Désolé pour le temps d'attente, des petits imprévus. Voilà le rapport de combofix
ComboFix 09-04-04.01 - Emeline 2009-04-13 0:50:15.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1378 [GMT 2:00]
Lancé depuis: c:\users\Emeline\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthscbwjhqpxntiuqdtpdbpouyvcpvhxivr
-------\Service_ovfsthscbwjhqpxntiuqdtpdbpouyvcpvhxivr
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-12 au 2009-04-12 ))))))))))))))))))))))))))))))))))))
.
2009-04-12 23:18 . 2009-04-12 23:19 275,708,649 --a------ c:\windows\MEMORY.DMP
2009-04-12 21:19 . 2009-04-12 21:19 <REP> d-------- C:\UsbFix
2009-04-12 17:07 . 2009-04-12 17:07 <REP> d-------- c:\program files\CCleaner
2009-04-12 00:26 . 2009-04-12 00:26 <REP> d-------- c:\windows\BDOSCAN8
2009-04-11 21:21 . 2009-04-11 21:23 <REP> d-------- c:\program files\HomePlayer
2009-04-11 16:44 . 2009-04-11 16:44 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-11 16:40 . 2009-04-11 16:40 1,107,296 --a------ c:\windows\System32\WdfCoInstaller01007.dll
2009-04-11 16:40 . 2009-04-11 16:40 24,616 --a------ c:\windows\System32\drivers\ggsemc.sys
2009-04-11 16:40 . 2009-04-11 16:40 13,224 --a------ c:\windows\System32\drivers\ggflt.sys
2009-04-10 00:41 . 2009-04-10 00:41 <REP> d-------- c:\program files\Franson
2009-04-10 00:40 . 2009-04-10 00:40 <REP> d-------- c:\windows\Downloaded Installations
2009-04-09 21:40 . 2009-04-09 21:40 <REP> d-------- c:\windows\System32\Kaspersky Lab
2009-04-09 19:41 . 2009-04-09 19:41 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-04-09 14:44 . 2009-04-13 00:44 <REP> d-------- C:\rsit
2009-04-09 14:44 . 2009-04-11 12:32 <REP> d-------- c:\program files\trend micro
2009-04-08 18:09 . 2009-04-08 18:09 <REP> d-------- c:\users\Emeline\AppData\Roaming\Malwarebytes
2009-04-08 18:09 . 2009-04-08 18:09 <REP> d-------- c:\users\All Users\Malwarebytes
2009-04-08 18:09 . 2009-04-08 18:09 <REP> d-------- c:\programdata\Malwarebytes
2009-04-08 18:09 . 2009-04-08 18:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:09 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:09 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-27 14:15 . 2009-03-27 14:15 <REP> d-------- c:\users\Emeline\AppData\Roaming\NCH Software
2009-03-27 13:41 . 2009-03-27 13:41 <REP> d-------- c:\program files\NCH Software
2009-03-14 14:04 . 2009-03-14 14:04 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2009-03-14 14:01 . 2009-03-14 14:01 2,250,024 --a------ c:\windows\System32\pbsvc.exe
2009-03-14 14:01 . 2009-03-14 14:01 107,832 --a------ c:\windows\System32\PnkBstrB.exe
2009-03-14 14:01 . 2009-03-14 14:01 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-03-14 14:01 . 2009-03-14 14:01 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-03-14 14:01 . 2009-03-14 14:01 22,328 --a------ c:\users\Emeline\AppData\Roaming\PnkBstrK.sys
2009-03-14 13:55 . 2009-03-14 13:55 <REP> d-------- c:\program files\Ubisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 20:45 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-12 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 11:25 --------- d-----w c:\programdata\Symantec
2009-04-11 19:14 --------- d-----w c:\program files\Java
2009-04-10 15:39 --------- d-----w c:\users\Emeline\AppData\Roaming\Azureus
2009-04-08 15:10 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-04-08 14:39 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 16:04 --------- d-----w c:\users\Emeline\AppData\Roaming\OpenOffice.org2
2009-03-11 17:25 --------- d-----w c:\program files\Windows Mail
2009-03-10 15:03 --------- d-----w c:\users\Emeline\AppData\Roaming\Zylom
2009-03-10 15:02 --------- d-----w c:\programdata\Zylom
2009-03-10 15:02 --------- d-----w c:\program files\Zylom Games
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-05 09:12 --------- d-----w c:\program files\Google
2009-02-28 11:02 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 17:05 --------- d-----w c:\program files\Azureus
2009-02-23 20:57 --------- d-----w c:\users\Emeline\AppData\Roaming\Toshiba
2009-02-22 12:03 --------- d-----w c:\program files\Windows Live
2009-02-22 11:21 --------- d-----w c:\programdata\Media Center Programs
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2008-09-03 15:33 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot_2009-04-12_23.28.13.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-12 21:21:50 142,912 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-12 22:47:16 142,912 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-04-12 21:23:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-12 22:48:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-12 21:23:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-12 22:48:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-12 21:25:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-12 22:50:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-12 22:50:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-04-12 21:26:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-12 22:51:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-04-12 21:22:59 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-12 22:48:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-12 21:22:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-12 22:48:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-12 21:22:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-12 22:48:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-12 21:14:08 101,556 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-12 21:29:45 101,556 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-12 21:14:08 123,896 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-04-12 21:29:45 123,896 ----a-w c:\windows\System32\perfc00C.dat
- 2009-04-12 21:14:08 587,484 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-12 21:29:45 587,484 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-12 21:14:08 669,890 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-04-12 21:29:45 669,890 ----a-w c:\windows\System32\perfh00C.dat
