Apres le redemarrage de mon Pc la connexion a remarché , et voila le rapport :
ComboFix 08-09-04.09 - user 2008-09-05 20:11:04.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1107 [GMT 1:00]
Endroit: C:\Users\user\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\KBL.LOG
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\rhdokmlg.ini
C:\Windows\system32\sqsevllv.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 20:19 . 2008-09-05 20:19 294 ---hs---- C:\Windows\System32\rhdokmlg.ini
2008-09-05 17:14 . 2008-09-05 17:14 72,192 --a------ C:\Windows\System32\glmkodhr.dll
2008-09-04 17:23 . 2008-09-04 17:24 <REP> d-------- C:\Program Files\CCleaner
2008-09-03 20:26 . 2008-09-03 20:26 <REP> d-------- C:\My Downloads
2008-09-03 20:24 . 2008-09-03 20:26 <REP> d-------- C:\Program Files\Shareaza Applications
2008-09-03 20:24 . 2006-11-12 12:39 483,328 --a------ C:\Windows\System32\actskn45.ocx
2008-09-02 12:49 . 2008-09-02 12:50 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-08-31 14:42 . 2008-08-31 14:42 <REP> d-------- C:\Users\All Users\Downloaded Installations
2008-08-31 14:42 . 2008-08-31 14:42 <REP> d-------- C:\ProgramData\Downloaded Installations
2008-08-30 21:13 . 2008-08-30 21:13 <REP> d-------- C:\Users\All Users\POP3Profiles
2008-08-30 21:13 . 2008-08-30 21:13 <REP> d-------- C:\ProgramData\POP3Profiles
2008-08-30 21:07 . 2008-08-30 21:07 <REP> d-------- C:\Program Files\Ubisoft
2008-08-30 08:14 . 2008-08-30 08:14 <REP> d-------- C:\Program Files\KONAMI
2008-08-26 23:52 . 2008-08-26 23:53 <REP> d-------- C:\Program Files\Java
2008-08-26 23:51 . 2008-08-26 23:51 <REP> d-------- C:\Program Files\Common Files\Java
2008-08-26 23:32 . 2008-08-26 23:37 <REP> d-------- C:\Users\user\.SunDownloadManager
2008-08-26 23:02 . 2008-08-26 23:02 <REP> d-------- C:\Users\user\AppData\Roaming\Malwarebytes
2008-08-26 23:02 . 2008-08-26 23:02 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-26 23:02 . 2008-08-26 23:02 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-26 23:02 . 2008-08-26 23:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 23:02 . 2008-08-17 14:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-26 23:02 . 2008-08-17 14:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-26 22:55 . 2008-08-26 22:55 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 13:39 . 2008-08-26 13:39 <REP> d-------- C:\VundoFix Backups
2008-08-26 13:39 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-26 13:39 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-26 13:39 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-26 13:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-26 13:25 . 2008-06-26 02:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-26 13:25 . 2008-06-26 02:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-26 13:25 . 2008-06-26 04:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-25 22:56 . 2008-08-27 11:48 <REP> d-a------ C:\Users\All Users\TEMP
2008-08-25 22:56 . 2008-08-27 11:48 <REP> d-a------ C:\ProgramData\TEMP
2008-08-25 20:22 . 2008-09-01 15:56 169 --a------ C:\Windows\adidsl.ini
2008-08-25 20:22 . 2008-08-25 20:22 21 --a------ C:\Windows\Fast800.ini
2008-08-23 23:43 . 2007-07-20 23:36 608,448 --a------ C:\Windows\System32\comctl32.ocx
2008-08-23 23:29 . 2008-08-23 23:29 <REP> d-------- C:\Program Files\Sun
2008-08-23 21:16 . 2008-08-23 21:16 <REP> d-------- C:\Program Files\SAGEM
2008-08-17 20:26 . 2008-08-17 20:26 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-17 20:26 . 2008-08-17 20:26 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-08-17 20:10 . 2008-08-17 20:10 1,416,744 --a------ C:\Enrique Iglesias Ft Nadiya - Tired Of Being Sorry Bonne Chanson Avec Nadia.mp3
2008-08-17 20:09 . 2008-08-17 20:09 <REP> d-------- C:\Program Files\AnMing
2008-08-16 21:40 . 2008-08-16 21:40 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-15 20:06 . 2008-08-15 20:06 <REP> d-------- C:\Users\All Users\Yahoo!
