- Examen supplémentaire -------

.

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-14 19:01

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,45,45,93,5d,37,

3c,15,09,e2,63,26,f1,3f,c8,ff,68,69,b2,89,05,b8,ca,70,c3,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,92,28,97,92,

57,fe,ca,6a,9c,d6,61,af,45,84,18,24,4e,1d,a6,42,8b,0a,b9,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,6d,6e,a8,49,5f,

40,ec,66,ff,7c,85,e0,43,d4,0e,fe,97,4f,62,5a,98,f9,6f,b8,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,fa,be,54,a3,ba,

ce,82,76,86,8c,21,01,be,91,eb,e7,d7,a6,8e,36,80,e2,17,bd,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c8,40,86,e9,ff,

65,c7,14,f5,1d,4d,73,a8,13,5c,05,de,ff,ac,58,62,0d,6b,c1,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ea,fa,3d,5d,e3,

26,7a,ba,df,20,58,62,78,6b,cf,c8,24,1c,f4,5f,3e,28,5f,06,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,38,b9,8a,ea,e2,

f9,c2,df,fb,a7,78,e6,12,2f,9a,ea,ab,3b,69,b1,af,87,ef,ab,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1b,26,ed,88,46,

02,7b,46,01,3a,48,fc,e8,04,4a,f1,8b,2b,53,99,b3,35,46,ba,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d9,76,1c,69,76,

94,1f,f6,f6,0f,4e,58,98,5b,89,c9,43,4d,39,5c,e3,73,01,48,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,12,5e,c9,77,5e,

2f,e1,16,3d,ce,ea,26,2d,45,aa,78,58,1e,43,0d,64,0f,f7,f1,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,43,37,98,ec,4d,

a2,7a,f9,2a,b7,cc,b5,b9,7f,41,e7,67,0e,6f,46,9c,8e,6d,36,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d4,c1,b2,35,60,

c5,1b,74,6c,43,2d,1e,aa,22,2f,9c,e3,d8,c3,62,9c,f1,d1,f2,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(1024)

c:\windows\system32\ieframe.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

.

**************************************************************************

.

Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by

ComboFix-quarantined-files.txt 2009-04-14 17:06

 

Avant-CF: 9 161 535 488 octets libres

Après-CF: 9 207 709 696 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

363 --- E O F --- 2009-03-28 18:18

 

Bonne lecture!

[Falkra]

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

• Télécharge le fichier CFscript.txt depuis ce site :
  http://senduit.com/03feb1
   
  
• Place-le sur le bureau, près de l'icône de combofix.
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[fleafly]

voici la suite:

 

ComboFix 09-04-14.09 - BRICE 14/04/2009 21:06.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.503.204 [GMT 2:00]

Lancé depuis: c:\documents and settings\BRICE\Bureau\pouet.exe

Commutateurs utilisés :: c:\documents and settings\BRICE\Bureau\CFscript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FW: ZoneAlarm Firewall *enabled*

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\system32\uactmp.db

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\uactmp.db

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-14 19:02 . 2006-03-02 22:42 73728 ----a-w C:\pv.exe

2009-04-14 18:46 . 2009-04-14 18:54 1374 ----a-w c:\windows\imsins.BAK

2009-04-14 17:33 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-14 17:33 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-14 17:33 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-14 17:33 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-14 17:33 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-14 17:33 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-14 17:33 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-14 17:33 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-14 17:32 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-14 17:32 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll

2009-04-14 17:32 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-14 16:19 . 2009-04-14 16:23 687104 ----a-w c:\windows\isRS-000.tmp

2009-04-14 16:19 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-14 16:19 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-14 16:14 . 2009-04-14 16:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-03 17:19 . 2009-04-03 17:19 -------- d-sh--w c:\documents and settings\BRICE\IECompatCache

2009-03-27 20:46 . 2009-03-27 20:46 -------- d-sh--w c:\documents and settings\BRICE\PrivacIE

2009-03-27 16:52 . 2009-03-27 16:52 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache

