ComboFix 08-04-15.4 - Younes 2008-04-16 12:45:55.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.950 [GMT 2:00]
Endroit: C:\Users\Younes\Desktop\ComboFix.exe
Command switches used :: C:\Users\Younes\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\lgmxvpatqgl.dll
C:\Windows\omlbpkaw.dll
C:\Windows\pmsoarbf.dll
C:\Windows\system32\nnnoNdeE.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\lgmxvpatqgl.dll
C:\Windows\omlbpkaw.dll
C:\Windows\pmsoarbf.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-16 04:04 . 2008-04-16 04:04 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-04-16 04:04 . 2008-04-16 04:04 <REP> d-------- C:\ProgramData\WindowsSearch
2008-04-15 20:38 . 2008-04-15 20:48 691 --a------ C:\Users\Younes\AppData\Roaming\GetValue.vbs
2008-04-15 20:38 . 2008-04-15 20:48 35 --a------ C:\Users\Younes\AppData\Roaming\SetValue.bat
2008-04-15 20:10 . 2008-04-15 20:13 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-15 20:10 . 2008-04-15 20:11 <REP> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-15 20:08 . 2008-04-15 20:08 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-04-15 12:35 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-15 12:35 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-15 12:35 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-15 12:35 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-15 12:35 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-15 12:35 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 12:35 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-15 05:21 . 2008-04-15 23:11 <REP> d-------- C:\Users\Younes\AppData\Roaming\ma-config.com
2008-04-15 05:21 . 2008-04-15 05:21 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 03:04 . 2008-04-15 03:04 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-04-14 13:16 . 2008-04-14 13:23 <REP> d-------- C:\Users\Younes\AppData\Roaming\Dev-Cpp
2008-04-14 13:12 . 2008-04-14 21:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-04-13 20:28 . 2008-04-13 20:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 18:35 . 2008-04-16 11:07 <REP> d-------- C:\PacSteam
2008-04-13 16:37 . 2008-04-13 16:36 737,280 --a------ C:\Windows\iun6002.exe
2008-04-13 16:36 . 2008-04-13 16:36 <REP> d-------- C:\Windows\System32\athan
2008-04-13 16:36 . 2008-04-13 16:37 <REP> d-------- C:\Program Files\Athan
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Users\Younes\AppData\Roaming\JLC's Software
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Program Files\JLC's Software
2008-04-13 01:22 . 2008-04-13 01:22 <REP> d-------- C:\Program Files\WinISO
2008-04-12 21:45 . 2008-04-12 21:45 <REP> d-------- C:\Program Files\Cedelia
2008-04-09 09:18 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 09:18 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 09:18 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 09:17 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 09:17 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 09:17 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 09:17 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 09:17 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 09:17 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 09:17 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 09:17 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 09:17 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 09:17 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 09:16 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 18:53 . 2008-04-08 18:53 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-08 18:53 . 2008-04-08 18:53 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-08 18:49 . 2008-04-16 11:07 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 11:07 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 12:49 115,338,528 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-08 18:49 . 2008-04-16 05:46 1,539,272 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-08 14:50 . 2008-04-08 17:27 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-08 02:14 . 2008-04-08 02:14 <REP> d-------- C:\Users\Younes\AppData\Roaming\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\Users\All Users\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\ProgramData\ESET
2008-03-30 01:33 . 2008-03-30 01:37 576 --a------ C:\Windows\settings.cfg
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2008-03-28 16:46 . 2008-03-28 16:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-25 05:48 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-03-25 05:48 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-03-25 05:46 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-03-25 05:45 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-25 05:44 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-25 05:43 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-25 05:42 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-25 05:42 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-03-25 05:42 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-25 05:42 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-25 05:42 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-25 05:42 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-25 05:42 . 2006-11-02 11:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-03-25 05:42 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-25 05:42 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-25 05:42 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-24 22:18 . 2008-04-16 05:45 12 --a------ C:\Windows\bthservsdp.dat
2008-03-21 08:11 . 2008-03-21 08:17 <REP> d-------- C:\Program Files\Common Files\Nero
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\system\Msvbvm50.dll
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\Users\All Users\LightScribe
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\ProgramData\LightScribe
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\Users\All Users\Quark
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\ProgramData\Quark
2008-03-20 17:57 . 2008-04-16 12:40 69 --a------ C:\Windows\NeroDigital.ini
