Version anglaiseVersion espagnoleVersion françaiseInscrivez-vous, c'est gratuit ! (mot de passe oublié)
- Vendredi 9 janvier 2009 - 09:00:36
- inscrits : 1159021
- connectés : 26231
- questions/jour : 5501
- Taux de réponse : 76.74%
Plateformes d'assistanceDiscussions & Opinions des Communautés
|
|
|
|
Bonjour,
J AI DEMARRER COMBOFIX ET IL MA NOTER SE RAPPORT , QUEL QU UN PEUT M AIDER SVP DE SE QUE JE DOIT FAIRE ????
MERCI
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 08-11-29.03 - admin 2008-11-30 12:39:57.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.84 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.
2008-12-27 20:32 . 2008-12-27 20:32 <REP> d----c--- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-29 15:20 . 2008-11-29 15:20 <REP> d----c--- c:\documents and settings\admin\Application Data\HiYo
2008-11-28 22:19 . 2008-11-28 22:21 <REP> d----c--- C:\WINDOWS.3
2008-11-28 19:14 . 2008-11-28 19:15 <REP> d----c--- C:\WINDOWS.2
2008-11-28 18:53 . 2008-11-28 18:54 <REP> d----c--- C:\WINDOWS.1
2008-11-27 15:43 . 2008-11-27 15:49 <REP> d----c--- C:\9541758bd5c96f68c67270801c5f
2008-11-27 15:40 . 2008-11-27 16:38 <REP> d----c--- C:\WINDOWS.0
2008-11-27 15:36 . 2008-11-27 15:36 <REP> d----c--- c:\documents and settings\stef\Application Data\vlc
2008-11-27 15:27 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\stef\Voisinage réseau
2008-11-27 15:27 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\stef\Voisinage d'impression
2008-11-27 15:27 . 2008-11-27 15:02 <REP> d--h-c--- c:\documents and settings\stef\Modèles
2008-11-27 15:27 . 2008-11-27 15:28 <REP> dr---c--- c:\documents and settings\stef\Mes documents
2008-11-27 15:27 . 2008-11-27 14:50 <REP> dr---c--- c:\documents and settings\stef\Menu Démarrer
2008-11-27 15:27 . 2008-11-27 15:28 <REP> dr---c--- c:\documents and settings\stef\Favoris
2008-11-27 15:27 . 2008-11-27 15:55 <REP> d----c--- c:\documents and settings\stef\Bureau
2008-11-27 15:27 . 2008-11-27 15:27 <REP> d----c--- c:\documents and settings\stef
2008-11-27 15:25 . 2008-11-27 15:25 <REP> d--hsc--- c:\documents and settings\NetworkService.AUTORITE NT
2008-11-27 15:25 . 2008-11-27 15:25 <REP> d--hsc--- c:\documents and settings\LocalService.AUTORITE NT
2008-11-27 15:11 . 2008-11-27 15:14 <REP> d--hsc--- c:\documents and settings\All Users.WINDOWS.0\DRM
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0\Voisinage réseau
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0\Voisinage d'impression
2008-11-27 14:50 . 2008-11-27 15:02 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0\Modèles
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\Default User.WINDOWS.0\Mes documents
2008-11-27 14:50 . 2008-11-27 14:50 <REP> dr---c--- c:\documents and settings\Default User.WINDOWS.0\Menu Démarrer
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\Default User.WINDOWS.0\Favoris
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\Default User.WINDOWS.0\Bureau
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\All Users.WINDOWS.0\Modèles
2008-11-27 14:50 . 2008-11-27 16:27 <REP> dr---c--- c:\documents and settings\All Users.WINDOWS.0\Menu Démarrer
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\All Users.WINDOWS.0\Favoris
2008-11-27 14:50 . 2008-11-27 15:06 <REP> dr---c--- c:\documents and settings\All Users.WINDOWS.0\Documents
2008-11-27 14:50 . 2008-11-27 15:34 <REP> d----c--- c:\documents and settings\All Users.WINDOWS.0\Bureau
2008-11-27 14:49 . 2008-11-27 15:26 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0
2008-11-27 14:49 . 2008-11-27 15:11 <REP> d----c--- c:\documents and settings\All Users.WINDOWS.0
2008-11-20 06:51 . 2008-11-20 06:56 <REP> d----c--- c:\documents and settings\All Users\Application Data\ThumbnailCache4R
2008-11-12 02:35 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 18:45 . 2008-11-07 18:45 <REP> d----c--- c:\documents and settings\admin\Application Data\Lexmark Productivity Studio
2008-11-07 18:26 . 2008-11-20 06:53 <REP> d----c--- c:\documents and settings\All Users\Lx_cats
2008-11-07 18:23 . 2004-08-03 19:01 25,856 --a--c--- c:\windows\system32\drivers\usbprint.sys
2008-11-07 18:23 . 2004-08-03 19:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-07 18:14 . 2008-11-07 18:14 <REP> d----c--- C:\logs
2008-11-07 18:10 . 2007-10-05 00:27 80,861 --a--c--- c:\windows\system32\lxdnprpr.chm
2008-11-07 18:08 . 2001-08-23 16:47 87,040 --a--c--- c:\windows\system32\wiafbdrv.dll
2008-11-07 18:08 . 2001-08-23 16:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-07 18:08 . 2004-08-03 18:58 15,104 --a--c--- c:\windows\system32\drivers\usbscan.sys
