Voici le premier :
ComboFix 09-09-28.01 - Brigitte 29/09/2009 13:01.1.2 - NTFSx86
Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1050 [GMT 2:00]
Lancé depuis: c:\users\Brigitte\Desktop\poisson9.com.exe
SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\drv\Tuner\Yuan\Resources_desktop.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\programdata\ntuser.dat{a548b7b0-4ea0-11de-9931-d724c43d8ee7}.TMContainer00000000000000000001.regtrans-ms
c:\users\Brigitte\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc
c:\users\Brigitte\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\102197e.msi
c:\windows\Installer\7f7f1.msi
c:\windows\Installer\ed96e.msi
c:\windows\system32(1{ea2a2829-4529-11de-a532-b6a8befaec10}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32(12{9d8d1079-4485-11de-af99-d2c8528f7560}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\AutoRun.inf
c:\windows\system32\logs
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-29 ))))))))))))))))))))))))))))))))))))
.
2009-09-29 11:18 . 2009-09-29 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-29 11:18 . 2009-09-29 11:19 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2009-09-28 18:30 . 2009-09-28 18:30 -------- d-----w- C:_OTM
2009-09-28 15:45 . 2009-09-28 15:46 -------- d-----w- C:\rsit
2009-09-26 09:54 . 2009-08-20 15:51 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-26 09:50 . 2009-09-26 09:59 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-09-26 09:40 . 2009-09-26 09:48 -------- d-----w- c:\programdata\Comodo
2009-09-26 09:39 . 2009-09-26 09:39 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-26 09:39 . 2009-09-26 09:39 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-26 09:39 . 2009-09-26 09:39 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-26 09:39 . 2009-09-26 09:39 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-25 18:24 . 2009-09-25 18:24 -------- d-----w- c:\users\Brigitte\DoctorWeb
2009-09-25 14:35 . 2009-09-25 14:35 -------- d-----w- c:\program files\VirusTotalUploader
2009-09-24 18:39 . 2009-09-24 18:40 -------- d-----w- c:\program files\Navilog1
2009-09-24 18:19 . 2009-09-28 10:41 -------- d-----w- C:\ToolBar SD
2009-09-24 17:21 . 2009-09-24 17:21 -------- d-----w- c:\users\Brigitte\AppData\Local\Microsoft Corporation
2009-09-24 17:21 . 2009-09-24 17:21 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-24 15:42 . 2009-09-27 17:32 -------- d-----w- c:\users\Brigitte\AppData\Roaming\vlc
2009-09-23 16:00 . 2009-09-23 16:00 -------- d-----w- c:\users\Brigitte\AppData\Roaming\HpUpdate
2009-09-23 13:07 . 2009-09-23 13:07 -------- d-----w- c:\users\Brigitte\AppData\Local\Yahoo!
2009-09-22 16:13 . 2009-09-22 16:24 -------- d-----w- c:\users\Brigitte\AppData\Roaming\uTorrent
2009-09-21 17:48 . 2009-09-21 17:48 -------- d-----w- c:\windows\Hewlett-Packard
2009-09-21 17:30 . 2009-09-21 17:30 -------- d-----w- c:\program files\ManyCam 2.2
2009-09-21 15:40 . 2009-09-21 15:45 -------- d-----w- c:\users\Brigitte\AppData\Roaming\AIMP
2009-09-21 15:40 . 2009-09-21 15:53 -------- d-----w- c:\program files\AIMP2
2009-09-20 19:02 . 2009-09-20 19:02 -------- d-----w- c:\program files\7-Zip
2009-09-20 10:21 . 2009-09-26 09:36 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-20 09:41 . 2009-09-20 09:43 38 ----a-w- C:\BdUninstallTool2009.09.20-11.41.55.reg
2009-09-20 06:42 . 2009-09-20 06:42 56 —ha-w- c:\windows\system32\ezsidmv.dat
2009-09-19 16:44 . 2009-09-19 16:44 -------- d-----w- C:\tmp
2009-09-19 16:44 . 2009-09-19 16:44 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Nosibay
2009-09-19 16:44 . 2009-09-19 16:44 -------- d-----w- c:\program files\Nosibay
2009-09-19 15:37 . 2009-09-19 15:37 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\wsbl.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\ph_white.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\ph_black.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\pcwords.dat
2009-09-18 19:51 . 2009-09-20 10:10 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-09-18 19:51 . 2009-09-18 19:51 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-09-18 19:51 . 2009-09-18 19:51 16 ----a-w- c:\windows\system32\asdict.dat
2009-09-18 19:29 . 2009-09-18 19:29 -------- d-----w- c:\users\Brigitte\AppData\Roaming\BitDefender
2009-09-18 19:28 . 2009-09-20 10:14 -------- d-----w- c:\programdata\BitDefender
2009-09-18 19:28 . 2009-09-20 10:14 -------- d-----w- c:\program files\BitDefender
2009-09-18 19:26 . 2009-09-20 10:14 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-18 18:20 . 2009-09-18 18:20 -------- d-----w- c:\program files\SRWare Iron