2009-03-27 16:51 . 2009-03-27 16:51 -------- d-sh--w c:\documents and settings\BRICE\IETldCache

2009-03-27 16:48 . 2009-03-27 16:48 -------- d--h--w c:\windows\msdownld.tmp

2009-03-27 16:48 . 2009-03-27 16:48 -------- d-----w c:\windows\ie8updates

2009-03-27 16:43 . 2009-03-27 16:46 -------- dc-h--w c:\windows\ie8

2009-03-27 16:39 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

2009-03-23 23:23 . 2009-03-23 23:23 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com

2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\drivers\b57xp32.sys

2009-03-23 22:50 . 2001-08-23 16:00 97248 ----a-w c:\windows\system32\dllcache\b57xp32.sys

2009-03-21 14:07 . 2009-03-21 14:07 1054720 ------w c:\windows\system32\dllcache\kernel32.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-14 19:18 . 2007-08-07 17:22 28612640 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-14 19:18 . 2007-08-07 17:22 28612640 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-14 19:15 . 2007-08-07 17:22 336164 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-14 19:01 . 2004-08-20 09:24 90300 ----a-w c:\windows\system32\perfc00C.dat

2009-04-14 19:01 . 2004-08-20 09:24 499892 ----a-w c:\windows\system32\perfh00C.dat

2009-04-14 18:57 . 2007-10-03 18:09 33258205 ----a-w c:\windows\Internet Logs\tvDebug.zip

2009-04-14 16:27 . 2009-04-14 15:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-13 21:05 . 2008-04-10 17:42 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-04-10 22:55 . 2007-08-07 17:10 -------- d-----w c:\program files\SpywareBlaster

2009-04-10 22:50 . 2009-04-10 22:50 3190688 ----a-w c:\program files\ccsetup218.exe

2009-04-10 22:35 . 2008-06-05 21:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-04-10 22:33 . 2008-06-05 21:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-04-10 22:33 . 2008-06-05 21:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-10 22:33 . 2008-06-05 21:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-04-10 22:30 . 2009-04-10 22:28 63752952 ----a-w c:\program files\avg_free_stf_en_85_287a1483.exe

2009-04-10 07:04 . 2006-04-11 00:10 98304 ----a-w c:\windows\DUMP4882.tmp

2009-04-09 14:34 . 2009-04-09 14:34 305664 ----a-w c:\program files\Xtremsplit.exe

2009-04-09 14:13 . 2006-12-12 14:33 -------- d-----w c:\program files\eMule

2009-04-09 14:10 . 2007-06-07 19:12 -------- d-----w c:\documents and settings\BRICE\Application Data\utorrent

2009-04-09 12:46 . 2009-04-05 20:45 3342809 ----a-w c:\program files\eMule0.49c-Installer.exe

2009-04-09 10:44 . 2006-11-11 15:55 -------- d-----w c:\program files\DivX

2009-04-09 10:44 . 2009-04-09 10:44 -------- d-----w c:\program files\Fichiers communs\DivX Shared

2009-04-07 16:52 . 2007-06-17 20:21 -------- d-----w c:\program files\Fichiers communs\Ahead

2009-04-07 16:48 . 2006-04-11 00:25 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-27 17:25 . 2009-03-27 17:25 373025 ----a-w c:\program files\44fr712a.cab

2009-03-27 17:09 . 2006-04-11 00:25 -------- d-----w c:\program files\Dell

2009-03-27 16:02 . 2006-04-11 00:26 -------- d-----w c:\program files\Broadcom

2009-03-27 15:33 . 2009-03-27 15:29 6841280 ----a-w c:\program files\R85255.EXE

2009-03-26 10:18 . 2009-01-25 20:30 -------- d-----w c:\program files\Fichiers communs\Adobe AIR

2009-03-25 22:37 . 2008-11-09 09:38 -------- d-----w c:\documents and settings\BRICE\Application Data\dvdcss

2009-03-23 23:24 . 2009-03-23 23:23 -------- d-----w c:\program files\ma-config.com

