Infections diverses -

[Un autre curieux]

ComboFix 09-05-02.4 - Propriétaire 2009-05-02 14:31.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.2.1036.18.1014.270 [GMT -4:00]

Lancé depuis: c:\users\Propriétaire\Desktop\ComboFix.exe

.

ADS - Windows: deleted 48 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ahtn.htm

c:\windows\system32\drivers\ovfsthxgbvqvdfp.sys

c:\windows\system32\lmppcsetup.exe

c:\windows\system32\loader49.exe

c:\windows\system32\ovfsthxcxsidibd.dat

c:\windows\system32\ovfsthxsmubcdxi.dll

c:\windows\system32\ovfsthxsoyeeqhu.dll

c:\windows\system32\ovfsthxtvcrqtxq.dat

c:\windows\system32\ovfsthxvsbtxqmt.dll

c:\windows\system32\p2hhr.bat

c:\windows\system32\winglsetup.exe

c:\windows\system32\x64

c:\windows\system32\yhs783ijfo3fe.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-02 au 2009-05-02 ))))))))))))))))))))))))))))))))))))

.

 

2009-05-02 15:39 . 2009-05-02 17:22 -------- d-----w C:\ToolBar SD

2009-05-02 00:14 . 2009-05-02 00:14 -------- d-----w c:\program files\Trend Micro

2009-05-01 23:22 . 2009-05-01 23:35 227 ----a-w c:\windows\PowerReg.dat

2009-05-01 23:22 . 1999-05-29 08:08 45568 ----a-w c:\windows\UniFish3.exe

2009-05-01 23:21 . 2009-05-01 23:21 -------- d-----w c:\program files\Hasbro Interactive

2009-04-28 10:20 . 2009-04-28 10:20 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Local\Mozilla

2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games

2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Links

2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Downloads

2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Searches

2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Pictures

2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Videos

2009-04-26 18:34 . 2009-04-26 18:34 -------- d-----w C:\VundoFix Backups

2009-04-26 17:25 . 2009-04-26 17:25 -------- d-----w c:\windows\system32\nt update

2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\program files\RapidSolution

2009-04-26 17:24 . 2009-04-28 09:53 -------- d-----w c:\programdata\RapidSolution

2009-04-26 17:24 . 2009-04-28 09:53 -------- d-----w c:\users\All Users\RapidSolution

2009-04-26 17:21 . 2009-04-26 17:21 -------- d-sh--w c:\program files\Common Files\UPDATED

2009-04-26 17:20 . 2009-04-26 17:25 -------- d-----w c:\program files\Common Files\Microsoft Update Engine

2009-04-17 22:59 . 2009-04-17 22:59 -------- d-----w c:\program files\Sun

2009-04-17 22:02 . 2009-04-18 02:47 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-15 17:38 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll

2009-04-15 17:38 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-04-15 17:38 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-02 18:35 . 2007-09-04 00:59 416 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{980DD9E3-FF3D-4B95-8EB1-7086EE5CD91C}.job

2009-05-02 18:33 . 2007-05-07 14:39 669566 ----a-w c:\windows\system32\perfh00C.dat

2009-05-02 18:33 . 2007-05-07 14:39 123556 ----a-w c:\windows\system32\perfc00C.dat

2009-05-02 18:26 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT

2009-05-02 16:16 . 2007-06-15 08:32 12 ----a-w c:\windows\bthservsdp.dat

2009-05-02 11:31 . 2007-09-01 23:02 432 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{461DE2BE-AA0F-49CD-A405-B704EE86F80C}.job

2009-04-29 01:58 . 2007-09-02 14:18 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-04-29 01:26 . 2007-09-02 18:42 -------- d-----w c:\program files\olibul

2009-04-28 13:00 . 2007-09-04 23:31 386 ----a-w c:\windows\Tasks\rpc.job

2009-04-18 02:46 . 2007-10-27 15:40 -------- d-----w c:\program files\Java

2009-04-16 10:31 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-05 03:01 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-04-05 03:01 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat

2009-04-05 03:01 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-03-25 21:07 . 2009-03-25 21:07 339968 ----a-w c:\windows\system32\pythoncom25.dll

2009-03-25 21:07 . 2009-03-25 21:07 2117632 ----a-w c:\windows\system32\python25.dll

2009-03-25 21:07 . 2009-03-25 21:07 114688 ----a-w c:\windows\system32\pywintypes25.dll

2009-03-25 21:07 . 2009-03-25 21:07 -------- d-----w c:\program files\AGI

2009-03-25 01:25 . 2009-03-25 01:25 -------- d-----w c:\program files\Innovative Solutions