2008-11-07 18:08 . 2004-08-03 18:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-07 18:01 . 2008-11-07 18:01 <REP> d----c--- c:\program files\Lexmark Toolbar
2008-11-07 17:59 . 2000-01-01 18:20 <REP> d----c--- c:\program files\Lexmark 2600 Series
2008-11-07 03:00 . 2008-11-07 03:00 <REP> d----c--- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-06 18:51 . 2008-11-06 18:50 127,034 -----c--- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-06 18:47 . 2008-11-06 18:47 <REP> d----c--- c:\documents and settings\admin\Application Data\Leadertech
2008-11-06 18:43 . 2004-08-19 12:10 91,648 --a--c--- c:\windows\system32\kswdmcap.ax
2008-11-06 18:43 . 2004-08-19 12:10 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-11-06 18:43 . 2004-08-19 12:09 54,784 --a--c--- c:\windows\system32\vfwwdm32.dll
2008-11-06 18:43 . 2004-08-19 12:09 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-06 18:43 . 2004-08-19 12:10 43,008 --a--c--- c:\windows\system32\ksxbar.ax
2008-11-06 18:43 . 2004-08-19 12:10 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-11-06 18:43 . 2004-08-19 12:10 28,672 --a--c--- c:\windows\system32\vidcap.ax
2008-11-06 18:43 . 2004-08-19 12:10 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-11-06 18:42 . 2004-08-19 12:10 61,952 --a--c--- c:\windows\system32\kstvtune.ax
2008-11-06 18:42 . 2004-08-19 12:10 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-11-06 18:29 . 2008-11-09 17:29 <REP> d----c--- c:\documents and settings\All Users\Application Data\Logishrd
2008-11-06 18:28 . 2000-01-01 18:23 <REP> d----c--- c:\program files\Logitech
2008-11-06 18:28 . 2000-01-01 19:51 <REP> d----c--- c:\program files\Fichiers communs\LogiShrd
2008-11-06 18:28 . 2008-11-06 18:28 <REP> d----c--- c:\documents and settings\All Users\Application Data\Logitech
2008-11-06 18:24 . 2004-08-03 19:07 59,264 --a--c--- c:\windows\system32\drivers\USBAUDIO.sys
2008-11-06 18:24 . 2004-08-03 19:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-06 18:22 . 2004-08-03 19:08 31,616 --a--c--- c:\windows\system32\drivers\usbccgp.sys
2008-11-06 18:22 . 2004-08-03 19:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-05 12:37 . 2008-11-23 13:29 <REP> d----c--- c:\windows\system32\CatRoot_bak
2008-11-05 11:21 . 2006-11-29 13:06 3,426,072 --a--c--- c:\windows\system32\d3dx9_32.dll
2008-11-05 11:14 . 2008-11-05 11:14 <REP> d----c--- c:\program files\Microsoft SQL Server Compact Edition
2008-11-05 10:45 . 2008-11-05 10:57 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-05 10:43 . 2008-11-05 10:43 <REP> d----c--- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-03 03:30 . 2004-08-19 16:09 221,184 --a--c--- c:\windows\system32\wmpns.dll
2008-11-02 19:10 . 2008-06-14 18:59 272,768 --a------ c:\windows\system32\dllcache\bthport.sys
2008-11-02 19:09 . 2008-08-28 11:04 333,056 --a------ c:\windows\system32\dllcache\srv.sys
2008-11-02 19:09 . 2008-08-14 10:51 138,368 --a------ c:\windows\system32\dllcache\afd.sys
2008-11-02 19:07 . 2008-08-14 14:44 2,182,400 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 19:07 . 2008-08-14 14:44 2,138,112 --a------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 19:07 . 2008-08-14 14:44 2,059,776 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 19:07 . 2008-08-14 14:44 2,017,792 --a------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 19:07 . 2008-09-15 16:39 1,846,144 --a------ c:\windows\system32\dllcache\win32k.sys
2008-11-02 16:48 . 2008-11-05 11:17 <REP> d----c--- c:\windows\system32\bits
2008-11-02 16:48 . 2008-11-05 11:03 <REP> d----c--- c:\windows\l2schemas
2008-11-02 16:01 . 2004-08-19 16:09 4,290,048 --a------ c:\windows\system32\dllcache\wmm2res.dll
2008-11-02 16:00 . 2004-08-19 16:08 2,986,496 --a------ c:\windows\system32\dllcache\sprt040c.dll
2008-11-02 15:59 . 2004-08-19 16:10 1,230,848 --a------ c:\windows\system32\dllcache\ntbackup.exe
2008-11-02 15:58 . 2004-08-19 16:09 450,048 --a------ c:\windows\system32\dllcache\aclayers.dll
2008-11-02 15:57 . 2004-05-12 23:39 876,653 --a------ c:\windows\system32\dllcache\fp4awel.dll
2008-11-02 15:56 . 2004-08-19 16:11 4,190,352 --a------ c:\windows\system32\dllcache\luna.mst
2008-11-02 15:55 . 2004-08-19 16:09 1,352,704 --a------ c:\windows\system32\dllcache\cimwin32.dll
2008-11-02 15:54 . 2004-08-19 16:09 1,036,288 --a------ c:\windows\system32\dllcache\explorer.exe
2008-11-02 15:53 . 2004-08-19 16:09 1,179,648 --a------ c:\windows\system32\dllcache\d3d8.dll
2008-11-02 15:52 . 2001-08-24 13:00 1,502,208 --a------ c:\windows\system32\dllcache\diskcopy.dll
2008-11-02 15:51 . 2004-08-19 16:09 1,028,096 --a------ c:\windows\system32\dllcache\mfc42.dll
2008-11-02 15:50 . 2004-08-19 16:09 1,433,600 --a------ c:\windows\system32\dllcache\msvidctl.dll