2009-03-23 19:09 . 2009-03-23 19:09 -------- d-----w c:\program files\Microsoft Silverlight

2009-03-23 12:46 . 2009-03-23 07:10 -------- d-----w c:\program files\WinXP

2009-03-23 12:45 . 2009-03-23 12:45 40016 ----a-w c:\program files\winxp_amd_x86_64-4.60.zip

2009-03-23 07:09 . 2009-03-23 07:09 35041 ----a-w c:\program files\winxp_32-4.60.zip

2009-03-14 09:27 . 2009-03-14 10:38 2649088 ----a-w c:\windows\Internet Logs\xDB22.tmp

2009-03-08 13:09 . 2006-11-07 02:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll

2009-03-08 13:09 . 2006-10-17 11:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe

2009-03-08 03:41 . 2006-09-14 08:38 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll

2009-03-08 03:39 . 2007-05-11 20:45 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll

2009-03-08 03:34 . 2006-09-14 08:38 914944 ----a-w c:\windows\system32\dllcache\wininet.dll

2009-03-08 03:34 . 2004-08-20 09:24 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 03:34 . 2006-09-14 08:38 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll

2009-03-08 03:34 . 2006-11-07 20:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll

2009-03-08 03:34 . 2006-10-17 11:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll

2009-03-08 03:34 . 2004-08-20 09:23 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 03:34 . 2006-10-17 11:05 105984 ----a-w c:\windows\system32\dllcache\url.dll

2009-03-08 03:34 . 2006-10-17 11:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll

2009-03-08 03:34 . 2006-09-14 08:38 193536 ----a-w c:\windows\system32\dllcache\msrating.dll

2009-03-08 03:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll

2009-03-08 03:33 . 2009-03-08 03:33 18944 ------w c:\windows\system32\dllcache\corpol.dll

2009-03-08 03:33 . 2004-08-20 09:23 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 03:33 . 2006-09-14 08:38 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll

2009-03-08 03:33 . 2008-05-09 10:55 726528 ----a-w c:\windows\system32\dllcache\jscript.dll

2009-03-08 03:33 . 2006-11-07 02:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll

2009-03-08 03:33 . 2008-05-09 10:55 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll

2009-03-08 03:33 . 2004-08-20 09:24 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 03:33 . 2006-11-07 02:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll

2009-03-08 03:32 . 2006-11-07 02:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll

2009-03-08 03:32 . 2004-08-20 09:23 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 03:32 . 2006-11-07 02:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2009-03-08 03:32 . 2006-11-07 02:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll

2009-03-08 03:32 . 2006-11-07 02:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll

2009-03-08 03:32 . 2006-11-07 02:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll

2009-03-08 03:32 . 2004-08-20 09:23 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 03:32 . 2006-11-07 02:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll

2009-03-08 03:32 . 2006-09-14 08:38 94720 ----a-w c:\windows\system32\dllcache\inseng.dll

2009-03-08 03:32 . 2007-05-11 20:45 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll

2009-03-08 03:32 . 2007-05-11 20:45 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll

2009-03-08 03:32 . 2006-09-14 08:38 611840 ----a-w c:\windows\system32\dllcache\mstime.dll

2009-03-08 03:24 . 2006-10-17 10:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll

2009-03-08 03:22 . 2006-11-07 20:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll

2009-03-08 03:22 . 2004-08-20 09:23 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-08 03:11 . 2007-05-11 20:45 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll

2009-03-06 14:20 . 2004-08-20 09:24 286720 ----a-w c:\windows\system32\pdh.dll

2009-03-03 16:00 . 2009-03-03 16:00 20882215 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_16_53_46_full.dmp.zip

2009-03-02 16:17 . 2009-03-02 16:19 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-02 16:17 . 2006-04-11 00:22 -------- d-----w c:\program files\Java

2009-02-17 21:51 . 2007-12-09 18:54 -------- d-----w c:\documents and settings\BRICE\Application Data\Skype