2009-03-25 00:28 . 2008-02-29 13:08 -------- d-----w c:\program files\Windows Live

2009-03-25 00:27 . 2008-07-29 14:38 -------- d-----w c:\program files\Microsoft

2009-03-25 00:08 . 2009-03-25 00:08 -------- d-----w c:\program files\Common Files\Windows Live

2009-03-17 03:38 . 2009-04-15 17:39 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-15 17:39 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 17:39 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-15 16:19 . 2007-09-02 17:19 -------- d-----w c:\program files\Google

2009-03-15 16:19 . 2007-09-01 20:26 -------- d-----w c:\program files\Common Files\Ahead

2009-03-14 15:43 . 2009-03-14 15:43 -------- d-----w c:\program files\iTunes

2009-03-14 15:43 . 2009-03-14 15:43 -------- d-----w c:\program files\iPod

2009-03-14 15:43 . 2008-02-17 03:01 -------- d-----w c:\program files\Common Files\Apple

2009-03-14 15:40 . 2009-03-14 15:39 -------- d-----w c:\program files\QuickTime

2009-03-11 20:27 . 2009-03-11 20:27 202240 ----a-w c:\windows\system32\Hotel For Dogs - Friday.scr

2009-03-06 03:59 . 2009-03-06 03:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-03-06 03:59 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-03 04:46 . 2009-04-15 17:39 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-15 17:39 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-15 17:39 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 17:39 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 17:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 17:39 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 17:39 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 04:37 . 2009-04-15 17:39 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 03:04 . 2009-04-15 17:39 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 17:39 17408 ----a-w c:\windows\system32\iashost.exe

2009-02-13 08:49 . 2009-04-15 17:39 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-15 17:39 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 10:43 2033152 ----a-w c:\windows\system32\win32k.sys

2008-06-06 14:52 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-07-23 13:26 . 2008-07-21 20:03 24 --sh--w c:\windows\S6A46BA1B.tmp

2007-07-23 22:40 . 2007-04-24 21:45 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"Le Petit Robert Hyperappel"="c:\program files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 22560]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 39408]

"NTUpdate"="c:\program files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe" [2009-04-26 172032]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"IndexCleaner"="c:\program files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 815104]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]

"Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]

"-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-08 4186112]

 

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]

"NTUpdate"="c:\program files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe" [2009-04-26 172032]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hyperappel du Petit Larousse 2009.lnk

backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Propriétaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain 4.lnk]

path=c:\users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain 4.lnk

backup=c:\windows\pss\PersonalBrain 4.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8A1082AC-C39B-4A0C-91CF-420BF0862BAD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{9298297B-A9B3-414A-8345-BBDDA7E3141C}c:\\program files\\cyberlink\\powerdvd\\powerdvd.exe"= UDP:c:\program files\cyberlink\powerdvd\powerdvd.exe:PowerDVD

"UDP Query User{9C53113D-4160-4E85-A8FD-C7F077FF82E9}c:\\program files\\cyberlink\\powerdvd\\powerdvd.exe"= TCP:c:\program files\cyberlink\powerdvd\powerdvd.exe:PowerDVD

"TCP Query User{49B2842C-DA47-4927-ADC9-BB90F3A74140}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{C7ECE6ED-476D-4560-B864-55B25E03F7ED}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{60E0B869-1F84-44EF-A58B-141CAE002D23}c:\\users\\propriétaire\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\propriétaire\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{BD9E7797-F451-49FD-92C6-7634B853447F}c:\\users\\propriétaire\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\propriétaire\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{368F1A54-2B21-4D23-9F68-8145A066743E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{FD77EB1B-9770-4B52-9816-0AA3FDD4A0B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{43861F2E-D59A-44FB-AB7F-24FF3ECD9A26}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{AA48A75C-F14E-4818-BF47-E834D0150488}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{CDC5C12C-F75C-4E04-A230-0865FE792DA3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{912FD0E2-4DFD-4618-A73C-BCCBCD403EAC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{AE8B5FB4-2774-4E15-A20D-B9B6910DEB81}"= UDP:c:\program files\Sony\Media Manager for PSP 2.0\MediaManager.exe:Media Manager for PSP 2.0

"{E5ABA154-DBEB-44CB-A78B-E1106B99FC5E}"= TCP:c:\program files\Sony\Media Manager for PSP 2.0\MediaManager.exe:Media Manager for PSP 2.0