2008-11-02 15:49 . 2008-08-20 06:33 1,499,648 --a------ c:\windows\system32\dllcache\shdocvw.dll
2008-11-02 15:48 . 2008-09-15 16:39 1,846,144 --a------ c:\windows\system32\win32k.sys
2008-11-02 15:47 . 2008-08-14 14:44 2,182,400 --a------ c:\windows\system32\ntoskrnl.exe
2008-11-01 17:13 . 2008-11-01 17:13 <REP> d----c--- c:\documents and settings\All Users\Application Data\Zylom
2008-11-01 15:56 . 2008-11-30 11:45 <REP> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 15:54 . 2004-03-09 00:00 1,081,616 --a--c--- c:\windows\system32\MSCOMCTL.OCX
2008-11-01 15:25 . 2008-11-03 20:18 <REP> d----c--- c:\documents and settings\admin\Shared
2008-10-31 15:16 . 2008-10-31 15:16 <REP> d----c--- c:\documents and settings\admin\Application Data\TuneUp Software
2008-10-30 16:35 . 2008-10-30 19:09 <REP> d----c--- c:\documents and settings\admin\Application Data\F-Secure
2008-10-30 16:07 . 2008-10-30 16:07 <REP> d----c--- c:\program files\SFR
2008-10-30 16:01 . 2008-10-30 16:05 <REP> d----c--- c:\documents and settings\All Users\Application Data\fssg
2008-10-30 15:59 . 2008-10-31 14:31 <REP> d----c--- c:\documents and settings\All Users\Application Data\f-secure
2008-10-29 16:40 . 2008-10-29 16:40 208 --ah-c--- C:\sqmdata02.sqm
2008-10-29 16:40 . 2008-10-29 16:40 172 --ah-c--- C:\sqmdata01.sqm
2008-10-29 16:39 . 2008-10-29 16:39 268 --ah-c--- C:\sqmdata00.sqm
2008-10-29 16:39 . 2008-10-29 16:39 244 --ah-c--- C:\sqmnoopt19.sqm
2008-10-28 09:59 . 2008-11-05 10:28 <REP> d----c--- c:\program files\Executive Software
2008-10-28 09:23 . 2008-11-21 15:31 <REP> d----c--- c:\documents and settings\admin\Application Data\dvdcss
2008-10-26 12:52 . 2008-10-03 18:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-26 12:52 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-26 12:52 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-26 12:52 . 2008-08-26 09:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-26 12:52 . 2008-08-26 09:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-26 12:52 . 2008-08-26 09:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-26 12:52 . 2008-08-26 09:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-26 12:52 . 2008-08-26 09:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-26 12:52 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-26 12:50 . 2008-11-05 12:06 <REP> d----c--- c:\windows\system32\fr-fr
2008-10-25 20:58 . 2008-10-25 20:58 <REP> d----c--- c:\documents and settings\All Users\Application Data\Avg8
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 14:03 --------- dc----w c:\program files\Services en ligne
2008-11-13 21:44 --------- dc----w c:\documents and settings\admin\Application Data\AdobeUM
2008-11-06 17:50 --------- dc-h--w c:\program files\InstallShield Installation Information
2008-10-24 11:10 453,632 -c--a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:09 --------- dc----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-10-16 13:13 202,776 -c--a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 -c--a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 -c--a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 -c--a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 -c--a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 -c--a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 13:06 208,744 -c--a-w c:\windows\system32\muweb.dll
2008-09-28 17:41 --------- dc----w c:\program files\ScreenMates
2008-09-04 16:45 1,106,944 -c--a-w c:\windows\system32\msxml3.dll
2008-08-26 08:11 826,368 -c--a-w c:\windows\system32\wininet.dll
2008-08-20 05:33 474,624 ----a-w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:33 152,064 ----a-w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:33 1,056,768 ----a-w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:33 1,024,512 ----a-w c:\windows\system32\dllcache\browseui.dll
2008-08-14 13:44 2,059,776 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot_2008-11-24_17.43.33,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 13:33:12 83,968 -c--a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:52 83,968 -c--a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
- 2008-04-14 02:33:31 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2004-08-19 15:09:34 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:29 26,488 -c----w c:\windows\$NtUninstallKB946648$\spcustom.dll
+ 2007-11-30 12:39:29 18,296 -c----w c:\windows\$NtUninstallKB946648$\spmsg.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB946648$\spuninst.exe
+ 2007-11-30 11:19:06 767,352 -c----w c:\windows\$NtUninstallKB946648$\update.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB946648$\updspapi.dll