- 2009-04-12 21:26:15 10,918 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783153372-1847587706-3060594162-1000_UserData.bin
+ 2009-04-12 22:51:43 11,078 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3783153372-1847587706-3060594162-1000_UserData.bin
- 2009-04-12 21:26:15 104,258 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-12 22:51:42 104,312 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-12 21:26:09 53,576 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-12 22:51:36 53,616 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
--a------ 2007-04-10 16:40 413696 c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
--a------ 2007-06-18 10:51 1507328 c:\program files\IDM\Desktop SMS\DesktopSMS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2009-02-06 19:08 454000 c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-29 00:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2007-04-03 16:52 509496 c:\program files\TOSHIBA\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-07-10 10:22 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
--a------ 2008-04-24 10:22 103824 c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdcBase.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{078A11B3-7239-4167-8E0E-B24D67CC0B58}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{913F0115-FA6C-43C6-BF11-7063783184E8}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{806EF872-C78C-4148-964E-B0387F22AF44}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{AC3598E7-CD31-4674-8C60-398E7F91BE28}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{BA96D460-DC0B-49CF-A175-77C502E9C0C5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AB03E39C-32FB-4644-BBED-817C149C592A}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{00274E9A-6C58-41E5-84C8-95995C2543BB}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{70D0E079-ACA3-4986-9A12-F1E0FCAF4442}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{C7545898-4DFB-4099-9E9A-9A6905154E9D}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{20DA7B52-E3B7-47EF-93F3-CDD774B396F3}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{CC425BDC-C839-46E5-A854-4D57E099C1A3}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{361DCA12-5DCA-4EB5-8D68-95479C7E9B89}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{54B7EFFA-862E-40A4-A145-6533DF819F8A}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{DE5D04B4-72BA-4F94-AA4A-6BA28E1CA4E0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{03DC4D7D-CB25-4B07-8D9D-29DE553F29B7}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{57A516FA-D6D5-46DF-9D52-514E9519C70C}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{AA106F02-9A24-4FC0-B64E-078824E2A254}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{03723085-C2C5-4046-B915-8E5470C33224}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{54714644-EA81-423F-9822-68563215182B}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{6A7A7039-C7B7-49D5-B003-C6A7306B8744}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{6511AA13-19E5-4342-B034-BF90BA1E20E9}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{3787E5E0-B025-477B-9D83-949074B87673}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{533C4097-1CD0-43E6-9615-B3F2D90D21CC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D3567106-94EC-446B-A03F-65701020DAF2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4268DBF7-56D2-45D3-8D6B-D3DA97E1D52B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B274F752-D68F-4A50-AE18-67E74552739E}"= UDP:990:LocalSubnet:LocalSubnet|IF={5E645100-E9A0-47B6-AED2-CDE3A58B8764}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{59612942-5E50-47EE-90E6-E5E2D9B14BFC}"= UDP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{4DDE7318-9A90-41F0-A143-5E92A64ABD59}"= TCP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{3645F639-7976-417E-9165-11E2680969D2}"= UDP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{0F354DA6-3815-46EB-A9D4-562CF4FDADB4}"= TCP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 bizVSerial;Franson VSerial;c:\windows\System32\drivers\bizVSerialNT.sys [2006-04-03 14949]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-12-17 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-09-03 1153368]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [2008-09-12 258048]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2009-04-11 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [2008-12-19 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [2008-12-19 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [2008-12-19 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [2008-12-19 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [2008-12-19 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [2008-12-19 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [2008-12-19 117544]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [2007-03-06 14848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3e0f73-0587-11de-ab98-001b38aaafcc}]
\shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f49fab4-73c2-11dd-961f-001b38aaafcc}]
\shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f49fac3-73c2-11dd-961f-001b38aaafcc}]
\shell\AutoRun\command - H:\autorun.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f49fac4-73c2-11dd-961f-001b38aaafcc}]
\shell\AutoRun\command - G:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f49fac5-73c2-11dd-961f-001b38aaafcc}]
\shell\AutoRun\command - I:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2e0c62-1db0-11dd-b8b7-0013e8fb91a1}]
\shell\AutoRun\command - ntdelect.com
\shell\explore\Command - utdetect.com
\shell\open\Command - utdetect.com
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 00:53:48
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????p_8S?A??8???`????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
Heure de fin: 2009-04-13 0:55:18
ComboFix-quarantined-files.txt 2009-04-12 22:55:16
ComboFix2.txt 2009-04-12 21:29:24
ComboFix3.txt 2009-04-12 21:13:30
Avant-CF: 7,120,261,120 octets libres
Après-CF: 7,065,346,048 octets libres
273 --- E O F --- 2009-04-06 16:41:40
Anti tr/crypt.zpack.gen