2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\users\Brigitte\AppData\Roaming\MessengerDiscovery 2
2009-09-18 16:34 . 2009-09-18 16:34 -------- d-----w- c:\program files\Windows Live Favorites
2009-09-18 16:34 . 2009-09-20 18:04 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-18 16:17 . 2009-09-18 16:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-16 17:46 . 2009-09-18 17:01 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-16 15:39 . 2009-09-19 15:28 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-16 15:18 . 2009-09-16 15:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 15:17 . 2009-09-16 15:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 15:16 . 2009-09-20 18:08 -------- d-----w- c:\program files\Windows Live
2009-09-16 14:28 . 2009-09-16 14:28 -------- d-----w- c:\users\Brigitte\AppData\Roaming\ComodoGroup
2009-09-15 18:58 . 2009-09-15 19:00 -------- d-----w- c:\users\Brigitte\AppData\Roaming\DrekSoftware
2009-09-15 18:48 . 2009-09-15 18:52 -------- d-----w- c:\program files\ElcomSoft
2009-09-13 09:01 . 2009-09-13 09:01 -------- d-----w- c:\users\Brigitte\AppData\Local\Axialis
2009-09-12 16:14 . 2009-09-27 18:12 -------- d-----r- c:\users\Brigitte\Téléchargent Orbit
2009-09-12 12:24 . 2009-09-12 12:59 -------- d-----w- C:\downloads
2009-09-12 12:24 . 2009-09-12 12:24 -------- d-----w- c:\users\Brigitte\AppData\Roaming\GrabPro
2009-09-12 12:24 . 2009-09-12 12:45 -------- d-----w- c:\program files\Orbitdownloader
2009-09-12 12:24 . 2009-09-29 10:50 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Orbit
2009-09-11 17:45 . 2009-09-11 17:45 -------- d-----w- c:\programdata\Agnitum
2009-09-09 10:54 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 10:54 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 10:54 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 10:54 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 10:54 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 10:53 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 10:53 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 10:53 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 10:53 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 10:53 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 10:53 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 10:53 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 10:53 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 10:53 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 10:53 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 10:53 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 10:52 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 10:43 . 2009-09-12 12:39 -------- d-----w- c:\program files\Foxit Software
2009-09-07 10:43 . 2009-09-07 10:43 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Foxit
2009-09-06 08:27 . 2009-09-23 14:08 -------- d-----w- c:\users\Brigitte\AppData\Roaming\skypePM
2009-09-06 08:24 . 2009-09-28 18:14 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Skype
2009-09-06 08:23 . 2009-09-06 08:23 -------- d-----w- c:\program files\Common Files\Skype
2009-09-06 08:23 . 2009-09-06 08:23 -------- d-----r- c:\program files\Skype
2009-09-06 08:23 . 2009-09-06 08:23 -------- d-----w- c:\programdata\Skype
2009-09-03 07:32 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 07:32 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 14:08 . 2009-09-01 14:41 -------- d-----w- c:\programdata\eMule
2009-09-01 14:08 . 2009-09-01 14:41 -------- d-----w- c:\users\Brigitte\AppData\Local\eMule
2009-09-01 13:57 . 2009-09-12 12:38 -------- d-----w- c:\users\Brigitte\AppData\Roaming\DMCache
2009-08-30 12:20 . 2009-08-30 12:20 -------- d-----w- c:\programdata\SiteAdvisor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 10:48 . 2009-05-03 14:15 15370988 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-29 10:48 . 2009-05-03 14:15 1147482144 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-28 18:35 . 2008-08-12 11:40 6648 ----a-w- c:\users\Brigitte\AppData\Local\d3d9caps.dat
2009-09-28 11:16 . 2006-11-02 15:48 682034 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-28 11:16 . 2006-11-02 15:48 129632 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-27 17:30 . 2009-08-20 16:42 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Notepad++
2009-09-27 17:29 . 2009-08-20 16:42 -------- d-----w- c:\program files\Notepad++
2009-09-26 09:39 . 2009-08-18 14:51 -------- d-----w- c:\program files\COMODO