- 2008-11-23 17:40:28 1,632 -c--a-w c:\windows\system32\d3d8caps.dat
+ 2008-11-29 16:02:43 1,632 -c--a-w c:\windows\system32\d3d8caps.dat
+ 2008-11-29 14:28:00 336,640 -c--a-w c:\windows\system32\Restore\rstrlog.dat
- 2008-07-08 13:03:54 18,296 -c----w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 -c----w c:\windows\system32\spmsg.dll
+ 2008-11-30 10:45:49 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_3b4.dat
+ 2008-11-30 10:45:13 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-24 171448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-04-13 46080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2008-02-13 13:02 564496 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2008-02-13 13:06 2196240 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a--c--- 2004-08-19 16:10 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-04-13 14:25 782336 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-31 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-31 20560]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2008-10-23 21344]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys []
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys []
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys []
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys []
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys []
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys []
S3 NtApm;Pilote d'interface NT APM/hérité;c:\windows\system32\DRIVERS\NtApm.sys [2008-05-29 9472]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-11-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
2008-11-30 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-HiYo - c:\program files\HiYo\bin\HiYo.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64df19cc4c4a4257a316eeaba1c2af6a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64df19cc4c4a4257a316eeaba1c2af6a
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_32.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 12:45:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
Heure de fin: 2008-11-30 12:50:02
ComboFix-quarantined-files.txt 2008-11-30 11:48:37
ComboFix2.txt 2008-11-24 16:45:23
ComboFix3.txt 2008-11-18 17:40:22
Avant-CF: 13 042 749 440 octets libres
Après-CF: 13,121,024,000 octets libres
280 --- E O F --- 2008-11-29 22:48:07
J AI DEMARRER COMBOFIX ET IL MA NOTER SE RAPPORT , QUEL QU UN PEUT M AIDER SVP DE SE QUE JE DOIT FAIRE ????
MERCI
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 08-11-29.03 - admin 2008-11-30 12:39:57.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.84 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.
2008-12-27 20:32 . 2008-12-27 20:32 <REP> d----c--- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-29 15:20 . 2008-11-29 15:20 <REP> d----c--- c:\documents and settings\admin\Application Data\HiYo
2008-11-28 22:19 . 2008-11-28 22:21 <REP> d----c--- C:\WINDOWS.3
2008-11-28 19:14 . 2008-11-28 19:15 <REP> d----c--- C:\WINDOWS.2
2008-11-28 18:53 . 2008-11-28 18:54 <REP> d----c--- C:\WINDOWS.1
2008-11-27 15:43 . 2008-11-27 15:49 <REP> d----c--- C:\9541758bd5c96f68c67270801c5f
2008-11-27 15:40 . 2008-11-27 16:38 <REP> d----c--- C:\WINDOWS.0
2008-11-27 15:36 . 2008-11-27 15:36 <REP> d----c--- c:\documents and settings\stef\Application Data\vlc
2008-11-27 15:27 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\stef\Voisinage réseau
2008-11-27 15:27 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\stef\Voisinage d'impression
2008-11-27 15:27 . 2008-11-27 15:02 <REP> d--h-c--- c:\documents and settings\stef\Modèles
2008-11-27 15:27 . 2008-11-27 15:28 <REP> dr---c--- c:\documents and settings\stef\Mes documents
2008-11-27 15:27 . 2008-11-27 14:50 <REP> dr---c--- c:\documents and settings\stef\Menu Démarrer
2008-11-27 15:27 . 2008-11-27 15:28 <REP> dr---c--- c:\documents and settings\stef\Favoris
2008-11-27 15:27 . 2008-11-27 15:55 <REP> d----c--- c:\documents and settings\stef\Bureau
2008-11-27 15:27 . 2008-11-27 15:27 <REP> d----c--- c:\documents and settings\stef
2008-11-27 15:25 . 2008-11-27 15:25 <REP> d--hsc--- c:\documents and settings\NetworkService.AUTORITE NT
2008-11-27 15:25 . 2008-11-27 15:25 <REP> d--hsc--- c:\documents and settings\LocalService.AUTORITE NT
2008-11-27 15:11 . 2008-11-27 15:14 <REP> d--hsc--- c:\documents and settings\All Users.WINDOWS.0\DRM
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0\Voisinage réseau
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0\Voisinage d'impression
2008-11-27 14:50 . 2008-11-27 15:02 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0\Modèles