2008-03-20 16:46 . 2008-03-20 14:51 290 --a------ C:\Windows\AntiTrial.ini
2008-03-20 16:40 . 2008-03-20 16:40 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-20 15:34 . 2008-03-20 15:34 <REP> d-------- C:\Users\Younes\AppData\Roaming\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\Users\All Users\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\ProgramData\Nero
2008-03-20 15:25 . 2008-03-20 15:25 <REP> d-------- C:\Program Files\Nero
2008-03-20 14:51 . 2008-03-20 14:51 251 --a------ C:\Windows\AntiTrial.bin
2008-03-17 10:25 . 2008-04-16 12:02 26 --a------ C:\Windows\popcinfo.dat
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\Users\All Users\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\Users\All Users\PopCap Games
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\ProgramData\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\ProgramData\PopCap Games
2008-03-17 02:27 . 2008-03-17 02:27 <REP> d-------- C:\Program Files\Common Files\Thraex Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 10:10 27,934 ----a-w C:\Users\Younes\AppData\Roaming\nvModes.dat
2008-04-15 18:48 7,796 ----a-w C:\Windows\System32\tmp.reg
2008-04-15 18:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 16:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 11:08 --------- d-----w C:\ProgramData\eMule
2008-04-14 20:24 --------- d-----w C:\Users\Younes\AppData\Roaming\LimeWire
2008-04-14 11:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 10:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 00:56 --------- d-----w C:\Users\Younes\AppData\Roaming\Skype
2008-04-14 00:27 --------- d-----w C:\Users\Younes\AppData\Roaming\skypePM
2008-04-13 18:45 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-09 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 00:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 00:00 --------- d-----w C:\ProgramData\Symantec
2008-04-08 00:00 --------- d-----w C:\Program Files\Symantec
2008-04-02 19:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 00:42 --------- d-----w C:\Users\Younes\AppData\Roaming\Winamp
2008-03-29 13:54 --------- d-----w C:\Program Files\Windows Live
2008-03-29 13:50 --------- d-----w C:\ProgramData\WLInstaller
2008-03-25 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Journal
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Defender
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Calendar
2008-03-25 04:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-25 04:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-21 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 20:57 --------- d-----w C:\ProgramData\Roxio
2008-03-11 03:05 --------- d-----w C:\Program Files\Custom-Strike
2008-03-10 15:00 --------- d-----w C:\Users\Younes\AppData\Roaming\Roxio
2008-03-10 11:37 --------- d-----w C:\Program Files\Java
2008-03-07 02:56 --------- d---a-w C:\ProgramData\TEMP
2008-03-07 02:29 --------- d-----w C:\Program Files\Deskshare
2008-03-07 02:20 --------- d-----w C:\Program Files\Common Files\DeskShare Shared
2008-03-06 03:27 --------- d-----w C:\Users\Younes\AppData\Roaming\vlc
2008-03-06 03:26 --------- d-----w C:\Program Files\VideoLAN
2008-03-04 03:31 --------- d-----w C:\Users\Younes\AppData\Roaming\Shareaza
2008-03-02 20:31 --------- d-----w C:\Users\Younes\AppData\Roaming\ZC Dream Photo
2008-03-02 04:55 --------- d-----w C:\Users\Younes\AppData\Roaming\Windows Live Writer
2008-03-02 04:39 --------- d-----w C:\Program Files\No-IP
2008-03-02 04:38 --------- d-----w C:\Program Files\Net Control 2
2008-03-02 04:37 --------- d-----w C:\Program Files\sXe Injected
2008-02-29 21:20 --------- d-----w C:\Users\Younes\AppData\Roaming\Configuration
2008-02-26 20:36 --------- d-----w C:\Program Files\LopSDV
2008-02-26 18:52 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 18:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 18:37 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 03:28 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-02-25 02:14 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-24 01:28 --------- d-----w C:\ProgramData\Microsoft Corporation
2008-02-24 01:26 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-23 15:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-23 14:52 --------- d-----w C:\ProgramData\POP3Profiles
2008-02-23 14:51 --------- d-----w C:\ProgramData\Sonic
2008-02-23 14:22 --------- d-----w C:\ProgramData\NVIDIA
2008-02-23 14:22 --------- d-----w C:\ProgramData\Lavasoft
2008-02-23 14:22 --------- d-----w C:\ProgramData\HP
2008-02-23 14:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-23 14:22 --------- d-----w C:\ProgramData\Adobe Systems
2008-02-23 14:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-23 14:21 --------- d-----w C:\ProgramData\Skype
2008-02-23 14:20 --------- d-----w C:\ProgramData\Trymedia
2008-02-23 13:56 --------- d-----w C:\ProgramData\ProgramData
2008-02-23 04:50 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-22 19:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-22 19:14 --------- d-----w C:\Program Files\Google
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-21 21:03 --------- d-----w C:\Program Files\BitTorrent
2008-02-21 20:53 --------- d-----w C:\Users\Younes\AppData\Roaming\BitTorrent
2008-02-21 00:28 --------- d-----w C:\Program Files\MediaEldoradoCodec
2008-02-18 21:24 --------- d-----w C:\Program Files\DivX
2008-02-18 00:42 --------- d-----w C:\Program Files\Sony Setup
2008-02-17 23:50 --------- d-----w C:\Users\Younes\AppData\Roaming\Sony
2008-02-17 21:44 --------- d-----w C:\Program Files\GetFlash
2008-02-17 15:40 --------- d-----w C:\Program Files\HHD Software
2008-02-17 13:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-17 13:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-17 13:25 --------- d-----w C:\Program Files\Skype
2008-02-17 11:21 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-02-17 11:02 58,904 ----a-w C:\Windows\System32\is4tray.dll
2008-02-08 16:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-04 17:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-29 01:53 612,864 ----a-w C:\Windows\System32\x264vfw.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-04-16_ 0.46.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 22:25:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-16 09:06:58 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-15 22:25:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-16 09:07:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-15 22:25:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-16 09:07:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-15 22:06:44 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 10:22:09 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-15 22:26:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 09:09:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 09:09:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-15 22:14:41 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 10:44:05 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-15 22:26:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 09:10:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 09:10:03 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-15 18:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-16 09:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-15 18:57:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 09:12:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-15 18:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-16 09:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-15 22:15:49 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-16 10:45:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-16 10:45:48 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-04-15 22:30:49 9,466 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-966014692-314144330-3634896158-1000_UserData.bin
+ 2008-04-16 09:10:58 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-966014692-314144330-3634896158-1000_UserData.bin
- 2008-04-15 22:30:46 76,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 09:10:57 76,270 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-15 18:55:22 45,370 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 09:10:49 45,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]
"Steam"="c:\pacsteam\steam.exe" [2008-04-13 18:38 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"ccleaner"="C:\My Files\Programs\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:24 1024000]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"Flashget"="C:\My Files\Programs\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C14E6230-757D-4246-81CE-B34E2940C722}"= C:\Windows\system32\iiffdddA.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=?$??I2????,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F31761E5-80D6-4B35-A236-9EB3B7367415}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{215FBE56-B330-47FA-8A2A-9AA6613A6305}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{875F1762-79BF-49AF-AE97-AA5BC085BA41}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7AB7F30E-297A-4CA5-BBF1-BC91297AD1DC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF19AA5F-7DD8-4EC8-9E36-B343FFD05B3F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{762A60F9-58D2-4344-89B2-8CF01B25AAA0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BF04210-AC18-4AC0-A73F-C674FABA20A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CCD7C8F-E293-48F2-8E42-C8FC06550D7F}"= UDP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{E8F4BFBA-9B1F-4493-BD62-CC4893BC02E4}"= TCP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{7D948B97-8715-4C5D-AC47-F88CD71C26F8}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{06D7BF47-C3B1-4E3B-B17E-BCACA044CC32}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{CE2FB6EE-FF9B-4E6F-803D-AF9C40B38F79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C6CE629-0FD7-4DAE-827D-22C7420BD4A5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FFCAAE3-1905-4E32-852E-728EAF0F8713}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{648525E5-BBBE-42AC-9F1C-89C1AD9AFB96}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7B465427-4B31-4A98-BB79-B9A897423CE8}C:\\my files\\programs\\emule\\emule.exe"= UDP:C:\my files\programs\emule\emule.exe:eMule
"UDP Query User{A375CB6C-AC58-42ED-A118-63CBBC7D691D}C:\\my files\\programs\\emule\\emule.exe"= TCP:C:\my files\programs\emule\emule.exe:eMule
"TCP Query User{3770EDD6-2951-4009-80FE-0D4FBB4762BF}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{9E5BE247-0994-4FB5-8701-27698B67E9D4}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{2F6F40A0-54FA-4BD9-B387-6E2DCC481176}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D4A9EE0C-E1BC-4D8D-875C-CFE0C4CC1723}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{34A4D864-6886-47A2-A9C9-A593DC6BE183}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{A051865C-4C82-42A6-B923-A8F77F3E4386}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\My Files\\Programs\\BitTorrent\\bittorrent.exe"= C:\My Files\Programs\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 NC2RemoteDesktop;Net Control 2 Remote Desktop Server Service;"C:\Program Files\Net Control 2\ncvserver.exe" /SERVICE []
S3 ncvhook;ncvhook;C:\Windows\system32\DRIVERS\ncvhook.sys [2007-09-30 17:54]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 02:09]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 02:09]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-13 18:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c8f1a26-db2b-11dc-afea-001b24c8b8cc}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f2c333-dd4a-11dc-b6e4-001b24c8b8cc}]
\shell\AutoRun\command - 0hct8ybw.bat
\shell\explore\Command - 0hct8ybw.bat
\shell\open\Command - 0hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dec108f9-089b-11dd-bc5f-001b24c8b8cc}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-16 12:49:58
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 12:52:10
ComboFix-quarantined-files.txt 2008-04-16 10:51:22
Pre-Run: 52,436,332,544 octets libres
Post-Run: 52,404,387,840 octets libres
.
2008-04-15 21:59:45 --- E O F ---