khalilhh
2008-11-18, 17:07
ComboFix 08-11-17.01 - pdg 2008-11-18 16:03:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1351 [GMT 1:00]
Lancé depuis: c:\documents and settings\pdg\Bureau\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 09:47 . 2008-11-18 16:00 <REP> d-------- c:\program files\a-squared Anti-Malware
2008-11-12 14:23 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:22 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 22:18 . 2008-11-11 22:18 <REP> d-------- c:\program files\S2SaTstrat
2008-11-10 14:44 . 2008-11-17 21:02 <REP> d-------- c:\program files\Norton Security Scan
2008-11-09 12:56 . 2008-11-09 13:02 <REP> d-------- c:\program files\Play65
2008-11-09 11:56 . 2008-11-09 11:56 32 --a------ c:\windows\mscpt.dat
2008-11-09 09:51 . 2008-11-09 09:51 <REP> d-------- c:\program files\InstallGammonEmpire
2008-11-09 09:38 . 2008-11-09 09:38 <REP> d-------- c:\program files\InstallPlay65(3)
2008-11-09 09:38 . 2008-11-09 09:38 <REP> d-------- c:\program files\InstallPlay65(2)
2008-11-07 14:24 . 2008-11-07 14:24 256 --ah----- C:\sqmdata06.sqm
2008-11-07 14:24 . 2008-11-07 14:24 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 13:02 . 2008-11-07 13:02 268 --ah----- C:\sqmdata05.sqm
2008-11-07 13:02 . 2008-11-07 13:02 244 --ah----- C:\sqmnoopt05.sqm
2008-11-05 22:15 . 2008-11-05 22:15 <REP> d-------- c:\program files\Custom-Strike
2008-11-05 22:15 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-11-05 00:06 . 2008-11-12 16:16 <REP> d-------- c:\program files\Everest Poker
2008-11-03 14:11 . 2008-11-18 12:15 <REP> d-------- c:\documents and settings\pdg\Application Data\HPAppData
2008-11-03 14:00 . 2008-11-03 14:00 <REP> d-------- c:\documents and settings\pdg\Application Data\HP
2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-03 13:45 . 2008-11-03 13:45 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-03 13:45 . 2008-11-03 13:45 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-03 13:45 . 2008-11-03 13:45 0 --a------ c:\windows\system32\ŸúŸú
2008-11-03 13:44 . 2008-11-03 13:44 <REP> d-------- c:\program files\Fichiers communs\HP
2008-11-03 13:44 . 2008-11-03 13:44 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-11-03 13:42 . 2008-11-03 13:45 <REP> d-------- c:\program files\HP
2008-11-03 13:41 . 2008-11-03 13:30 177,209 --------- c:\windows\hpoins27.dat.temp
2008-11-03 13:41 . 2008-01-18 16:56 932 --------- c:\windows\hpomdl27.dat.temp
2008-11-03 13:30 . 2007-10-30 10:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-03 13:30 . 2007-10-30 10:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-03 13:29 . 2008-11-03 13:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-03 13:29 . 2007-11-08 15:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-03 13:29 . 2008-11-03 13:58 177,856 --a------ c:\windows\hpoins27.dat
2008-11-03 13:29 . 2007-10-20 18:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-11-03 13:29 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-03 13:29 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-03 13:29 . 2007-10-30 10:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-03 13:29 . 2008-01-18 16:56 932 --------- c:\windows\hpomdl27.dat
2008-11-03 13:28 . 2007-10-30 10:11 729,088 -ra------ c:\windows\system32\hpowiax7.dll
2008-11-03 13:28 . 2007-10-30 10:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-03 13:28 . 2007-10-30 10:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-03 13:28 . 2007-10-30 10:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-11-03 13:28 . 2007-10-30 10:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-03 13:28 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-03 13:28 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-01 22:14 . 2008-11-16 01:18 <REP> d-------- c:\documents and settings\pdg\Application Data\skypePM
2008-11-01 22:14 . 2008-11-01 22:14 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-01 22:10 . 2008-11-16 01:20 <REP> d-------- c:\documents and settings\pdg\Application Data\Skype
2008-11-01 22:09 . 2008-11-15 22:32 <REP> d-------- c:\program files\Skype
2008-11-01 22:09 . 2008-11-01 22:09 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-01 22:09 . 2008-11-01 22:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-28 08:59 . 2008-10-28 08:59 <REP> d-------- c:\windows\system32\LogFiles
2008-10-25 11:19 . 2008-10-25 11:19 <REP> d-------- c:\documents and settings\pdg\Application Data\Apple Computer
2008-10-25 11:18 . 2008-10-25 11:18 <REP> d-------- c:\program files\Bonjour
2008-10-25 11:18 . 2008-11-03 11:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-25 11:17 . 2008-11-03 11:27 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-25 11:17 . 2008-10-25 11:17 <REP> d-------- c:\program files\Apple Software Update
2008-10-25 11:17 . 2008-10-25 11:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-25 11:17 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-24 11:58 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 20:54 . 2008-10-23 20:54 172 --ah----- C:\sqmnoopt04.sqm
2008-10-23 20:54 . 2008-10-23 20:54 172 --ah----- C:\sqmdata04.sqm