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\Default User.WINDOWS.0\Mes documents
2008-11-27 14:50 . 2008-11-27 14:50 <REP> dr---c--- c:\documents and settings\Default User.WINDOWS.0\Menu Démarrer
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\Default User.WINDOWS.0\Favoris
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\Default User.WINDOWS.0\Bureau
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d--h-c--- c:\documents and settings\All Users.WINDOWS.0\Modèles
2008-11-27 14:50 . 2008-11-27 16:27 <REP> dr---c--- c:\documents and settings\All Users.WINDOWS.0\Menu Démarrer
2008-11-27 14:50 . 2008-11-27 14:50 <REP> d----c--- c:\documents and settings\All Users.WINDOWS.0\Favoris
2008-11-27 14:50 . 2008-11-27 15:06 <REP> dr---c--- c:\documents and settings\All Users.WINDOWS.0\Documents
2008-11-27 14:50 . 2008-11-27 15:34 <REP> d----c--- c:\documents and settings\All Users.WINDOWS.0\Bureau
2008-11-27 14:49 . 2008-11-27 15:26 <REP> d--h-c--- c:\documents and settings\Default User.WINDOWS.0
2008-11-27 14:49 . 2008-11-27 15:11 <REP> d----c--- c:\documents and settings\All Users.WINDOWS.0
2008-11-20 06:51 . 2008-11-20 06:56 <REP> d----c--- c:\documents and settings\All Users\Application Data\ThumbnailCache4R
2008-11-12 02:35 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 18:45 . 2008-11-07 18:45 <REP> d----c--- c:\documents and settings\admin\Application Data\Lexmark Productivity Studio
2008-11-07 18:26 . 2008-11-20 06:53 <REP> d----c--- c:\documents and settings\All Users\Lx_cats
2008-11-07 18:23 . 2004-08-03 19:01 25,856 --a--c--- c:\windows\system32\drivers\usbprint.sys
2008-11-07 18:23 . 2004-08-03 19:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-07 18:14 . 2008-11-07 18:14 <REP> d----c--- C:\logs
2008-11-07 18:10 . 2007-10-05 00:27 80,861 --a--c--- c:\windows\system32\lxdnprpr.chm
2008-11-07 18:08 . 2001-08-23 16:47 87,040 --a--c--- c:\windows\system32\wiafbdrv.dll
2008-11-07 18:08 . 2001-08-23 16:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-07 18:08 . 2004-08-03 18:58 15,104 --a--c--- c:\windows\system32\drivers\usbscan.sys
2008-11-07 18:08 . 2004-08-03 18:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-07 18:01 . 2008-11-07 18:01 <REP> d----c--- c:\program files\Lexmark Toolbar
2008-11-07 17:59 . 2000-01-01 18:20 <REP> d----c--- c:\program files\Lexmark 2600 Series
2008-11-07 03:00 . 2008-11-07 03:00 <REP> d----c--- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-06 18:51 . 2008-11-06 18:50 127,034 -----c--- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-06 18:47 . 2008-11-06 18:47 <REP> d----c--- c:\documents and settings\admin\Application Data\Leadertech
2008-11-06 18:43 . 2004-08-19 12:10 91,648 --a--c--- c:\windows\system32\kswdmcap.ax
2008-11-06 18:43 . 2004-08-19 12:10 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-11-06 18:43 . 2004-08-19 12:09 54,784 --a--c--- c:\windows\system32\vfwwdm32.dll
2008-11-06 18:43 . 2004-08-19 12:09 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-06 18:43 . 2004-08-19 12:10 43,008 --a--c--- c:\windows\system32\ksxbar.ax
2008-11-06 18:43 . 2004-08-19 12:10 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-11-06 18:43 . 2004-08-19 12:10 28,672 --a--c--- c:\windows\system32\vidcap.ax
2008-11-06 18:43 . 2004-08-19 12:10 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-11-06 18:42 . 2004-08-19 12:10 61,952 --a--c--- c:\windows\system32\kstvtune.ax
2008-11-06 18:42 . 2004-08-19 12:10 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-11-06 18:29 . 2008-11-09 17:29 <REP> d----c--- c:\documents and settings\All Users\Application Data\Logishrd
2008-11-06 18:28 . 2000-01-01 18:23 <REP> d----c--- c:\program files\Logitech
2008-11-06 18:28 . 2000-01-01 19:51 <REP> d----c--- c:\program files\Fichiers communs\LogiShrd
2008-11-06 18:28 . 2008-11-06 18:28 <REP> d----c--- c:\documents and settings\All Users\Application Data\Logitech
2008-11-06 18:24 . 2004-08-03 19:07 59,264 --a--c--- c:\windows\system32\drivers\USBAUDIO.sys
2008-11-06 18:24 . 2004-08-03 19:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-06 18:22 . 2004-08-03 19:08 31,616 --a--c--- c:\windows\system32\drivers\usbccgp.sys
2008-11-06 18:22 . 2004-08-03 19:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-05 12:37 . 2008-11-23 13:29 <REP> d----c--- c:\windows\system32\CatRoot_bak
2008-11-05 11:21 . 2006-11-29 13:06 3,426,072 --a--c--- c:\windows\system32\d3dx9_32.dll
2008-11-05 11:14 . 2008-11-05 11:14 <REP> d----c--- c:\program files\Microsoft SQL Server Compact Edition
2008-11-05 10:45 . 2008-11-05 10:57 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-05 10:43 . 2008-11-05 10:43 <REP> d----c--- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-03 03:30 . 2004-08-19 16:09 221,184 --a--c--- c:\windows\system32\wmpns.dll
2008-11-02 19:10 . 2008-06-14 18:59 272,768 --a------ c:\windows\system32\dllcache\bthport.sys
2008-11-02 19:09 . 2008-08-28 11:04 333,056 --a------ c:\windows\system32\dllcache\srv.sys
2008-11-02 19:09 . 2008-08-14 10:51 138,368 --a------ c:\windows\system32\dllcache\afd.sys
2008-11-02 19:07 . 2008-08-14 14:44 2,182,400 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 19:07 . 2008-08-14 14:44 2,138,112 --a------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 19:07 . 2008-08-14 14:44 2,059,776 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 19:07 . 2008-08-14 14:44 2,017,792 --a------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 19:07 . 2008-09-15 16:39 1,846,144 --a------ c:\windows\system32\dllcache\win32k.sys
2008-11-02 16:48 . 2008-11-05 11:17 <REP> d----c--- c:\windows\system32\bits
2008-11-02 16:48 . 2008-11-05 11:03 <REP> d----c--- c:\windows\l2schemas
2008-11-02 16:01 . 2004-08-19 16:09 4,290,048 --a------ c:\windows\system32\dllcache\wmm2res.dll
2008-11-02 16:00 . 2004-08-19 16:08 2,986,496 --a------ c:\windows\system32\dllcache\sprt040c.dll
2008-11-02 15:59 . 2004-08-19 16:10 1,230,848 --a------ c:\windows\system32\dllcache\ntbackup.exe
2008-11-02 15:58 . 2004-08-19 16:09 450,048 --a------ c:\windows\system32\dllcache\aclayers.dll
2008-11-02 15:57 . 2004-05-12 23:39 876,653 --a------ c:\windows\system32\dllcache\fp4awel.dll
2008-11-02 15:56 . 2004-08-19 16:11 4,190,352 --a------ c:\windows\system32\dllcache\luna.mst
2008-11-02 15:55 . 2004-08-19 16:09 1,352,704 --a------ c:\windows\system32\dllcache\cimwin32.dll
2008-11-02 15:54 . 2004-08-19 16:09 1,036,288 --a------ c:\windows\system32\dllcache\explorer.exe
2008-11-02 15:53 . 2004-08-19 16:09 1,179,648 --a------ c:\windows\system32\dllcache\d3d8.dll
2008-11-02 15:52 . 2001-08-24 13:00 1,502,208 --a------ c:\windows\system32\dllcache\diskcopy.dll
2008-11-02 15:51 . 2004-08-19 16:09 1,028,096 --a------ c:\windows\system32\dllcache\mfc42.dll
2008-11-02 15:50 . 2004-08-19 16:09 1,433,600 --a------ c:\windows\system32\dllcache\msvidctl.dll
2008-11-02 15:49 . 2008-08-20 06:33 1,499,648 --a------ c:\windows\system32\dllcache\shdocvw.dll
2008-11-02 15:48 . 2008-09-15 16:39 1,846,144 --a------ c:\windows\system32\win32k.sys
2008-11-02 15:47 . 2008-08-14 14:44 2,182,400 --a------ c:\windows\system32\ntoskrnl.exe
2008-11-01 17:13 . 2008-11-01 17:13 <REP> d----c--- c:\documents and settings\All Users\Application Data\Zylom
2008-11-01 15:56 . 2008-11-30 11:45 <REP> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 15:54 . 2004-03-09 00:00 1,081,616 --a--c--- c:\windows\system32\MSCOMCTL.OCX
2008-11-01 15:25 . 2008-11-03 20:18 <REP> d----c--- c:\documents and settings\admin\Shared
2008-10-31 15:16 . 2008-10-31 15:16 <REP> d----c--- c:\documents and settings\admin\Application Data\TuneUp Software
2008-10-30 16:35 . 2008-10-30 19:09 <REP> d----c--- c:\documents and settings\admin\Application Data\F-Secure
2008-10-30 16:07 . 2008-10-30 16:07 <REP> d----c--- c:\program files\SFR
2008-10-30 16:01 . 2008-10-30 16:05 <REP> d----c--- c:\documents and settings\All Users\Application Data\fssg
2008-10-30 15:59 . 2008-10-31 14:31 <REP> d----c--- c:\documents and settings\All Users\Application Data\f-secure
2008-10-29 16:40 . 2008-10-29 16:40 208 --ah-c--- C:\sqmdata02.sqm
2008-10-29 16:40 . 2008-10-29 16:40 172 --ah-c--- C:\sqmdata01.sqm
2008-10-29 16:39 . 2008-10-29 16:39 268 --ah-c--- C:\sqmdata00.sqm
2008-10-29 16:39 . 2008-10-29 16:39 244 --ah-c--- C:\sqmnoopt19.sqm
2008-10-28 09:59 . 2008-11-05 10:28 <REP> d----c--- c:\program files\Executive Software
2008-10-28 09:23 . 2008-11-21 15:31 <REP> d----c--- c:\documents and settings\admin\Application Data\dvdcss
2008-10-26 12:52 . 2008-10-03 18:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-26 12:52 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-26 12:52 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-26 12:52 . 2008-08-26 09:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-26 12:52 . 2008-08-26 09:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-26 12:52 . 2008-08-26 09:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-26 12:52 . 2008-08-26 09:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-26 12:52 . 2008-08-26 09:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-26 12:52 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-26 12:50 . 2008-11-05 12:06 <REP> d----c--- c:\windows\system32\fr-fr
2008-10-25 20:58 . 2008-10-25 20:58 <REP> d----c--- c:\documents and settings\All Users\Application Data\Avg8
