Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 2910
Windows 6.0.6001 Service Pack 1
07/10/2009 08:12:02
mbam-log-2009-10-07 (08-12-02).txt
Type de recherche: Examen rapide
Eléments examinés: 92196
Temps écoulé: 3 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ComboFix 09-10-06.03 - Stéphane 07/10/2009 8:22.1.2 - NTFSx86
Microsoft® Windows Vista Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2557.1679 [GMT 2:00]
Lancé depuis: c:\users\Stéphane\Desktop\steph.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:$recycle.bin\S-1-5-21-282585261-3185438259-2835640832-1000
c:$recycle.bin\S-1-5-21-3889901446-2716675481-4253712499-500
c:$recycle.bin\S-1-5-21-652066268-2905062793-1360979236-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SK9OU0S
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-07 au 2009-10-07 ))))))))))))))))))))))))))))))))))))
.
2009-10-07 06:03 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 21:47 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 21:47 . 2009-10-05 21:47 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-10-05 21:47 . 2009-10-05 21:47 -------- d-----w- c:\programdata\Malwarebytes
2009-10-05 21:47 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 21:21 . 2009-10-07 05:56 -------- d-----w- C:\FindyKill
2009-10-05 20:09 . 2009-10-05 20:09 -------- d-sh–w- c:\windows\system32%APPDATA%
2009-10-05 19:41 . 2009-10-05 20:15 -------- d-----w- c:\program files\Sonic Foundry
2009-10-05 19:40 . 2009-10-05 19:40 -------- d-----w- c:\program files\Sonic Foundry Setup
2009-10-03 17:05 . 2009-10-03 17:07 -------- d-----w- c:\program files\Unlocker
2009-09-14 16:36 . 2009-09-14 16:36 -------- d-----w- c:\program files\HP
2009-09-14 16:35 . 2009-09-14 16:35 -------- d-----w- c:\windows\Hewlett-Packard
2009-09-13 16:04 . 2009-09-13 16:05 -------- d-----w- c:\program files\CDBurnerXP
2009-09-12 22:22 . 2009-09-12 22:22 -------- d-----w- c:\programdata\AVS4YOU
2009-09-12 22:21 . 2009-09-12 22:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-12 22:21 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-09-12 22:21 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-09-12 22:21 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-09-12 22:21 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-09-12 22:21 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-12 22:21 . 2009-09-12 22:27 -------- d-----w- c:\program files\AVS4YOU
2009-09-12 19:57 . 2009-09-12 19:57 -------- d-----w- c:\programdata\Canneverbe Limited
2009-09-09 07:49 . 2009-09-09 07:49 -------- d-----w- c:\program files\Common Files\Digidesign
2009-09-09 05:47 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 05:47 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 05:47 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 05:47 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 05:47 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 05:47 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 05:47 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 05:47 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 05:47 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 05:47 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 05:45 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 05:45 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 05:45 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 05:45 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 05:45 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 20:17 . 2008-12-01 13:31 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-06 20:17 . 2008-12-01 13:31 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-25 16:54 . 2009-03-06 16:37 -------- d-----w- c:\program files\Steinberg
2009-09-14 16:37 . 2008-12-01 05:29 -------- d—a-w- c:\program files\Common Files\LightScribe
2009-09-14 05:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-14 05:44 . 2009-03-14 19:19 -------- d-----w- c:\programdata\Microsoft Help
2009-09-12 19:50 . 2009-03-16 22:31 -------- d-----w- c:\program files\Common Files\Nero
2009-09-12 19:49 . 2009-03-16 22:31 -------- d-----w- c:\programdata\Nero
2009-09-12 19:49 . 2009-03-16 22:31 -------- d-----w- c:\program files\Nero
2009-09-06 08:51 . 2009-09-06 08:51 -------- d-----w- c:\program files\Ahead
2009-09-06 08:50 . 2008-12-01 05:30 -------- d-----w- c:\program files\Java
2009-09-05 17:49 . 2009-03-07 14:49 -------- d-----w- c:\program files\NCH Software
2009-08-28 12:39 . 2009-09-05 16:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-05 16:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-25 03:23 . 2009-04-23 16:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 07:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-14 14:12 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-14 14:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-14 14:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-14 14:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-14 14:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2008-12-01 13:55 . 2008-12-01 13:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” [2009-04-24 203928]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-21 1008184]
“hpsysdrv”=“c:\hp\support\hpsysdrv.exe” [2007-04-18 65536]
“KBD”=“c:\program files\Hewlett-Packard\KBD\KbdStub.EXE” [2008-07-21 12288]
“NVRaidService”=“c:\windows\system32\nvraidservice.exe” [2008-10-03 203296]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-10-25 13584928]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-10-25 92704]
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2008-10-09 75008]
“UpdateP2GoShortCut”=“c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” [2008-06-13 210216]
“UpdatePDIRShortCut”=“c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” [2008-06-13 210216]
“UpdatePSTShortCut”=“c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe” [2008-09-11 210216]
“TSMAgent”=“c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe” [2008-10-17 1152296]
