Merci encore pour ton aide,
Voilà le rapport attendu !
ComboFix 09-01-13.04 - Claudius 2009-01-14 14:58:50.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2038.1244 [GMT 1:00]
Lancé depuis: c:\users\Claudius\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
.
[i] ADS - Windows: deleted 72 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\tmp.reg
c:\windows\system32\x64
c:\windows\system32\x64\License.rtf
c:\windows\system32\x64\Readme.txt
c:\windows\system32\x64\setup.exe
c:\windows\system32\X86
c:\windows\system32\X86\License.rtf
c:\windows\system32\X86\Readme.txt
c:\windows\system32\X86\setup.exe
----- BITS: Il y a peut-être des sites infectés -----
hxxp://www.annuaire-myspace.com
hxxp://i.nuseek.com
hxxp://blog.choc.fr
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-14 au 2009-01-14 ))))))))))))))))))))))))))))))))))))
.
2009-01-13 16:13 . 2009-01-13 16:13 2,608 --a------ c:\windows\System32\settings.aaw
2009-01-13 16:13 . 2009-01-13 16:13 704 --a------ c:\windows\System32\history.aaw
2009-01-13 13:57 . 2009-01-13 13:57 <REP> d-------- c:\program files\Trend Micro
2009-01-13 13:35 . 2009-01-13 13:35 691 --a------ c:\users\Claudius\AppData\Roaming\GetValue.vbs
2009-01-13 13:35 . 2009-01-13 13:35 35 --a------ c:\users\Claudius\AppData\Roaming\SetValue.bat
2008-12-30 10:40 . 2008-12-30 10:40 38,272 --a------ c:\windows\System32\drivers\RVSYSTEM.sys
2008-12-30 10:40 . 2008-12-30 10:40 11,904 --a------ c:\windows\System32\drivers\RVSDISK.sys
2008-12-30 10:39 . 2008-12-30 10:40 <REP> d--h----- C:\RETURNIL
2008-12-30 10:39 . 2008-12-30 10:40 <REP> d-------- c:\program files\Returnil
2008-12-29 22:58 . 2008-12-29 23:00 <REP> d-------- c:\program files\GIF Recuperateur
2008-12-29 22:27 . 2008-12-30 09:10 <REP> d-------- c:\users\Claudius\Tracing
2008-12-29 22:11 . 2008-12-29 22:11 <REP> d-------- c:\program files\Microsoft
2008-12-29 22:10 . 2008-12-29 22:10 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-29 22:00 . 2008-12-29 22:00 <REP> d-------- c:\program files\Common Files\Windows Live
2008-12-29 09:11 . 2008-12-29 09:11 <REP> d-------- c:\program files\Moyea
2008-12-29 09:07 . 2008-12-29 09:12 <REP> d-------- c:\users\Claudius\AppData\Roaming\Moyea
2008-12-28 10:59 . 2008-12-28 11:19 <REP> d-------- c:\program files\WinUtilities
2008-12-28 10:59 . 2009-01-01 16:11 140 --a------ c:\windows\System32\[u]0/u9wutili.sys
2008-12-28 00:50 . 2008-12-28 00:50 103,360 --a------ c:\windows\System32\drivers\AnyDVD.sys
2008-12-27 09:03 . 2008-12-27 09:03 <REP> d-------- c:\program files\Button Shop
2008-12-26 14:27 . 2008-12-26 14:30 <REP> d-------- C:\MaSauvegarde
2008-12-26 13:45 . 2008-12-26 13:45 <REP> d-------- c:\program files\Premium Booster
2008-12-25 10:50 . 2008-12-25 11:18 <REP> d-------- c:\program files\BeeThink SpyDetector_2.0
2008-12-25 10:50 . 2007-12-03 10:15 17,408 --a------ c:\windows\System32\drivers\nfilter.sys
2008-12-24 22:13 . 2008-12-15 15:18 16,640 --a------ c:\windows\System32\drivers\DsAudioDevice_286.sys
2008-12-24 22:12 . 2008-12-24 22:12 <REP> d-------- c:\program files\Daniusoft