2009-02-17 21:17 . 2007-12-09 18:56 -------- d-----w c:\documents and settings\BRICE\Application Data\skypePM

2009-02-10 17:06 . 2008-10-16 10:03 2068096 ------w c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-10 17:06 . 2004-08-03 23:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:05 . 2008-10-16 10:03 1846912 ------w c:\windows\system32\dllcache\win32k.sys

2009-02-09 14:05 . 2004-08-20 09:24 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:24 . 2008-10-16 10:03 2191104 ------w c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-09 11:24 . 2004-08-20 09:23 2191104 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:23 . 2008-10-16 10:03 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-09 11:23 . 2008-10-16 10:03 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-09 11:23 . 2004-08-20 09:24 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-20 09:23 735744 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-20 09:24 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2004-08-20 09:23 739840 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:53 . 2004-08-20 09:23 685568 ----a-w c:\windows\system32\advapi32.dll

2009-02-07 10:03 . 2009-02-07 10:03 6598232 ----a-w c:\program files\Juice22Setup.exe

2009-02-06 20:07 . 2007-05-11 20:45 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat

2009-02-06 10:39 . 2004-08-20 09:24 35328 ----a-w c:\windows\system32\sc.exe

2009-02-06 10:39 . 2004-08-20 09:24 35328 ----a-w c:\windows\system32\dllcache\sc.exe

2009-02-05 11:06 . 2009-02-05 11:06 2223653 ----a-w c:\program files\mpc2kxp6490.zip

2009-02-05 10:42 . 2009-02-05 10:42 16320472 ----a-w c:\program files\vlc-0.9.8a-win32.exe

2009-02-03 19:58 . 2009-02-03 19:58 56832 ------w c:\windows\system32\dllcache\secur32.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-14_17.01.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-20 09:24 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll

+ 2004-08-20 09:24 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe

+ 2004-08-20 09:24 . 2009-04-14 19:01 90300 c:\windows\system32\perfc00C.dat

- 2004-08-20 09:24 . 2009-03-29 10:30 90300 c:\windows\system32\perfc00C.dat

+ 2004-08-20 09:24 . 2009-04-14 19:01 73186 c:\windows\system32\perfc009.dat

- 2004-08-20 09:24 . 2009-03-29 10:30 73186 c:\windows\system32\perfc009.dat

- 2004-08-20 09:34 . 2008-04-14 02:33 91648 c:\windows\system32\mtxoci.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll

- 2004-08-20 09:23 . 2008-04-14 02:33 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-20 09:23 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 58880 c:\windows\system32\msdtclog.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll

+ 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2004-08-20 09:24 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe

+ 2004-08-20 09:34 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2006-04-11 00:29 . 2009-04-14 18:48 23040 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-04-11 00:29 . 2009-03-28 18:18 23040 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-04-11 00:29 . 2009-03-28 18:17 61440 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 61440 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 27136 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2006-04-11 00:29 . 2009-03-28 18:18 27136 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 11264 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2006-04-11 00:29 . 2009-03-28 18:18 11264 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2006-04-11 00:29 . 2009-03-28 18:18 12288 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 12288 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-05-05 05:25 . 2008-05-05 05:25 3072 c:\windows\system32\xpsp4res.dll

- 2006-04-11 00:29 . 2009-03-28 18:18 4096 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 4096 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2004-08-20 09:24 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll

- 2004-08-20 09:24 . 2008-04-14 02:33 354304 c:\windows\system32\winhttp.dll

+ 2004-08-20 09:34 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2004-08-20 09:34 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2004-08-20 09:34 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll

+ 2004-08-20 09:24 . 2009-02-09 11:23 111104 c:\windows\system32\services.exe

+ 2004-08-20 09:24 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll

- 2004-08-20 09:24 . 2009-03-29 10:30 499892 c:\windows\system32\perfh00C.dat

+ 2004-08-20 09:24 . 2009-04-14 19:01 499892 c:\windows\system32\perfh00C.dat

- 2004-08-20 09:24 . 2009-03-29 10:30 427118 c:\windows\system32\perfh009.dat

+ 2004-08-20 09:24 . 2009-04-14 19:01 427118 c:\windows\system32\perfh009.dat

+ 2004-08-20 09:24 . 2009-03-06 14:20 286720 c:\windows\system32\pdh.dll

- 2004-08-20 09:24 . 2008-04-14 02:33 286720 c:\windows\system32\pdh.dll

+ 2004-08-20 09:23 . 2009-02-09 10:53 739840 c:\windows\system32\ntdll.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 161792 c:\windows\system32\msdtcuiu.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 956928 c:\windows\system32\msdtctm.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll

+ 2004-08-20 09:23 . 2009-02-09 10:53 735744 c:\windows\system32\lsasrv.dll

+ 2009-04-14 17:32 . 2008-04-21 21:15 219136 c:\windows\system32\dllcache\wordpad.exe

+ 2009-04-14 17:33 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2009-04-14 17:33 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll

+ 2009-04-14 17:32 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll

+ 2009-04-14 17:33 . 2009-02-09 11:23 111104 c:\windows\system32\dllcache\services.exe

+ 2009-04-14 17:33 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll

+ 2009-04-14 17:33 . 2009-03-06 14:20 286720 c:\windows\system32\dllcache\pdh.dll

+ 2009-04-14 17:32 . 2009-02-09 10:53 739840 c:\windows\system32\dllcache\ntdll.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 161792 c:\windows\system32\dllcache\msdtcuiu.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll

- 2004-08-20 09:34 . 2008-04-14 02:33 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2004-08-20 09:34 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll

+ 2009-04-14 17:33 . 2009-02-09 10:53 735744 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-04-14 17:33 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll

+ 2009-04-14 17:33 . 2009-02-09 10:53 685568 c:\windows\system32\dllcache\advapi32.dll

- 2004-08-20 09:23 . 2008-04-14 02:33 685568 c:\windows\system32\advapi32.dll

+ 2004-08-20 09:23 . 2009-02-09 10:53 685568 c:\windows\system32\advapi32.dll

+ 2006-04-11 00:29 . 2009-04-14 18:48 409600 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2006-04-11 00:29 . 2009-03-28 18:17 409600 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2006-04-11 00:29 . 2009-03-28 18:17 286720 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 286720 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2006-04-11 00:29 . 2009-03-28 18:18 249856 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 249856 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2006-04-11 00:29 . 2009-03-28 18:18 794624 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 794624 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-04-11 00:29 . 2009-04-14 18:48 135168 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2006-04-11 00:29 . 2009-03-28 18:17 135168 c:\windows\Installer\{91CA040C-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2004-08-20 09:24 . 2008-12-20 22:14 1294336 c:\windows\system32\quartz.dll

- 2004-08-20 09:24 . 2008-05-07 05:11 1294336 c:\windows\system32\quartz.dll

+ 2004-08-20 09:23 . 2009-02-09 11:24 2191104 c:\windows\system32\ntoskrnl.exe

+ 2004-08-03 23:48 . 2009-02-10 17:06 2068096 c:\windows\system32\ntkrnlpa.exe

- 2004-08-03 23:48 . 2008-08-14 13:23 2068096 c:\windows\system32\ntkrnlpa.exe

+ 2004-08-20 09:23 . 2009-03-21 14:07 1054720 c:\windows\system32\kernel32.dll

- 2004-08-20 09:23 . 2008-04-14 02:33 1054720 c:\windows\system32\kernel32.dll

- 2008-05-07 05:11 . 2008-05-07 05:11 1294336 c:\windows\system32\dllcache\quartz.dll

+ 2008-05-07 05:11 . 2008-12-20 22:14 1294336 c:\windows\system32\dllcache\quartz.dll

+ 2008-10-16 10:03 . 2009-02-09 11:24 2191104 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-16 10:03 . 2009-02-09 11:23 2025984 c:\windows\system32\dllcache\ntkrpamp.exe