2008-08-15 20:06 . 2008-08-15 20:06 <REP> d-------- C:\ProgramData\Yahoo!
2008-08-15 14:13 . 2008-08-15 14:21 <REP> d-------- C:\Program Files\Yahoo!
2008-08-15 12:02 . 2008-04-26 09:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-15 12:02 . 2008-04-26 09:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-08-15 12:02 . 2008-04-26 09:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-08-15 12:02 . 2008-04-12 04:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-08-15 12:02 . 2008-05-10 04:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-08-15 12:02 . 2008-04-05 02:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-08-15 12:02 . 2008-04-05 04:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-08-15 12:00 . 2008-07-16 02:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-15 11:56 . 2008-08-15 11:56 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-14 21:10 . 2008-09-02 20:40 <REP> d-------- C:\Users\user\Crack
2008-08-14 16:19 . 2008-06-19 04:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 16:16 . 2008-04-18 06:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-14 15:44 . 2008-06-27 02:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 15:44 . 2008-06-27 05:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 15:41 . 2008-02-29 05:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-08-14 15:41 . 2008-02-22 05:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-08-14 15:40 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-08-14 15:40 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-08-14 15:40 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-08-14 15:39 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-08-14 15:39 . 2008-04-10 06:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 15:39 . 2008-05-08 22:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-08-14 15:39 . 2008-05-08 22:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-08-14 15:39 . 2008-05-08 22:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-08-14 15:39 . 2008-05-08 22:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-08-14 15:39 . 2008-05-08 22:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-08-14 15:39 . 2008-05-08 22:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-08-14 15:39 . 2008-05-08 22:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-08-14 15:25 . 2008-09-05 20:18 0 --------- C:\Windows\System32\Ikeext.etl
2008-08-14 15:20 . 2008-08-25 20:22 989 --a------ C:\Windows\adiras.ini
2008-08-14 11:15 . 2008-08-24 19:44 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-08-14 11:15 . 2008-08-24 19:44 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-08-14 02:21 . 2008-08-14 02:21 <REP> d-------- C:\Users\All Users\Hold Trust Amok Mode
2008-08-14 02:21 . 2008-08-14 02:21 <REP> d-------- C:\ProgramData\Hold Trust Amok Mode
2008-08-14 02:20 . 2008-08-14 02:21 <REP> d-------- C:\Users\All Users\program trans
2008-08-14 02:20 . 2008-08-14 02:21 <REP> d-------- C:\ProgramData\program trans
2008-08-14 02:20 . 2008-08-14 02:20 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-14 02:20 . 2008-08-14 02:20 <REP> d-------- C:\Program Files\Circle Developement
2008-08-14 02:13 . 2008-08-14 02:20 <REP> d-------- C:\Program Files\MSN Messenger
2008-08-14 01:53 . 2008-08-14 01:59 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-14 01:52 . 2008-08-14 02:14 <REP> d-------- C:\Users\All Users\WLInstaller
2008-08-14 01:52 . 2008-08-14 02:14 <REP> d-------- C:\ProgramData\WLInstaller
2008-08-14 01:52 . 2008-08-14 02:20 <REP> d-------- C:\Program Files\Windows Live
2008-08-13 22:01 . 2008-08-13 22:06 <REP> d-------- C:\Users\user\AppData\Roaming\Magic Academy
2008-08-12 14:11 . 2008-08-12 14:11 <REP> d-------- C:\Users\user\AppData\Roaming\PlayFirst
2008-08-11 18:24 . 2008-08-11 18:24 <REP> d-------- C:\Users\All Users\LightScribe
2008-08-11 18:24 . 2008-08-11 18:24 <REP> d-------- C:\ProgramData\LightScribe
2008-08-11 13:11 . 2008-08-11 13:11 <REP> d-------- C:\Users\user\AppData\Roaming\WildTangent