2008-12-24 13:36 . 2008-12-24 15:33 <REP> d-------- c:\users\Claudius\.housecall6.6
2008-12-23 18:25 . 2008-08-22 07:35 2,119,600 --a------ c:\windows\System32\Codejock.CommandBars.v12.0.2.ocx
2008-12-23 18:25 . 2008-08-22 07:35 1,652,656 --a------ c:\windows\System32\Codejock.Controls.v12.0.2.ocx
2008-12-23 18:25 . 2008-08-22 07:35 1,034,160 --a------ c:\windows\System32\Codejock.ReportControl.v12.0.2.ocx
2008-12-23 18:25 . 2008-08-22 07:35 526,256 --a------ c:\windows\System32\Codejock.SkinFramework.v12.0.2.ocx
2008-12-23 18:25 . 2004-03-09 00:00 124,688 --a------ c:\windows\System32\MSWINSCK.OCX
2008-12-22 16:53 . 2008-12-22 16:51 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-21 22:05 . 2008-12-21 22:15 <REP> d-------- c:\users\Claudius\AppData\Roaming\IObit
2008-12-20 09:44 . 2008-12-20 10:23 <REP> d-------- C:\Driver Backup 12-20-2008-94327
2008-12-20 09:41 . 2008-12-20 09:41 <REP> d-------- c:\program files\Driver-Soft
2008-12-20 09:41 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\System32\clinetsuitex6.ocx
2008-12-20 09:41 . 2004-06-14 14:56 427,864 --a------ c:\windows\System32\XceedZip.dll
2008-12-19 18:06 . 2008-12-19 18:06 <REP> d--hs---- c:\windows\ftpcache
2008-12-19 18:06 . 2008-12-19 20:08 <REP> d-------- c:\program files\Show.kit 2.1
2008-12-19 09:03 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-15 20:23 . 2008-12-15 20:24 <REP> d-------- c:\program files\WebSite X5 Smart
2008-12-15 20:12 . 2001-08-31 14:00 1,355,776 --a------ c:\windows\System32\MSVBVM50.dll
2008-12-15 20:12 . 2008-11-25 14:52 185,856 --a------ c:\windows\System32\iwpsetup.exe
2008-12-15 20:12 . 1997-01-16 00:00 29,696 --a------ c:\windows\System32\VB5STKIT.DLL
2008-12-15 20:12 . 1997-01-16 13:42 6,114 --a------ c:\windows\System32\SHELLLNK.TLB
2008-12-15 18:52 . 2008-12-15 18:52 <REP> d-------- c:\program files\FamTree3
2008-12-15 18:51 . 2008-12-15 18:52 <REP> d-------- c:\program files\Famille3
2008-12-15 18:26 . 2008-12-15 18:26 <REP> d-------- c:\program files\TechSmith
2008-12-15 15:45 . 2008-12-15 15:45 <REP> d-------- c:\program files\Windows Journal
2008-12-15 14:16 . 2008-12-15 14:16 <REP> d-------- c:\users\All Users\Elaborate Bytes
2008-12-15 14:16 . 2008-12-15 14:16 <REP> d-------- c:\programdata\Elaborate Bytes
2008-12-14 22:40 . 2008-12-15 14:22 <REP> d-------- c:\users\All Users\SlySoft
2008-12-14 22:40 . 2008-12-15 14:22 <REP> d-------- c:\programdata\SlySoft
2008-12-14 22:38 . 2008-12-14 22:38 <REP> d-------- c:\program files\Elaborate Bytes
2008-12-14 22:35 . 2008-12-14 22:35 27 --a------ c:\windows\System32\mcheck.mhf
2008-12-14 22:32 . 2008-12-12 18:02 40,072 --a------ c:\windows\System32\drivers\maploml.sys
2008-12-14 22:32 . 2008-12-12 18:02 38,536 --a------ c:\windows\System32\drivers\maplom.sys
2008-12-14 22:28 . 2008-12-14 22:28 0 --ahs---- c:\windows\S0C2FBF71.tmp
2008-12-14 22:26 . 2008-12-14 22:32 <REP> d-------- c:\program files\SlySoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 13:53 --------- d-----w c:\programdata\Google Updater
2009-01-13 13:18 --------- d-----w c:\programdata\Lavasoft
2009-01-05 11:02 --------- d-----w c:\program files\Yahoo!