"{A6D7DEA2-B0A0-43A9-AF51-E9F9AE4A0185}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B29E5C25-A255-4306-B6B4-5F85216FFD56}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{07CCD21B-D704-4E9C-92F4-486D7573619A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{73D7A88A-FC9C-4098-BAF2-E64BF15F52D0}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core

"{AD810B1C-E35C-4494-88B2-5275E9EF492A}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core

"TCP Query User{06666485-BA74-4726-80F7-6E33FA69898A}c:\\users\\propriétaire\\appdata\\roaming\\thinstall\\warcraft iii\\4000006e7c002i\\war3.exe"= UDP:c:\users\propriétaire\appdata\roaming\thinstall\warcraft iii\4000006e7c002i\war3.exe:war3.exe

"UDP Query User{CB1A3F52-A688-4CEB-B4F0-A1F3931CE91E}c:\\users\\propriétaire\\appdata\\roaming\\thinstall\\warcraft iii\\4000006e7c002i\\war3.exe"= TCP:c:\users\propriétaire\appdata\roaming\thinstall\warcraft iii\4000006e7c002i\war3.exe:war3.exe

"{0F25E9ED-07DD-4DF6-8763-C50763D3809F}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B0B8474C-71F6-4E8F-AF01-36BF0B72CFF9}"= UDP:6112:Blizzard Downloader

"{DEFDE03F-1F1E-46A2-A5DE-FA9F8898D801}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{CD36EF5A-A4EB-412D-A68E-6DD1F2DC93C0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{505BB7BB-55B2-486F-809A-A7650BBB7A70}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"UDP Query User{5E4898E1-BE3B-43A1-8FD8-E4E5C58E63E4}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"{123FF0C0-F3FD-4133-B4F7-46FFA3DF44DC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E473C5AC-DFE3-4D64-974E-2300B87F8E2B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{DDF9B582-3892-4EAA-AD56-7A3248A15FDA}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-downloader.exe:Blizzard Downloader

"{589DF68A-AB6D-468D-AAFE-B3B21F13BF6B}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-downloader.exe:Blizzard Downloader

"{26D31061-FFC6-4F09-820E-8D64FFA0CE87}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{AF365B8B-D0F7-41A2-9ECD-E3F4CBECEC93}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"UDP Query User{C53C313F-551C-44B6-8BEB-8F9CDC6539D5}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"{8FB3A664-B773-40F8-901F-4EDA372BE089}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{91326372-BF39-4502-A08E-D50EE329A42A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{3CFB9D45-A0A3-46A8-84D9-89BFDC0A8383}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-02-19 7808]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-03-22 20560]

S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [2009-03-25 10240]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-11 24576]

S2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]

S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\program files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824]

S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-20 1324544]

S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e43fe95c-48f6-11dd-bdd5-001bfc129c41}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C240H4V0-Z645-SR9M-F9LH-5T77YC0HM05R}]

c:\program files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{461DE2BE-AA0F-49CD-A405-B704EE86F80C}.job

- c:\windows\system32\msfeedssync.exe [2008-06-06 07:33]

 

2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{980DD9E3-FF3D-4B95-8EB1-7086EE5CD91C}.job

- c:\windows\system32\msfeedssync.exe [2008-06-06 07:33]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

HKCU-Run-DriverMax - (no file)

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

FF - ProfilePath - c:\users\Propriétaire\AppData\Roaming\Mozilla\Firefox\Profiles\bns3d38k.default\

FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/defaultf.aspx

FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-02 14:35

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Le Petit Robert Hyperappel = c:\program files\Le Robert\Le Petit Robert\prhyper.exe?v????$????????N?v,?Hwq1?uf?r?-?C?A???H?!??~#?[????2!???!?H2!? ???????$??????@??????????#???!?$?????????!???!??~#?L?????????!?????????@?Hw0?!???Hw?2?u??????!???#?????$???z??v"???????????,???,????????O?v

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\default\Software\Google\GoogleToolbarNotifier]

@DACL=(02 0000)

 

[HKEY_USERS\default\Software\JavaSoft\Java2D]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000\Software\Macromedia\FlashPlayer]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000\Software\Microsoft\Office\Common\UserInfo]

@DACL=(02 0000)

"UserName"="Propriétaire"

"Company"=""

"UserInitials"="GF&JD"

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\1\32]

@DACL=(02 0000)

"NodeSlot"=dword:0000012e

"MRUListEx"=hex:ff,ff,ff,ff

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\1\52]

@DACL=(02 0000)

"0"=hex:42,00,31,00,00,00,00,00,c7,38,20,7b,10,00,56,4c,43,00,30,00,07,00,04,

00,ef,be,c7,38,11,7b,c7,38,20,7b,26,00,00,00,4c,25,00,00,00,00,05,00,00,00,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