2008-08-11 13:06 . 2008-08-11 13:56 <REP> d-------- C:\Users\user\AppData\Roaming\CyberLink
2008-08-11 11:44 . 2008-08-11 11:44 <REP> d-------- C:\Users\user\Bluetooth Software
2008-08-11 11:44 . 2008-08-11 11:44 <REP> d-------- C:\Users\user\AppData\Roaming\Symantec
2008-08-11 11:44 . 2008-08-11 11:44 <REP> d-------- C:\Users\user\AppData\Roaming\DigitalPersona
2008-08-11 11:43 . 2008-08-11 11:43 <REP> dr------- C:\Users\user\Searches
2008-08-11 11:43 . 2008-09-04 20:09 <REP> dr------- C:\Users\user\Contacts
2008-08-11 11:43 . 2008-08-11 11:43 81 --a------ C:\Windows\System32\LOG
2008-08-11 11:43 . 2008-08-11 11:43 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-08-11 11:36 . 2008-08-11 13:46 <REP> d-------- C:\Users\user\AppData\Roaming\Hewlett-Packard
2008-08-11 11:33 . 2008-08-11 11:33 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-08-11 11:33 . 2008-08-11 11:33 <REP> d-------- C:\ProgramData\Electronic Arts
2008-08-11 11:30 . 2008-08-30 21:31 <REP> d-------- C:\Program Files\Electronic Arts
2008-08-11 11:28 . 2008-08-11 11:28 <REP> d-------- C:\Program Files\Common Files\LightScribe
2008-08-11 11:27 . 2008-08-11 11:27 <REP> d-------- C:\Users\user\AppData\Roaming\Macrovision
2008-08-11 11:27 . 2008-08-11 11:27 <REP> d-------- C:\Users\user\AppData\Roaming\InstallShield
2008-08-11 11:27 . 2008-08-11 11:27 <REP> d-------- C:\Program Files\Broadcom
2008-08-11 11:27 . 2008-08-11 11:27 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8264MR2_E480576-051_4A_I30CC_SQuanta_V79.2E_F.57_T080521_WV3-1_L40C_M2038_J160_7Intel_86FD_91.73_#080811_N10EC8136;14E44315_(FF528EA#AB6)_XMOBILE_CN10_Z.MRK
2008-08-11 11:26 . 2008-08-11 11:43 <REP> dr------- C:\Users\user\Videos
2008-08-11 11:26 . 2008-08-14 11:52 <REP> dr------- C:\Users\user\Saved Games
2008-08-11 11:26 . 2008-09-04 17:08 <REP> dr------- C:\Users\user\Pictures
2008-08-11 11:26 . 2008-09-01 22:44 <REP> dr------- C:\Users\user\Music
2008-08-11 11:26 . 2008-08-11 11:43 <REP> dr------- C:\Users\user\Links
2008-08-11 11:26 . 2008-09-04 18:22 <REP> dr------- C:\Users\user\Downloads
2008-08-11 11:26 . 2008-09-04 17:48 <REP> dr------- C:\Users\user\Documents
2008-08-11 11:26 . 2006-11-02 13:37 <REP> d-------- C:\Users\user\AppData\Roaming\Media Center Programs
2008-08-11 11:26 . 2008-08-11 11:26 <REP> d--h----- C:\Users\user\AppData
2008-08-11 11:26 . 2008-09-01 18:05 <REP> d-------- C:\Users\user
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-03 23:24 --------- d-----w C:\ProgramData\Symantec
2008-09-02 12:49 --------- d-----w C:\ProgramData\WildTangent
2008-08-30 20:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 19:22 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-08-25 09:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-24 16:52 --------- d-----w C:\ProgramData\CyberLink
2008-08-23 21:59 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-23 21:53 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-23 21:53 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-23 21:53 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-23 21:53 --------- d-----w C:\Program Files\Symantec
2008-08-15 11:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 12:46 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-11 10:28 --------- d-----w C:\Program Files\HPQ
2008-08-11 10:25 --------- d-sh--w C:\ProgramData\Modèles
2008-08-11 10:25 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-11 10:25 --------- d-sh--w C:\ProgramData\Favoris
2008-08-11 10:25 --------- d-sh--w C:\ProgramData\Bureau
2008-08-11 10:25 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-07 16:47 --------- d-----w C:\ProgramData\Macrovision
2008-07-07 16:47 --------- d-----w C:\Program Files\Services en ligne
2008-07-07 16:47 --------- d-----w C:\Program Files\DigitalPersona
2008-07-07 16:46 --------- d-----w C:\Program Files\HP Games
2008-07-07 16:43 --------- d-----w C:\Program Files\CyberLink
2008-07-07 16:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-07 16:36 --------- d-----w C:\Program Files\Hp