2008-10-23 17:52 . 2008-10-23 17:52 268 --ah----- C:\sqmdata03.sqm
2008-10-23 17:52 . 2008-10-23 17:52 244 --ah----- C:\sqmnoopt03.sqm
2008-10-23 16:42 . 2008-10-23 16:42 268 --ah----- C:\sqmdata02.sqm
2008-10-23 16:42 . 2008-10-23 16:42 244 --ah----- C:\sqmnoopt02.sqm
2008-10-20 16:57 . 2008-10-20 16:57 <REP> d-------- c:\documents and settings\pdg\Application Data\Toshiba
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 20:03 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-16 22:17 --------- d-----w c:\documents and settings\pdg\Application Data\dvdcss
2008-11-16 00:15 --------- d-----w c:\documents and settings\pdg\Application Data\LimeWire
2008-11-06 20:08 --------- d-----w c:\program files\Minefield
2008-11-05 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 21:26 --------- d-----w c:\program files\Valve
2008-11-04 18:50 --------- d-----w c:\program files\Free Easy Burner
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 17:56 --------- d-----w c:\program files\Search Settings
2008-10-13 17:56 --------- d-----w c:\documents and settings\pdg\Application Data\Search Settings
2008-10-13 17:34 --------- d-----w c:\program files\NCH Swift Sound
2008-10-13 16:28 --------- d-----w c:\program files\InstallPlay65
2008-10-13 12:31 --------- d-----w c:\documents and settings\pdg\Application Data\NCH Swift Sound
2008-10-13 12:31 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-12 14:23 --------- d-----w c:\documents and settings\pdg\Application Data\Media Player Classic
2008-10-12 13:08 --------- d-----w c:\program files\Screamer Radio
2008-10-12 11:03 --------- d-----w c:\program files\Toshiba
2008-10-06 12:03 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-03 07:39 --------- d-----w c:\documents and settings\pdg\Application Data\Sonic
2008-10-03 07:39 --------- d-----w c:\documents and settings\pdg\Application Data\Leadertech
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 05:11 --------- d-----w c:\program files\Yahoo!
2008-09-28 05:11 --------- d-----w c:\program files\DivX
2008-09-28 05:11 --------- d-----w c:\documents and settings\pdg\Application Data\Yahoo!
2008-09-28 05:11 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-09-28 01:59 --------- d-----w c:\program files\SweetIM
2008-09-24 23:02 --------- d-----w c:\program files\LimeWire
2008-09-24 12:51 --------- d-----w c:\program files\Google
2008-09-23 16:13 --------- d-----w c:\program files\Creative
2008-09-19 04:07 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-02 08:22 315,392 ----a-w c:\windows\HideWin.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-18_12.12.57.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-18 10:57:41 41,170 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-18 14:52:30 41,170 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-18 10:57:41 49,932 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-18 14:52:30 49,932 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-18 10:57:41 314,842 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-18 14:52:30 314,842 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-18 10:57:41 371,070 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-18 14:52:30 371,070 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-08 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-01 13508608]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UpdaterUI.exe" [2005-09-27 139320]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-02 2780816]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-03-01 c:\windows\system32\nvhotkey.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Analyseur de connectivit‚ de client de pare-feu.LNK - c:\program files\Microsoft Firewall Client\ISATRAY.EXE [2008-09-10 52496]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-09-02 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-09-02 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;\??\c:\windows\system32\Drivers\OEM13Afx.sys [2008-09-02 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-09-02 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-09-02 235840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45154324-ab32-11dd-b345-00218640bb41}]
\Shell\AutoRun\command - E:\nq0cq.cmd
\Shell\explore\Command - E:\nq0cq.cmd
\Shell\open\Command - E:\nq0cq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45154325-ab32-11dd-b345-00218640bb41}]
\Shell\AutoRun\command - E:\nq0cq.cmd
\Shell\explore\Command - E:\nq0cq.cmd
\Shell\open\Command - E:\nq0cq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da4a0b15-9858-11dd-b2f3-00218640bb41}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-14 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\pdg\Application Data\Mozilla\Firefox\Profiles\abrasctk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 16:04:52
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-18 16:06:07
ComboFix-quarantined-files.txt 2008-11-18 15:05:54
ComboFix2.txt 2008-11-18 11:13:56
Avant-CF: 234,618,265,600 octets libres
Après-CF: 234,604,941,312 octets libres
249 --- E O F --- 2008-11-12 14:03:18