2009-09-26 09:34 . 2009-04-04 17:23 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-26 09:34 . 2009-03-28 12:59 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-24 16:38 . 2009-06-25 19:00 -------- d-----w- c:\users\Brigitte\AppData\Roaming\dvdcss
2009-09-23 17:37 . 2008-08-14 13:00 3176 ----a-w- c:\users\Brigitte\AppData\Roaming\wklnhst.dat
2009-09-23 15:26 . 2009-06-29 10:53 -------- d-----w- c:\users\Brigitte\AppData\Roaming\SUPERAntiSpyware.com
2009-09-23 15:26 . 2009-06-10 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-23 15:26 . 2009-06-20 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-18 19:51 . 2009-08-06 14:34 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-09-18 18:30 . 2009-03-26 19:11 -------- d-----w- c:\program files\Opera
2009-09-18 16:28 . 2008-07-30 13:02 -------- d-----w- c:\programdata\WLInstaller
2009-09-15 14:14 . 2009-08-09 13:25 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-09-12 16:24 . 2009-05-22 20:55 -------- d-----w- c:\programdata\McAfee
2009-09-12 16:11 . 2007-08-10 08:01 -------- d-----w- c:\program files\Acer GameZone
2009-09-10 12:54 . 2009-08-09 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-09 13:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 14:47 . 2008-07-30 11:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-08 10:59 . 2009-06-30 15:58 -------- d-----w- c:\program files\Safari
2009-09-08 10:58 . 2009-06-21 12:52 -------- d-----w- c:\program files\Apple Software Update
2009-08-29 13:20 . 2007-08-10 06:31 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-08-25 10:58 . 2009-08-22 09:46 -------- d-----w- c:\program files\KeyScrambler
2009-08-21 08:38 . 2009-08-15 15:48 -------- d-----w- c:\users\Brigitte\AppData\Roaming\gnupg
2009-08-18 15:23 . 2009-08-18 15:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-18 14:02 . 2009-08-01 15:45 -------- d-----w- c:\program files\Trend Micro
2009-08-18 13:25 . 2009-03-10 19:03 -------- d-----w- c:\program files\Lavasoft
2009-08-18 12:59 . 2009-07-31 17:08 -------- d-----w- c:\program files\Common Files\AntiVirus
2009-08-17 07:54 . 2009-02-27 15:58 -------- d-----w- c:\programdata\NOS
2009-08-17 07:54 . 2008-07-30 10:33 -------- d-----w- c:\programdata\Micro Application
2009-08-16 16:31 . 2009-03-30 18:51 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-16 14:27 . 2009-07-01 15:01 -------- d-----w- c:\programdata\G DATA
2009-08-16 14:27 . 2008-07-30 09:12 -------- d-----w- c:\program files\Yahoo!
2009-08-16 14:13 . 2009-05-26 17:03 -------- d-----w- c:\users\Brigitte\AppData\Roaming\GlarySoft
2009-08-15 15:48 . 2009-08-15 15:48 -------- d-----w- c:\program files\GNU
2009-08-11 15:02 . 2009-08-11 15:02 0 ----a-w- c:\windows\nsreg.dat
2009-08-11 15:02 . 2009-08-11 15:01 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Thunderbird
2009-08-10 16:39 . 2009-03-06 15:59 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 08:24 . 2008-08-03 15:57 -------- d-----w- c:\program files\Java
2009-08-09 17:52 . 2009-08-09 17:52 -------- d-----w- c:\program files\Codyssey
2009-08-02 16:36 . 2007-08-10 07:53 -------- d-----w- c:\programdata\Microsoft Help
2009-08-01 09:52 . 2009-07-31 15:37 -------- d-----w- c:\program files\F-Secure Internet Security
2009-08-01 09:44 . 2009-07-31 15:33 -------- d-----w- c:\programdata\f-secure
2009-07-31 17:44 . 2009-07-31 17:08 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Avanquest
2009-07-31 17:14 . 2009-07-31 17:08 -------- d-----w- c:\programdata\Avanquest
2009-07-31 17:07 . 2009-07-31 17:07 -------- d-----w- c:\program files\Avanquest
2009-07-31 15:54 . 2009-07-31 15:54 -------- d-----w- c:\users\Brigitte\AppData\Roaming\F-Secure
2009-07-31 15:34 . 2009-07-31 15:34 -------- d-----w- c:\programdata\fssg
2009-07-31 15:26 . 2009-07-31 14:28 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-07-31 15:16 . 2009-05-25 17:55 -------- d-----w- c:\program files\VideoLAN
2009-07-31 14:55 . 2009-03-24 16:28 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-31 14:55 . 2009-07-31 14:55 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-31 14:54 . 2009-06-26 15:26 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-31 14:00 . 2009-04-10 16:32 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-31 12:37 . 2009-07-31 12:37 290816 ------w- c:\windows\Setup1.exe