2008-07-07 16:31 --------- d-----w C:\Program Files\WIDCOMM
2008-07-07 16:30 --------- d-----w C:\Program Files\WinTV
2008-07-07 16:30 --------- d-----w C:\Program Files\Intel
2008-07-07 16:29 --------- d-----w C:\Program Files\Realtek
2008-07-07 16:28 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-07 16:28 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-07 16:27 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-07-07 16:27 --------- d-----w C:\Program Files\Motorola
2008-07-07 16:27 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-07-07 16:26 --------- d-----w C:\Program Files\Synaptics
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2008-07-15 12:33 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2008-07-15 480704]
[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2008-07-15 480704]
[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Defy Tick"="C:\ProgramData\First flag flag.02lods" [X]
"Amok Mode Dupe Platform"="C:\ProgramData\grid team rule.1s0hp" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-19 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"57d0d74a"="C:\Windows\system32\glmkodhr.dll" [2008-09-05 72192]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 C:\Windows\RtHDVCpl.exe]
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration .LNK - C:\Program Files\Ubisoft\Prince of Persia T2T\Support\Register\RegistrationReminder.exe [2008-08-30 868352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{434B1CE6-CFBD-44C6-981C-1A2D95E84F74}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C1DCC0B0-406A-4356-B5EC-61BDC839CFD3}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A5D22E2F-EB4A-41AD-9500-78EC5973572E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F939BF7A-95FE-492E-8123-6540FF91B283}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5F79A53-001C-4F34-9B18-1172E7648883}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5748E741-05DA-44AF-8CA7-A1E068137320}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{9C8AF5AB-2758-4387-8BB5-0A390F0E92BA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{0491E3B7-E544-47BD-8C0E-9B5DF78C0E75}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F714D419-32AC-4587-9BBE-5F70328ADA83}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{74057945-3807-40C1-B91E-8BE7FB20E3E5}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6C7ECACB-439F-4525-99F1-C72A7F1E7EF6}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EBBC120A-163F-4A15-A3DA-D28322B9D4F2}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{096A6B95-B3E7-4F2E-AB7F-4B45CA5AB254}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{A1BE6FEB-0F6E-4736-9158-883019F84C61}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080902.004\IDSvix86.sys [2008-08-08 261680]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 56088]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{020ecd8c-782e-11dd-8321-00218663a2b8}]
\shell\AutoRun\command - F:\22xo.exe
\shell\explore\Command - F:\22xo.exe
\shell\open\Command - F:\22xo.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{B4A53E07-FA25-4EF3-AE76-FB1DD285C514} - C:\Users\user\AppData\Local\Temp\awtsSlJa.dll
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-BM54e3e4d6 - C:\Windows\system32\sqsevllv.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*
http://fr.search.yahoo.com
O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O17 -: HKLM\CCS\Interface\{38881F6F-29A1-40C6-8CDC-DCAB12F3B59C}: NameServer = 212.217.0.1,212.217.1.1
O17 -: HKLM\CCS\Interface\{5268F8B4-E657-4E35-AAAE-C49FB17CD9B0}: NameServer = 212.217.0.14 196.217.246.210
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-09-05 20:19:30
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\glmkodhr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 20:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 19:26:20
Pre-Run: 92,432,887,808 octets libres
Post-Run: 91,981,950,976 octets libres
363 --- E O F --- 2008-09-04 15:57:56