:oops:
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1351 [GMT 1:00]
Lancé depuis: c:\documents and settings\pdg\Bureau\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 09:47 . 2008-11-18 16:00 <REP> d-------- c:\program files\a-squared Anti-Malware
2008-11-12 14:23 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:22 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 22:18 . 2008-11-11 22:18 <REP> d-------- c:\program files\S2SaTstrat
2008-11-10 14:44 . 2008-11-17 21:02 <REP> d-------- c:\program files\Norton Security Scan
2008-11-09 12:56 . 2008-11-09 13:02 <REP> d-------- c:\program files\Play65
2008-11-09 11:56 . 2008-11-09 11:56 32 --a------ c:\windows\mscpt.dat
2008-11-09 09:51 . 2008-11-09 09:51 <REP> d-------- c:\program files\InstallGammonEmpire
2008-11-09 09:38 . 2008-11-09 09:38 <REP> d-------- c:\program files\InstallPlay65(3)
2008-11-09 09:38 . 2008-11-09 09:38 <REP> d-------- c:\program files\InstallPlay65(2)
2008-11-07 14:24 . 2008-11-07 14:24 256 --ah----- C:\sqmdata06.sqm
2008-11-07 14:24 . 2008-11-07 14:24 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 13:02 . 2008-11-07 13:02 268 --ah----- C:\sqmdata05.sqm
2008-11-07 13:02 . 2008-11-07 13:02 244 --ah----- C:\sqmnoopt05.sqm
2008-11-05 22:15 . 2008-11-05 22:15 <REP> d-------- c:\program files\Custom-Strike
2008-11-05 22:15 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-11-05 00:06 . 2008-11-12 16:16 <REP> d-------- c:\program files\Everest Poker
2008-11-03 14:11 . 2008-11-18 12:15 <REP> d-------- c:\documents and settings\pdg\Application Data\HPAppData
2008-11-03 14:00 . 2008-11-03 14:00 <REP> d-------- c:\documents and settings\pdg\Application Data\HP
2008-11-03 13:59 . 2008-11-03 13:59 <REP> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-03 13:45 . 2008-11-03 13:45 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-03 13:45 . 2008-11-03 13:45 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-03 13:45 . 2008-11-03 13:45 0 --a------ c:\windows\system32\ŸúŸú
2008-11-03 13:44 . 2008-11-03 13:44 <REP> d-------- c:\program files\Fichiers communs\HP
2008-11-03 13:44 . 2008-11-03 13:44 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-11-03 13:42 . 2008-11-03 13:45 <REP> d-------- c:\program files\HP
2008-11-03 13:41 . 2008-11-03 13:30 177,209 --------- c:\windows\hpoins27.dat.temp
2008-11-03 13:41 . 2008-01-18 16:56 932 --------- c:\windows\hpomdl27.dat.temp
2008-11-03 13:30 . 2007-10-30 10:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-03 13:30 . 2007-10-30 10:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-03 13:29 . 2008-11-03 13:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-03 13:29 . 2007-11-08 15:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-03 13:29 . 2008-11-03 13:58 177,856 --a------ c:\windows\hpoins27.dat
2008-11-03 13:29 . 2007-10-20 18:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-11-03 13:29 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-03 13:29 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-03 13:29 . 2007-10-30 10:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-03 13:29 . 2008-01-18 16:56 932 --------- c:\windows\hpomdl27.dat
2008-11-03 13:28 . 2007-10-30 10:11 729,088 -ra------ c:\windows\system32\hpowiax7.dll
2008-11-03 13:28 . 2007-10-30 10:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-03 13:28 . 2007-10-30 10:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-03 13:28 . 2007-10-30 10:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-11-03 13:28 . 2007-10-30 10:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-03 13:28 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-03 13:28 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-01 22:14 . 2008-11-16 01:18 <REP> d-------- c:\documents and settings\pdg\Application Data\skypePM
2008-11-01 22:14 . 2008-11-01 22:14 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-01 22:10 . 2008-11-16 01:20 <REP> d-------- c:\documents and settings\pdg\Application Data\Skype
2008-11-01 22:09 . 2008-11-15 22:32 <REP> d-------- c:\program files\Skype
2008-11-01 22:09 . 2008-11-01 22:09 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-01 22:09 . 2008-11-01 22:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-28 08:59 . 2008-10-28 08:59 <REP> d-------- c:\windows\system32\LogFiles
2008-10-25 11:19 . 2008-10-25 11:19 <REP> d-------- c:\documents and settings\pdg\Application Data\Apple Computer
2008-10-25 11:18 . 2008-10-25 11:18 <REP> d-------- c:\program files\Bonjour
2008-10-25 11:18 . 2008-11-03 11:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-25 11:17 . 2008-11-03 11:27 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-25 11:17 . 2008-10-25 11:17 <REP> d-------- c:\program files\Apple Software Update
2008-10-25 11:17 . 2008-10-25 11:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-25 11:17 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-24 11:58 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 20:54 . 2008-10-23 20:54 172 --ah----- C:\sqmnoopt04.sqm
2008-10-23 20:54 . 2008-10-23 20:54 172 --ah----- C:\sqmdata04.sqm