- 2008-10-16 10:03 . 2008-08-14 13:23 2025984 c:\windows\system32\dllcache\ntkrpamp.exe

- 2008-10-16 10:03 . 2008-08-14 13:23 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-16 10:03 . 2009-02-10 17:06 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-16 10:03 . 2009-02-09 11:23 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2008-10-16 10:03 . 2008-08-14 13:23 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2009-03-21 14:07 . 2009-03-21 14:07 1054720 c:\windows\system32\dllcache\kernel32.dll

+ 2008-10-16 10:03 . 2009-02-09 11:24 2191104 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2008-10-16 10:03 . 2008-08-14 13:23 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-16 10:03 . 2009-02-09 11:23 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-16 10:03 . 2009-02-10 17:06 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-16 10:03 . 2008-08-14 13:23 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-16 10:03 . 2008-08-14 13:23 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-10-16 10:03 . 2009-02-09 11:23 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2006-12-10 16:48 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe

+ 2007-08-07 17:22 . 2009-04-14 19:18 28612640 c:\windows\system32\drivers\fidbox.dat

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-04-10 22:33 10520 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk

backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\utorrent\\utorrent.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

"c:\\WINDOWS\\system32\\muzapp.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

 

R4 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-02-05 61440]

R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70eb7bd3-962e-11dd-b08a-00038a000015}]

\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2006-04-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 02:34]

.

.

------- Examen supplémentaire -------

.

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-14 21:18

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,45,45,93,5d,37,

3c,15,09,e2,63,26,f1,3f,c8,ff,68,69,b2,89,05,b8,ca,70,c3,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,92,28,97,92,

57,fe,ca,6a,9c,d6,61,af,45,84,18,24,4e,1d,a6,42,8b,0a,b9,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,6d,6e,a8,49,5f,

40,ec,66,ff,7c,85,e0,43,d4,0e,fe,97,4f,62,5a,98,f9,6f,b8,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,fa,be,54,a3,ba,

ce,82,76,86,8c,21,01,be,91,eb,e7,d7,a6,8e,36,80,e2,17,bd,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c8,40,86,e9,ff,

65,c7,14,f5,1d,4d,73,a8,13,5c,05,de,ff,ac,58,62,0d,6b,c1,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ea,fa,3d,5d,e3,

26,7a,ba,df,20,58,62,78,6b,cf,c8,24,1c,f4,5f,3e,28,5f,06,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,38,b9,8a,ea,e2,

f9,c2,df,fb,a7,78,e6,12,2f,9a,ea,ab,3b,69,b1,af,87,ef,ab,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1b,26,ed,88,46,

02,7b,46,01,3a,48,fc,e8,04,4a,f1,8b,2b,53,99,b3,35,46,ba,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d9,76,1c,69,76,

94,1f,f6,f6,0f,4e,58,98,5b,89,c9,43,4d,39,5c,e3,73,01,48,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,12,5e,c9,77,5e,

2f,e1,16,3d,ce,ea,26,2d,45,aa,78,58,1e,43,0d,64,0f,f7,f1,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,43,37,98,ec,4d,

a2,7a,f9,2a,b7,cc,b5,b9,7f,41,e7,67,0e,6f,46,9c,8e,6d,36,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d4,c1,b2,35,60,

c5,1b,74,6c,43,2d,1e,aa,22,2f,9c,e3,d8,c3,62,9c,f1,d1,f2,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(1316)

c:\windows\system32\ieframe.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\program files\AVG\AVG8\avgtray.exe

.

**************************************************************************

.

Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by

ComboFix-quarantined-files.txt 2009-04-14 19:25

ComboFix2.txt 2009-04-14 17:06

 

Avant-CF: 8 917 577 728 octets libres

Après-CF: 8 902 483 968 octets libres

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

423 --- E O F --- 2009-04-14 18:55

 

 

du nouveau?

[Falkra]

Ca doit aller mieux, mais il faut vérifier encore 2-3 trucs.

 

Poste un nouveau rapport HijackThis pour faire le point stp.