2009-07-31 12:37 . 2009-07-31 12:37 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-07-30 20:10 . 2009-08-22 09:46 114672 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-03-12 18:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 05:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 05:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 05:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 10:50 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:49 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-15 09:48 . 2009-07-31 14:55 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-07-15 09:48 . 2009-07-31 14:55 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-13 11:27 . 2009-03-21 17:30 159022 ----a-w- c:\windows\hpoins15.dat
2009-07-13 08:08 . 2009-07-13 08:05 119515 ----a-w- c:\windows\hpqins00.dat
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-05 18:44 . 2009-07-05 18:44 96 ----a-w- c:\users\Brigitte\AppData\Local\fusioncache.dat
2009-07-03 17:50 . 2009-07-03 17:50 132 ----a-w- C:\httpdwl.dat
2009-07-02 17:42 . 2009-07-02 17:42 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-01 15:23 . 2009-05-18 18:13 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-01 15:03 . 2009-05-18 17:36 50632 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-07-01 15:03 . 2009-05-18 17:36 51656 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2009-07-01 15:02 . 2009-05-18 17:35 40392 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2009-07-03 17:18 . 2008-08-13 17:02 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
“Freeraser”=“c:\program files\Codyssey\Freeraser\Freeraser.exe” [2009-04-15 1903104]
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” [2009-09-28 3883856]
“VPbubble”=“c:\program files\Nosibay\VPbubble\launcher.exe” [2009-08-24 239120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PLFSetL”=“c:\windows\PLFSetL.exe” [2007-07-05 94208]
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2008-08-20 150016]
“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2009-09-10 420176]
“COMODO Internet Security”=“c:\program files\COMODO\COMODO Internet Security\cfp.exe” [2009-09-26 1799952]
“MSSE”=“c:\program files\Microsoft Security Essentials\msseces.exe” [2009-08-06 1046840]
“RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe” [2007-05-22 151552]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“KeyScrambler”=“c:\program files\KeyScrambler\getting_started.html” [X]
c:\users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 - Capture d’?cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WkCalRem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-19 21504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-9-12 1719568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“FilterAdministratorToken”= 1 (0x1)
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“WindowsWelcomeCenter”=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“VistaSp2”=hex(b):be,e2,88,b6,74,df,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-759318378-497761762-3404630427-1000]
“EnableNotificationsRef”=dword:0000000a
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{61861A63-DD98-4F74-90B2-1977E0459163}”= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
“{FF8F54EB-3E2C-4BEC-A8F5-B23D489A8EBB}”= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
“{BE64A317-8BE2-4EA9-93AE-77B789DBE85D}”= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
“{59979BEB-C720-489A-ABF2-B11E72845A87}”= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
“{44A34F41-92AD-410B-B30D-480D96471592}”= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
“{DECFA127-E568-45DE-8EA9-D6E16182C5FC}”= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
“{E04B56B1-32F5-41EA-BEDC-6CABA0375449}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
“{8849AA4E-F576-4B6A-AF96-F99CD7205EDB}”= Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
“{4B1C9DA7-AC17-4686-8D87-CEA05B7BB074}”= Disabled:c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
“{FFA86E6E-74C0-468D-BE0E-3FD7011CDCBB}”= c:\program files\Skype\Phone\Skype.exe:Skype
“TCP Query User{865DF9ED-DCAB-4658-85B0-53DAB53E40D0}c:\program files\mozilla firefox\firefox.exe”= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{1B85B1B6-E930-4F4B-87D4-24E7C30D7866}c:\program files\mozilla firefox\firefox.exe”= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
“{ECF89B5C-3940-4682-8FD1-DC3AF8B801AC}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
“TCP Query User{62FAC075-4E73-436D-BEC5-A408CBFFA177}c:\program files\orbitdownloader\orbitnet.exe”= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
“UDP Query User{6961F87B-444B-41AF-8D13-B40CF97E139C}c:\program files\orbitdownloader\orbitnet.exe”= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
“{17156E18-6A8F-49D7-8F99-9BBE5012B0BF}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