2008-10-23 17:52 . 2008-10-23 17:52 268 --ah----- C:\sqmdata03.sqm
2008-10-23 17:52 . 2008-10-23 17:52 244 --ah----- C:\sqmnoopt03.sqm
2008-10-23 16:42 . 2008-10-23 16:42 268 --ah----- C:\sqmdata02.sqm
2008-10-23 16:42 . 2008-10-23 16:42 244 --ah----- C:\sqmnoopt02.sqm
2008-10-20 16:57 . 2008-10-20 16:57 <REP> d-------- c:\documents and settings\pdg\Application Data\Toshiba
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 20:03 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-16 22:17 --------- d-----w c:\documents and settings\pdg\Application Data\dvdcss
2008-11-16 00:15 --------- d-----w c:\documents and settings\pdg\Application Data\LimeWire
2008-11-06 20:08 --------- d-----w c:\program files\Minefield
2008-11-05 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 21:26 --------- d-----w c:\program files\Valve
2008-11-04 18:50 --------- d-----w c:\program files\Free Easy Burner
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 17:56 --------- d-----w c:\program files\Search Settings
2008-10-13 17:56 --------- d-----w c:\documents and settings\pdg\Application Data\Search Settings
2008-10-13 17:34 --------- d-----w c:\program files\NCH Swift Sound
2008-10-13 16:28 --------- d-----w c:\program files\InstallPlay65
2008-10-13 12:31 --------- d-----w c:\documents and settings\pdg\Application Data\NCH Swift Sound
2008-10-13 12:31 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-12 14:23 --------- d-----w c:\documents and settings\pdg\Application Data\Media Player Classic
2008-10-12 13:08 --------- d-----w c:\program files\Screamer Radio
2008-10-12 11:03 --------- d-----w c:\program files\Toshiba
2008-10-06 12:03 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-03 07:39 --------- d-----w c:\documents and settings\pdg\Application Data\Sonic
2008-10-03 07:39 --------- d-----w c:\documents and settings\pdg\Application Data\Leadertech
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 05:11 --------- d-----w c:\program files\Yahoo!
2008-09-28 05:11 --------- d-----w c:\program files\DivX
2008-09-28 05:11 --------- d-----w c:\documents and settings\pdg\Application Data\Yahoo!
2008-09-28 05:11 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-09-28 01:59 --------- d-----w c:\program files\SweetIM
2008-09-24 23:02 --------- d-----w c:\program files\LimeWire
2008-09-24 12:51 --------- d-----w c:\program files\Google
2008-09-23 16:13 --------- d-----w c:\program files\Creative
2008-09-19 04:07 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-02 08:22 315,392 ----a-w c:\windows\HideWin.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-18_12.12.57.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-18 10:57:41 41,170 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-18 14:52:30 41,170 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-18 10:57:41 49,932 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-18 14:52:30 49,932 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-18 10:57:41 314,842 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-18 14:52:30 314,842 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-18 10:57:41 371,070 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-18 14:52:30 371,070 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-08 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-01 13508608]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UpdaterUI.exe" [2005-09-27 139320]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-02 2780816]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-03-01 c:\windows\system32\nvhotkey.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Analyseur de connectivit‚ de client de pare-feu.LNK - c:\program files\Microsoft Firewall Client\ISATRAY.EXE [2008-09-10 52496]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-09-02 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-09-02 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;\??\c:\windows\system32\Drivers\OEM13Afx.sys [2008-09-02 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-09-02 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-09-02 235840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45154324-ab32-11dd-b345-00218640bb41}]
\Shell\AutoRun\command - E:\nq0cq.cmd
\Shell\explore\Command - E:\nq0cq.cmd
\Shell\open\Command - E:\nq0cq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45154325-ab32-11dd-b345-00218640bb41}]
\Shell\AutoRun\command - E:\nq0cq.cmd
\Shell\explore\Command - E:\nq0cq.cmd
\Shell\open\Command - E:\nq0cq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da4a0b15-9858-11dd-b2f3-00218640bb41}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-14 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\pdg\Application Data\Mozilla\Firefox\Profiles\abrasctk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 16:04:52
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-18 16:06:07
ComboFix-quarantined-files.txt 2008-11-18 15:05:54
ComboFix2.txt 2008-11-18 11:13:56
Avant-CF: 234,618,265,600 octets libres
Après-CF: 234,604,941,312 octets libres
249 --- E O F --- 2008-11-12 14:03:18
:oops: