ComboFix 10-10-06.02 - Manager 07/10/2010 13:16:07.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.2039.1289 [GMT 2:00] Lancé depuis: c:\documents and settings\Manager\Bureau\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Manager\Application Data\Dealio c:\documents and settings\Manager\Application Data\Dealio\res\widgets.xml c:\documents and settings\Manager\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\Manager\Application Data\hotfix.exe c:\documents and settings\Manager\Local Settings\Temporary Internet Files\4978299d c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-07 au 2010-10-07 )))))))))))))))))))))))))))))))))))) . 2010-10-07 06:17 . 2010-10-07 06:17 -------- d-----w- c:\documents and settings\Manager\Application Data\Malwarebytes 2010-10-07 06:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-07 06:17 . 2010-10-07 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-07 06:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-07 06:17 . 2010-10-07 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-06 19:42 . 2010-10-06 19:44 -------- d-----w- C:\76f5a26d291d68add43c4725bd27b5 2010-10-06 16:03 . 2010-10-06 16:03 285 ----a-w- c:\documents and settings\Manager\Application Data\asdsada.bat 2010-09-30 16:06 . 2010-09-30 16:06 60416 --sha-r- c:\windows\system32\sort7.dll 2010-09-27 13:54 . 2010-09-27 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-09-26 14:11 . 2010-10-01 15:07 -------- d-----w- c:\documents and settings\Manager\Application Data\vlc 2010-09-24 14:40 . 2010-09-30 16:06 63669 ----a-w- c:\windows\system32\faqtykewkeyrqogi.exe 2010-09-19 14:04 . 2010-09-19 14:04 -------- d-----w- c:\program files\Free Video Converter . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-07 11:13 . 2006-03-02 11:00 81788 ----a-w- c:\windows\system32\perfc00C.dat 2010-10-07 11:13 . 2006-03-02 11:00 503806 ----a-w- c:\windows\system32\perfh00C.dat 2010-10-06 03:09 . 2010-03-22 18:04 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-27 14:53 . 2010-03-20 13:18 -------- d-----w- c:\documents and settings\Manager\Application Data\FreeVideoConverter 2010-09-26 14:10 . 2010-03-17 20:35 -------- d-----w- c:\program files\VideoLAN 2010-09-23 18:16 . 2009-12-31 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-09-12 18:17 . 2010-03-20 13:34 -------- d-----w- c:\documents and settings\Manager\Application Data\dvdcss 2010-09-08 16:28 . 2010-02-07 17:32 -------- d-----w- c:\documents and settings\Manager\Application Data\Apple Computer 2010-09-02 18:57 . 2010-09-02 16:54 -------- d-----w- c:\program files\iTunes 2010-09-02 16:55 . 2010-09-02 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-09-02 16:54 . 2010-09-02 16:54 -------- d-----w- c:\program files\iPod 2010-09-02 16:54 . 2010-02-07 17:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-09-02 16:54 . 2010-09-02 16:53 -------- d-----w- c:\program files\QuickTime 2010-09-02 16:53 . 2010-02-07 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-09-02 16:53 . 2010-09-02 16:53 -------- d-----w- c:\program files\Apple Software Update 2010-09-02 16:52 . 2010-09-02 16:52 -------- d-----w- c:\program files\Bonjour 2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe 2010-08-27 14:58 . 2010-08-27 14:58 -------- d-----w- c:\program files\LSI SoftModem 2010-08-17 13:17 . 2006-03-02 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-15 13:46 . 2010-08-15 13:46 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-08-15 13:46 . 2010-08-15 13:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-08-15 13:46 . 2010-08-15 13:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-08-15 13:46 . 2010-08-15 13:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-08-15 13:46 . 2010-08-15 13:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-08-15 13:46 . 2010-08-15 13:46 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-08-15 13:46 . 2010-08-15 13:46 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-08-15 13:46 . 2010-08-15 13:46 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-08-15 13:46 . 2010-08-15 13:46 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-08-15 13:46 . 2010-08-15 13:46 -------- d-----w- c:\program files\Fichiers communs\Real 2010-08-15 13:46 . 2010-08-15 13:46 -------- d-----w- c:\program files\Fichiers communs\xing shared 2010-08-15 13:46 . 2010-08-15 13:46 -------- d-----w- c:\program files\Real 2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-07-22 15:48 . 2006-03-02 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-04 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-08-15 202256] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-02-06 16:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2007 8:21 33800] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 18:38 375296] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21/12/2007 8:21 468224] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21/01/2010 16:24 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 8:58 20480] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23/07/2009 16:18 239160] R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17/07/2007 1:24 35072] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 11:31 44800] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/02/2010 18:27 135664] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [14/06/2010 22:50 11520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2010-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:27] 2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:27] 2010-10-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100805101937 . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1072) c:\windows\system32\relog_ap.dll . Heure de fin: 2010-10-07 13:21:24 ComboFix-quarantined-files.txt 2010-10-07 11:21 Avant-CF: 60.710.678.528 octets libres Après-CF: 61.325.082.624 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe - - End Of File - - 1D776929A27BAB2DC1AD080EE38F9DCF