“CLMLServer for HP TouchSmart”=“c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe” [2008-10-17 189736]
“DVDAgent”=“c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe” [2008-09-26 1148200]
“SmartMenu”=“c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe” [2008-09-23 912688]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-04-15 413696]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-07-25 149280]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2008-12-08 54576]
“UnlockerAssistant”=“c:\program files\Unlocker\UnlockerAssistant.exe” [2009-10-07 15872]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“HideFastUserSwitching”= 0 (0x0)
“UacDisableNotify”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3889901446-2716675481-4253712499-1000]
“EnableNotificationsRef”=dword:00000004
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{08E64F24-B609-4BEC-8FB1-929002495E1A}”= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
“{327C57FA-2829-4FCA-931F-5E1C8E136470}”= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
“{A6337A4D-7FD8-49C3-8749-A99D09FC64A7}”= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
“{2CB2FD2B-A39E-4D1B-8045-C0105C3285B7}”= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
“{C0F251A3-B0AD-47E8-9DC0-5A354D58C6B4}”= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
“{85B46F8A-8DA6-498F-A00C-415B956DEE93}”= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
“{1CE1700B-D4BF-4A5C-B31E-BBD055476614}”= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
“{3D48D6C1-0D17-40C3-9D98-07ED19E1A076}”= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
“{7200C305-9B9B-41CE-8B02-259903AE597B}”= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
“{3B63FF9E-9CA3-4AD7-83ED-043EC1C77D1C}”= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
“{9E3D9482-BD46-4613-A658-8A163B4878E9}”= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
“{8A90A436-8F54-4978-99AD-48CF741F0DD0}”= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
“TCP Query User{BE64AE0F-BFBD-4C47-884B-D3E7F6F39F8D}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule
“UDP Query User{B20DC7D2-C8DD-4F21-BDBA-3C046AA511CC}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule
“{2E4D7E5E-8A7C-462A-835C-2C80F8E566F8}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{8DE06DF7-B0EF-4352-AC61-A7BD8335F96A}”= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{6C9941BF-B71D-4D91-9DCF-0449577AEC29}”= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{B33628AC-A456-4B13-A4A3-FA25D85EF852}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{A4CC8B7C-D357-4B95-9E2F-9CCC88B109AC}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{F9FCFF53-4F9C-4E53-B1E7-72737897932A}”= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
“{85B86A1D-99AB-4225-BC7C-A580C3138445}”= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
“{2240895B-AA4F-4EF3-8B7A-94F9C895D057}”= UDP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
“{AF28444A-B861-4881-B64D-EEA61214DDBB}”= TCP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
“{86B88DD3-4739-4891-964E-8930DB6CC119}”= UDP:c:\users\Stéphane\AppData\Local\Temp\7zSDC4A.tmp\SymNRT.exe:Norton Removal Tool
“{8424F56F-F2DB-432C-B074-7F2032304606}”= TCP:c:\users\Stéphane\AppData\Local\Temp\7zSDC4A.tmp\SymNRT.exe:Norton Removal Tool
“{B733FFAC-FAC1-455E-9C6E-1BD28A5F811C}”= UDP:c:\users\Stéphane\AppData\Local\Temp\7zSBB.tmp\SymNRT.exe:Norton Removal Tool
“{BDFB34F2-D5B4-4696-AD61-A398BBA82533}”= TCP:c:\users\Stéphane\AppData\Local\Temp\7zSBB.tmp\SymNRT.exe:Norton Removal Tool
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [26/09/2008 03:36 59376]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:33 21504]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [04/03/2009 17:20 5120]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 02:58 20640]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [28/05/2009 20:44 436096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’
2009-10-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKLM-Run-CanalPlayerHelper - c:\program files\Lecteur CANALPLAY\CanalPlayerHelper.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe
AddRemove-Steinberg Cubase SX v2.01 - c:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXE
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-10-07 08:29
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
“ImagePath”="??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services{55662437-DA8C-40c0-AADA-2C816A897A49}]
“ImagePath”="??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@=“c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Hewlett-Packard\KBD\kbd.exe
.
.
Heure de fin: 2009-10-07 8:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-07 06:32
Avant-CF: 443 941 318 656 octets libres
Après-CF: 443 570 847 744 octets libres
241 — E O F — 2009-10-07 06:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:41, on 07/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = lemonde.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM…\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM…\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [UpdateP2GoShortCut] “c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “c:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM…\Run: [UpdatePDIRShortCut] “c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “c:\Program Files\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”
O4 - HKLM…\Run: [UpdatePSTShortCut] “c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe” “c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”
O4 - HKLM…\Run: [TSMAgent] “c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”
O4 - HKLM…\Run: [CLMLServer for HP TouchSmart] “c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM…\Run: [DVDAgent] “c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe”
O4 - HKLM…\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 7164 bytes