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 14:03 --------- dc----w c:\program files\Services en ligne
2008-11-13 21:44 --------- dc----w c:\documents and settings\admin\Application Data\AdobeUM
2008-11-06 17:50 --------- dc-h--w c:\program files\InstallShield Installation Information
2008-10-24 11:10 453,632 -c--a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:09 --------- dc----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-10-16 13:13 202,776 -c--a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 -c--a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 -c--a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 -c--a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 -c--a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 -c--a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 13:06 208,744 -c--a-w c:\windows\system32\muweb.dll
2008-09-28 17:41 --------- dc----w c:\program files\ScreenMates
2008-09-04 16:45 1,106,944 -c--a-w c:\windows\system32\msxml3.dll
2008-08-26 08:11 826,368 -c--a-w c:\windows\system32\wininet.dll
2008-08-20 05:33 474,624 ----a-w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:33 152,064 ----a-w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:33 1,056,768 ----a-w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:33 1,024,512 ----a-w c:\windows\system32\dllcache\browseui.dll
2008-08-14 13:44 2,059,776 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot_2008-11-24_17.43.33,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 13:33:12 83,968 -c--a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:52 83,968 -c--a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
- 2008-04-14 02:33:31 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2004-08-19 15:09:34 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:29 26,488 -c----w c:\windows\$NtUninstallKB946648$\spcustom.dll
+ 2007-11-30 12:39:29 18,296 -c----w c:\windows\$NtUninstallKB946648$\spmsg.dll
+ 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB946648$\spuninst.exe
+ 2007-11-30 11:19:06 767,352 -c----w c:\windows\$NtUninstallKB946648$\update.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB946648$\updspapi.dll
- 2008-11-23 17:40:28 1,632 -c--a-w c:\windows\system32\d3d8caps.dat
+ 2008-11-29 16:02:43 1,632 -c--a-w c:\windows\system32\d3d8caps.dat
+ 2008-11-29 14:28:00 336,640 -c--a-w c:\windows\system32\Restore\rstrlog.dat
- 2008-07-08 13:03:54 18,296 -c----w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 -c----w c:\windows\system32\spmsg.dll
+ 2008-11-30 10:45:49 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_3b4.dat
+ 2008-11-30 10:45:13 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-24 171448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-04-13 46080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2008-02-13 13:02 564496 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2008-02-13 13:06 2196240 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a--c--- 2004-08-19 16:10 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-04-13 14:25 782336 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-31 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-31 20560]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2008-10-23 21344]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys []
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys []
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys []
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys []
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys []
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys []
S3 NtApm;Pilote d'interface NT APM/hérité;c:\windows\system32\DRIVERS\NtApm.sys [2008-05-29 9472]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-11-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
2008-11-30 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-HiYo - c:\program files\HiYo\bin\HiYo.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64df19cc4c4a4257a316eeaba1c2af6a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64df19cc4c4a4257a316eeaba1c2af6a
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_32.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 12:45:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
Heure de fin: 2008-11-30 12:50:02
ComboFix-quarantined-files.txt 2008-11-30 11:48:37
ComboFix2.txt 2008-11-24 16:45:23
ComboFix3.txt 2008-11-18 17:40:22
Avant-CF: 13 042 749 440 octets libres
Après-CF: 13,121,024,000 octets libres
280 --- E O F --- 2008-11-29 22:48:07
Configuration: Windows XP Internet Explorer 7.0
salut pourquoi un rapport combofix
tu as quelle probléme ? A+ |
Résultats pour rapport combofix svp !!!