"NodeSlot"=dword:000000a2

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\14]

@DACL=(02 0000)

"0"=hex:52,00,31,00,00,00,00,00,d5,38,f0,06,10,00,52,65,67,43,6c,65,61,6e,00,

00,3a,00,07,00,04,00,ef,be,d5,38,f0,06,d5,38,f0,06,26,00,00,00,40,21,03,00,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

"NodeSlot"=dword:000000f9

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\3\0\11\0]

@DACL=(02 0000)

"0"=hex:4c,00,31,00,00,00,00,00,91,37,6c,15,10,00,4b,65,79,67,65,6e,00,00,36,

00,07,00,04,00,ef,be,91,37,6b,15,91,37,6c,15,26,00,00,00,58,0e,00,00,00,00,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

"NodeSlot"=dword:00000172

 

[HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\3\10]

@DACL=(02 0000)

"NodeSlot"=dword:00000129

"MRUListEx"=hex:ff,ff,ff,ff

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]

@DACL=(02 0000)

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]

@DACL=(02 0000)

"HardwareFlowControl"="1"

"SetupCommand"="ATS7=60/Q3"

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT&F&D2&C1V1S0=0E0<cr>"

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"SpeakerVolume_Low"="L0"

"SpeakerVolume_Med"="L2"

"SpeakerVolume_High"="L3"

"SpeakerMode_Off"="M0"

"SpeakerMode_Dial"="M1"

"SpeakerMode_On"="M2"

"SpeakerMode_Setup"="M3"

"FlowControl_Off"="\\Q0"

"FlowControl_Hard"="\\Q3"

"FlowControl_Soft"="\\Q1"

"ErrorControl_On"="\\N7"

"ErrorControl_Off"="\\N0"

"ErrorControl_Forced"="\\N6"

"Compression_On"="%C1"

"Compression_Off"="%C0"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X4"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"InactivityTimeout"="\\T<#>"

"Modulation_CCITT"="*LS1"

"Modulation_Bell"="*LS0"

 

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]

@DACL=(02 0000)

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]

@DACL=(02 0000)

"HardwareFlowControl"="1"

"SetupCommand"="ATS7=60/Q3"

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT&F&D2&C1V1S0=0E0<cr>"

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"SpeakerVolume_Low"="L0"

"SpeakerVolume_Med"="L2"

"SpeakerVolume_High"="L3"

"SpeakerMode_Off"="M0"

"SpeakerMode_Dial"="M1"

"SpeakerMode_On"="M2"

"SpeakerMode_Setup"="M3"

"FlowControl_Off"="\\Q0"

"FlowControl_Hard"="\\Q3"

"FlowControl_Soft"="\\Q1"

"ErrorControl_On"="\\N7"

"ErrorControl_Off"="\\N0"

"ErrorControl_Forced"="\\N6"

"Compression_On"="%C1"

"Compression_Off"="%C0"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X4"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"InactivityTimeout"="\\T<#>"

"Modulation_CCITT"="*LS1"

"Modulation_Bell"="*LS0"

 

[HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_USERS\system\Setup\Service Reporting API]

@DACL=(02 0000)

 

[HKEY_USERS\system\Setup\SetupCL]

@DACL=(02 0000)

"DriveMask"=dword:00000004

"RUNTIME"=dword:00000044

"HIVETIME"=dword:0000000a

"FILEACLTIME"=dword:0000003a

"EXECUTIONSUCCESSFUL"=dword:00000001

 

[HKEY_USERS\system\Setup\Status]

@DACL=(02 0000)

"AuditBoot"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(932)

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

.

Heure de fin: 2009-05-02 14:37

ComboFix-quarantined-files.txt 2009-05-02 18:37

 

Avant-CF: 46 983 573 504 octets libres

Après-CF: 47 016 034 304 octets libres

 

410 --- E O F --- 2009-05-02 10:45

[pear]

Ok,

 

Cela va-t-il mieux ?

[Un autre curieux]

Me voici,

 

Je dois convenir que depuis une heure, pas de manifestation trouble (fenêtre avec erreur '10050'..; écran bleu nous signifiant un crash du système.)

 

Je roule encore un peu le système et vous reviens demain.

 

Entre temps, merci beaucoup pour l'aide.

À plus.

[Un autre curieux]

Bonjour,

 

C'est très bon, l'ordi semble rouler sans problème tout comme avant de faire appel à vos bons services.

 

À nouveau, merci