BoComboFix 10-10-17.04 - Propriétaire 18/10/2010 15:09:44.1.2 - x86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3070.2702 [GMT 2:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\service
c:\windows\system32\service\24082009_TIS17_SfFniAU.log
e:\\registre.reg
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-18 au 2010-10-18 ))))))))))))))))))))))))))))))))))))
.
2010-10-13 07:38 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-12 07:05 . 2010-10-12 07:05 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-10-10 18:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-10 18:41 . 2010-10-10 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 18:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-10 17:13 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-10-10 17:13 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-10-10 17:13 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-10 17:13 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-10-10 17:13 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-10-10 17:13 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-10-10 17:13 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-10-10 17:13 . 2008-04-13 07:34 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-10-10 17:13 . 2008-04-13 09:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-10-10 17:13 . 2008-04-13 17:33 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-10-10 17:13 . 2008-04-13 07:34 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-10-10 17:11 . 2001-08-17 19:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-10-10 17:10 . 2001-08-23 15:47 70144 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-10-10 17:09 . 2008-04-13 17:34 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-10-10 17:08 . 2001-08-17 20:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-10-10 17:07 . 2001-08-17 20:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-10-10 17:06 . 2008-04-13 09:23 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-10-10 17:05 . 2001-08-23 15:20 18432 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-10-10 17:04 . 2008-04-13 07:34 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2010-10-10 17:03 . 2001-08-17 19:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-10-10 17:02 . 2008-04-13 17:32 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-10-10 17:01 . 2001-08-23 15:15 54954 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-10 17:00 . 2001-08-17 18:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-10-10 16:59 . 2001-08-17 19:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-10-10 16:58 . 2001-08-17 19:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2010-10-10 16:57 . 2001-08-23 15:47 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-10-10 16:56 . 2001-08-23 15:46 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-10-10 16:55 . 2001-08-23 15:47 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-10-10 16:54 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-10-10 16:53 . 2001-08-23 15:47 53760 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2010-10-10 16:52 . 2001-08-23 15:47 622621 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2010-10-10 16:51 . 2001-08-17 19:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-10-10 16:50 . 2008-04-13 09:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-10-10 16:49 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-10 13:38 . 2010-10-10 13:41 -------- d-----w- c:\program files\Ad-Remover
2010-10-08 10:18 . 2010-10-13 14:10 -------- d-----w- c:\program files\ZHPDiag
2010-10-05 16:14 . 2010-10-05 16:14 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Uniblue
2010-10-05 16:14 . 2010-10-05 16:14 -------- d-----w- c:\program files\Uniblue
2010-10-04 16:41 . 2010-10-04 16:42 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\PCFix
2010-10-03 15:44 . 2009-05-07 09:03 307200 ----a-w- c:\windows\system32\AscSQLite.dll
2010-10-03 15:44 . 2008-11-06 14:04 20480 ----a-w- c:\windows\system32\SysRestore.dll
2010-10-03 15:44 . 2008-11-06 14:04 1066176 ----a-w- c:\windows\system32\mscomctl.ocx
2010-10-03 15:44 . 2008-11-06 14:04 36864 ----a-w- c:\windows\system32\ascbalon.dll
2010-10-03 14:47 . 2003-12-19 15:13 11672 ----a-w- c:\windows\system32\drivers\UKBFLT.sys
2010-10-03 14:47 . 2010-10-03 14:47 -------- d-----w- c:\program files\USB Wireless Keyboard Driver
2010-10-03 14:47 . 2004-02-03 15:15 5794816 ----a-w- c:\windows\CNYHKey.exe
2010-10-03 14:47 . 2003-06-16 15:42 49152 ----a-w- c:\windows\CNYUSB.dll
2010-10-03 14:47 . 2003-06-05 09:24 4663 ----a-w- c:\windows\mHotkey.reg
2010-10-03 14:47 . 2003-05-27 15:13 24576 ----a-w- c:\windows\HKCYDLL.dll
2010-10-03 14:47 . 2002-11-21 08:00 747 ----a-w- c:\windows\LedHKey.reg
2010-10-03 14:47 . 2002-02-27 15:50 241664 ----a-w- c:\windows\InstIt.exe
2010-10-03 14:47 . 2004-02-05 11:45 510464 ----a-w- c:\windows\mHotkey.exe
2010-10-03 14:47 . 2003-05-26 17:19 532544 ----a-w- c:\windows\PIC.dll
2010-10-03 14:47 . 2003-05-16 18:09 11776 ----a-w- c:\windows\HIDMNT.dll
2010-09-30 09:52 . 2010-09-30 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2010-09-30 09:50 . 2010-09-30 09:52 -------- d-----w- c:\program files\HP
2010-09-28 12:55 . 2010-09-28 12:55 -------- d-----w- C:\NVIDIA
2010-09-26 12:13 . 2010-09-26 12:13 -------- d-----w- c:\program files\VS Revo Group
2010-09-26 09:34 . 2010-09-26 09:34 -------- d-----w- c:\documents and settings\Propriétaire\Local Settings\Application Data\Threat Expert
2010-09-26 09:15 . 2010-09-26 09:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-26 09:13 . 2010-09-24 07:01 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C54D1F2-E997-4810-906B-D3A9DAE90153}\mpengine.dll
2010-09-25 16:15 . 2010-09-25 16:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-24 12:50 . 2010-09-24 12:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-24 11:55 . 2010-09-24 11:55 -------- d-----w- c:\documents and settings\Administrateur
2010-09-23 17:01 . 2010-09-23 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-23 16:59 . 2010-09-23 16:59 -------- d-----w- c:\program files\GIMP-2.0
2010-09-23 16:59 . 2010-09-26 12:18 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-23 16:59 . 2010-10-04 08:59 -------- d-----w- c:\program files\SiSoftware
2010-09-23 16:31 . 2010-09-23 16:31 -------- d-----w- c:\windows\LastGood(2)
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-26 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2009-10-12 692224]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-10-07 139264]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"CHotkey"="mHotkey.exe" [2004-02-05 510464]
"ledpointer"="CNYHKey.exe" [2004-02-03 5794816]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [03/10/2010 16:47 11672]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/09/2010 19:12 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/09/2010 19:12 17744]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/09/2009 19:47 133104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [12/03/2010 14:28 51392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-10-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-26 17:42]
2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:47]
2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:47]
2010-10-13 c:\windows\Tasks\WebReg Photosmart C5200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.orange.fr/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} -
hxxp://webtv.guidetv.orange.fr/resources/OCS_8971.cab.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-Games_Bar_1 Toolbar - c:\progra~1\GAMES_~1\UNWISE.EXE
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Heure de fin: 2010-10-18 15:14:21
ComboFix-quarantined-files.txt 2010-10-18 13:14
Avant-CF: 51 857 162 240 octets libres
Après-CF: 51 992 797 184 octets libres
- - End Of File - - 6BD5BADBBEFF4F1EDC16629472D1C52D
njour.Voila le rapport mais toujours pas de console de recup..