Comment interpreter rapport combofix (Résolu) Bonjour,jai cherché des sites comment lire un rapport combofix j'ai pas trouver.quelle qu'un pourais me donner des lien.merci pour votre aide.
www.commentcamarche.net/forum/affich-8799969-comment-interpreter-rapport-combofix
Analyse rapport combofix (Résolu) Bonjour, je voulais savoir si quelqu'un pouvait analyser mon rapport combofix qui a été lancé pour supprimer les pub intempestives de "yes messenger" et de "windows internet explorer" qui me demandait de faire un scan gratuit de logiciel espion.
www.commentcamarche.net/forum/affich-8336767-analyse-rapport-combofix
Taskmgr.exe image pornographique sur mon pc (Résolu) Bonjour, Apres analyse avec ComboFix voici le rapport: ComboFix 08-08-19.06 - ARISTIDE 2008-08-21 10:19:23.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.370 [GMT 0:00] Endroit: C:\Documents and...
www.commentcamarche.net/forum/affich-8003983-taskmgr-exe-image-pornographique-sur-mon-pc
Résultats pour rapport combofix svp !!!
Windows - Désactiver les rapports d'erreurLorsque Windows ou une quelconque application plante, Windows affiche une fenêtre invitant à transmettre le rapport d'erreur(s) à Microsoft, correspondant à un processus appelé drwtsn32.exe ("Dr Watson").
Mais nombreux sont ceux qui ne veulent pas...
www.commentcamarche.net/faq/sujet-101-windows-desactiver-les-rapports-d-erreur
Résultats pour rapport combofix svp !!!
Infection par Win32:Beagle-AAW[Trj] et HDLRR (Résolu)Bonjour, Mon PC est infecté par Win32:Beagle-AAW[Trj] et HDLRR en ouvrant un fichier zip. J'ai essayé de les supprimer en utilisant Killbox et ELIBAGLA mais sans succès. J'ai enfin essayé avec ComboFix et voici le rapport: ComboFix 08-09...
www.commentcamarche.net/forum/affich-8397413-infection-par-win32-beagle-aaw-trj-et-hdlrr
Ecran.exe(taskmgr.exe) virus (Résolu)Bonjour, Apres analyse avec ComboFix voici le rapport: ComboFix 08-08-19.06 - ARISTIDE 2008-08-21 10:19:23.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.370 [GMT 0:00] Endroit: C:\Documents and...
www.commentcamarche.net/forum/affich-8007619-ecran-exe-taskmgr-exe-virus
Trojan-spy.html.bankfraud.dq (Résolu)Bonjour, après avoir exécuté COMBOFIX comme cela l'a été expliqué dans les autres messages, je souhaite que vous analysiez le rapport et me conseilliez dans les démarches à suivre Merci d'avance Voici le rapport: ComboFix 08-09-05.12 -...
www.commentcamarche.net/forum/affich-8341406-trojan-spy-html-bankfraud-dq
Résultats pour rapport combofix svp !!!
La vente aux enchères des billets de l'A380 a rapporté plus de 900.000 euros(Paris - Relaxnews) - Singapore Airlines annonce, jeudi, que la vente aux enchères sur le site eBay des premiers billets de l'A380 a rapporté 907.251 euros, soit 1,9 million de dollars singapouriens. "Les acquéreurs ont ouvert leur portefeuille avec...
www.commentcamarche.net/actualites/la-vente-aux-encheres-des-billets-de-l-a380-a-rapporte-plus-de-900-000-euros-3580028-actualite.php3