“{0C928516-91A2-4C3E-9D7D-66748A00B6C3}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{046814F5-DC98-4613-BFA3-9FA9A52412F2}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe::enabled:CSS
“c:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe”= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe::Enabled:eDSfsu
“c:\Acer\Empowering Technology\eDataSecurity\encryption.exe”= c:\acer\Empowering Technology\eDataSecurity\encryption.exe::Enabled:encryption
“c:\Acer\Empowering Technology\eDataSecurity\decryption.exe”= c:\acer\Empowering Technology\eDataSecurity\decryption.exe::Enabled:decryption
“c:\Program Files\Orbitdownloader\orbitdm.exe”= c:\program files\Orbitdownloader\orbitdm.exe::Enabled:Orbit
“c:\Program Files\Orbitdownloader\orbitnet.exe”= c:\program files\Orbitdownloader\orbitnet.exe::Enabled:Orbit
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [26/09/2009 11:39 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [26/09/2009 11:39 29520]
R1 is-4IPDQdrv;is-4IPDQdrv;c:\windows\System32\drivers\00025636.sys [13/05/2009 13:53 148496]
R1 is-CCLJUdrv;is-CCLJUdrv;c:\windows\System32\drivers\75501302.sys [13/05/2009 12:51 148496]
R1 is-Q6NBGdrv;is-Q6NBGdrv;c:\windows\System32\drivers\46406149.sys [13/05/2009 19:29 148496]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 07:09 270888]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [08/11/2008 12:21 61424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes’ Anti-Malware\mbamservice.exe [09/08/2009 15:25 269648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [24/03/2009 18:28 604488]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [10/08/2007 16:41 32256]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [22/08/2009 11:46 114672]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/08/2009 15:25 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 18:48 42480]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [06/06/2009 13:07 65576]
S1 is-BKINHdrv;is-BKINHdrv;c:\windows\System32\drivers\30698435.sys [13/05/2009 15:13 148496]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10/08/2007 16:41 179712]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [25/02/2009 04:18 907336]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [30/07/2008 12:28 28224]
S4 0267471241168295mcinstcleanup;0267471241168295mcinstcleanup; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’
2009-09-29 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]
2009-09-25 c:\windows\Tasks\Malwarebytes’ Scheduled Scan for Brigitte.job
- c:\program files\Malwarebytes’ Anti-Malware\mbam.exe [2009-08-09 12:53]
2009-09-29 c:\windows\Tasks\Malwarebytes’ Scheduled Update for Brigitte.job
- c:\program files\Malwarebytes’ Anti-Malware\mbam.exe [2009-08-09 12:53]
2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{55AF2E8A-EBC9-4A50-8828-434D9E33BE57}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{AC89A3A3-517E-4E7D-9FBF-FD2CA480E843}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.fr…
uSearchMigratedDefaultURL = search.yahoo.com…
mWindow Title =
IE: ?4da1a3bfcab942eab3ec3b465ef4d37d
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - favorites.live.com…
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - webtv.guidetv.orange.fr…
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-09-29 13:19
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
“ImagePath”="??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,ca,1b,61,f8,dc,5a,49,ac,b2,d0,
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,ca,1b,61,f8,dc,5a,49,ac,b2,d0,\
[HKEY_USERS\S-1-5-21-759318378-497761762-3404630427-1000_Classes\CLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
“scansk”=hex(0):83,b0,78,40,81,e9,75,66,35,39,6e,b9,af,9d,eb,10,2e,43,f5,89,8d,
2f,8a,99,58,6e,ea,03,80,1a,7c,76,b0,47,93,e9,ec,97,3e,8e,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-759318378-497761762-3404630427-1000_Classes\CLSID{ef31be34-2309-4cb3-8120-c733202577b9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
“Model”=dword:000000fe
“Therad”=dword:0000000c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@=“c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe”
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘winlogon.exe’(824)
c:\windows\system32\guard32.dll
-
-
-
-
-
-
-
‘lsass.exe’(772)
c:\windows\system32\guard32.dll
.
Heure de fin: 2009-09-29 13:23
ComboFix-quarantined-files.txt 2009-09-29 11:23
Avant-CF: 24 688 156 672 octets libres
Après-CF: 24 557 826 048 octets libres
423 — E O F — 2009-09-28 07:44