2009-01-05 10:48 --------- d-----w c:\program files\Unlocker
2009-01-05 10:41 --------- d-----w c:\program files\Smart PC Solutions
2009-01-05 10:40 --------- d-----w c:\programdata\IncrediMail
2009-01-05 10:26 --------- d-----w c:\users\Claudius\AppData\Roaming\HiYo
2009-01-05 10:26 --------- d-----w c:\programdata\HiYo
2009-01-05 09:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-29 21:23 --------- d-----w c:\program files\Windows Live
2008-12-29 10:00 --------- d-----w c:\users\Claudius\AppData\Roaming\Spyware Terminator
2008-12-25 12:54 --------- d-----w c:\program files\CCleaner
2008-12-24 10:12 --------- d-----w c:\programdata\Spyware Terminator
2008-12-22 15:50 --------- d-----w c:\program files\Java
2008-12-21 21:05 --------- d-----w c:\program files\IObit
2008-12-20 10:00 --------- d-----w c:\program files\Spyware Terminator
2008-12-19 19:10 --------- d---a-w c:\programdata\TEMP
2008-12-15 17:52 1,409 ----a-w c:\windows\Fonts\BUCKGM.FOT
2008-12-13 09:27 174 --sha-w c:\program files\desktop.ini
2008-12-13 09:23 --------- d-----w c:\program files\Windows Mail
2008-12-13 08:11 --------- d-----w c:\programdata\Microsoft Help
2008-12-05 16:51 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2008-12-05 16:50 362,240 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-12-05 16:50 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-12-05 16:47 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-28 19:50 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-28 19:49 --------- d-----w c:\programdata\TuneUp Software
2008-11-28 19:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-25 19:22 --------- d-----w c:\program files\Lavasoft
2008-11-23 12:50 --------- d-----w c:\programdata\McAfee
2008-11-23 12:48 --------- d-----w c:\users\Claudius\AppData\Roaming\McAfee
2008-11-19 17:21 93,128 ----a-w c:\windows\System32\ElbyCDIO.dll
2008-11-15 16:57 --------- d-----w c:\users\Claudius\AppData\Roaming\OpenOffice.org
2008-11-15 16:52 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-15 16:52 --------- d-----w c:\program files\JRE
2008-11-14 07:45 --------- d-----w c:\program files\Spyware Doctor
2008-11-12 15:44 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-11-12 15:44 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-27 17:01 75,032 ----a-w c:\windows\System32\Autorun.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 23:31 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-10-14 20:10 101,376 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-14 20:09 79,872 ----a-w c:\windows\System32\axaltocm.dll
2008-09-08 20:32 30,615 ----a-w c:\users\Claudius\x.exe
2008-07-06 18:36 96 ----a-w c:\users\Claudius\AppData\Roaming\wklnhst.dat
2008-01-08 11:24 32 ----a-w c:\users\All Users\ezsid.dat
2008-01-08 11:24 32 ----a-w c:\programdata\ezsid.dat
2008-10-09 12:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-13 12:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-13 12:02 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-13 12:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-21 10:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032120080322\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104]
"SigmatelSysTrayApp"="c:\windows\sttray.exe" [2007-02-08 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uautocheck lsdelete
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-28 00:15 1540096 c:\windows\System32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 12:09 460784 c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-10-09 18:56 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="c:\windows\System32\msconfig.exe" /auto
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SigmatelSysTrayApp"=sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4B705C82-2EEA-4756-B407-940A9CAF3C75}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{214AF04D-4D6F-4F24-BF5D-1D7AA102818F}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{CED3F380-2ED8-4FC0-BD04-BC3AFCB43FD7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{864C1D90-42B4-44E0-A8AA-A6A4D41EDA07}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F8FBA392-CAEC-49FD-BB4F-19B90463CB93}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{06D65827-779A-4F12-B579-78BC12744109}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{DB92A6AF-1906-414D-BE61-FE3C87A92572}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{341F5AE9-960C-44CB-8221-271DBE58F146}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{AEE1E240-2880-4CF9-B3C5-9B8735112C4E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 RVSDISK;RVSDISK;c:\windows\System32\drivers\RVSDISK.sys [2008-12-30 11904]
R0 RVSYSTEM;RVSYSTEM;c:\windows\System32\drivers\RVSYSTEM.sys [2008-12-30 38272]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2008-03-04 141312]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\System32\drivers\DsAudioDevice_286.sys [2008-12-24 16640]
R3 MaplomL;MaplomL;c:\windows\System32\drivers\maploml.sys [2008-12-14 40072]
R3 NFilter;NFilter Miniport;c:\windows\System32\drivers\nfilter.sys [2008-12-25 17408]
R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [2007-08-16 23232]
R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [2007-08-16 19008]
R4 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-19 206096]
R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 olMntrService;Olivetti Monitor Service;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2007-06-22 126976]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-05 603904]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-16 29744]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-09 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2009-01-14 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2007-12-05 19:49]
2009-01-14 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-18 13:29]
2008-12-18 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]
2009-01-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-17 15:35]
2009-01-14 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
2007-08-16 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-05-31 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-12-21 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2007-10-18 21:05]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://entraidecorsica.bb-fr.com/votes-weborama-toutes-les-2-heures-f189/liens-pour-voter-t9417.htm?sid=6388df1b05924f1e1a29f781dfd4699a
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: vote.weborama.fr
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDC5.OSD
FF - ProfilePath - c:\users\Claudius\AppData\Roaming\Mozilla\Firefox\Profiles\wkjvaadd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://entraidecorsica.bb-fr.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Claudius\AppData\Roaming\Mozilla\Firefox\Profiles\wkjvaadd.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 15:06:15
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-01-14 15:12:48
ComboFix-quarantined-files.txt 2009-01-14 14:11:55
Avant-CF: 41,698,676,736 octets libres
Après-CF: 41,229,303,808 octets libres
329 --- E O F --- 2008-12-19 08:05:06
§§§§§§§§§§§§§§§§§§§§§§§
Quand je redémarre, on dirait que tout a été figé au 29 décembre 2008, les mises à jour n'ont pas été faite depuis cette date e.t.c. ....
Alureon virus
