Here's the combo fix log.Thank you!
ComboFix 10-05-16.01 - Christelle Maître 16/05/2010 14:21:54.4.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.894.457 [GMT -4:00]
Lancé depuis: c:\documents and settings\Christelle Maître\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-16 au 2010-05-16 ))))))))))))))))))))))))))))))))))))
.
2010-05-15 18:25 . 2010-05-16 18:25 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-05-15 18:18 . 2010-05-16 18:19 -------- d-----w- c:\documents and settings\HelpAssistant
2010-05-12 21:18 . 2010-05-12 21:18 -------- d-----w- c:\program files\ESET
2010-05-10 15:34 . 2010-05-10 15:34 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Voisinage réseau
2010-05-10 15:34 . 2010-05-10 15:34 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Voisinage d'impression
2010-05-10 15:34 . 2010-05-10 15:34 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Tracing
2010-05-10 15:33 . 2010-05-10 15:33 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Option
2010-05-10 15:33 . 2010-05-10 15:33 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Modèles
2010-05-10 15:33 . 2010-05-10 15:33 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Mes documents
2010-05-10 15:33 . 2010-05-10 15:33 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Menu Démarrer
2010-05-10 15:33 . 2010-05-10 15:33 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05\Favoris
2010-05-07 14:08 . 2010-05-15 09:42 -------- d-----w- c:\documents and settings\HelpAssistant.EMACHINE-2E2F05
2010-05-07 13:32 . 2010-05-07 13:32 -------- d-----w- C:\HelpAsst_backup
2010-05-05 11:16 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 11:16 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 11:16 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 11:16 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 11:16 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 11:16 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 11:16 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 11:16 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 11:16 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 11:16 . 2010-05-05 11:16 -------- d-----w- c:\program files\Alwil Software
2010-05-05 11:16 . 2010-05-05 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-04 21:36 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 21:36 . 2010-05-04 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-04 21:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 21:36 . 2010-05-04 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 21:29 . 2010-05-04 21:29 -------- d-----w- c:\program files\ERUNT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 18:21 . 2008-09-03 12:55 86240 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-16 18:21 . 2008-09-03 12:55 514778 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-16 18:17 . 2010-02-24 17:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-13 00:48 . 2008-09-03 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-04 00:43 . 2009-12-14 23:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-27 21:16 . 2010-03-21 18:15 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 21:16 . 2010-03-21 18:15 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 21:16 . 2010-03-21 18:15 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 21:16 . 2010-03-21 18:15 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 21:16 . 2010-03-21 18:15 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 21:16 . 2010-03-21 18:15 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 21:16 . 2010-03-21 18:15 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 21:16 . 2010-03-21 18:15 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 21:16 . 2010-03-21 18:15 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 21:16 . 2010-03-21 18:15 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-14 15:34 . 2010-04-14 15:34 79428 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-14 03:21 . 2010-03-21 18:14 -------- d-----w- c:\program files\McAfee
2010-04-08 16:12 . 2010-03-10 22:14 -------- d-----w- c:\program files\Celtx
2010-04-07 18:47 . 2009-08-17 20:32 104296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-07 18:46 . 2010-04-07 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-07 17:39 . 2008-09-03 13:03 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-04-07 17:36 . 2010-04-07 17:36 -------- d-----w- c:\program files\Adobe Media Player
2010-04-07 17:32 . 2010-04-07 17:32 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-04-07 17:21 . 2010-04-07 17:21 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2010-03-31 15:55 . 2009-08-27 21:46 -------- d-----w- c:\program files\MessengerDiscovery 2
2010-03-31 14:45 . 2009-04-06 16:33 -------- d-----w- c:\program files\Windows Live
2010-03-31 13:30 . 2009-05-19 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-31 13:29 . 2009-05-19 12:48 -------- d-----w- c:\program files\Lavasoft
2010-03-31 13:01 . 2008-09-03 12:05 -------- d-----w- c:\program files\Google
2010-03-29 13:35 . 2010-02-23 16:04 132 ----a-w- c:\documents and settings\Charlotte\Local Settings\Application Data\fusioncache.dat
2010-03-21 21:16 . 2010-03-21 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-21 18:15 . 2010-03-21 18:15 -------- d-----w- c:\program files\Fichiers communs\Mcafee
2010-03-21 18:15 . 2010-03-21 18:15 -------- d-----w- c:\program files\McAfee.com
2010-03-21 18:04 . 2009-04-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-21 18:01 . 2008-09-03 12:27 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-11 12:34 . 2007-08-13 16:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:34 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:34 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 22:37 . 2010-02-24 22:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:41 . 2010-02-23 16:41 104296 ----a-w- c:\documents and settings\Charlotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 16:10 . 2010-02-23 16:14 368640 ----a-w- c:\documents and settings\Charlotte\Application Data\InstallShield Installation Information\{5256C695-CEE8-4BB9-BCE4-E3215C80B8AA}\_setup.dll
2010-02-23 16:10 . 2010-02-23 16:10 192644 ----a-w- c:\documents and settings\Charlotte\Application Data\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-02-23 16:10 . 2010-02-23 16:10 323716 ----a-w- c:\documents and settings\Charlotte\Application Data\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-14 12:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-27 21:16 . 2010-04-28 20:05 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-09_19.33.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-16 18:17 . 2010-05-16 18:17 16384 c:\windows\Temp\Perflib_Perfdata_344.dat
- 2008-09-03 12:55 . 2010-05-09 19:19 72576 c:\windows\system32\perfc009.dat
+ 2008-09-03 12:55 . 2010-05-16 18:21 72576 c:\windows\system32\perfc009.dat
+ 2010-05-10 23:53 . 2010-05-15 14:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-07 18:34 . 2010-05-07 18:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-05 09:24 . 2010-05-07 18:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-04-05 09:24 . 2010-05-15 14:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-04-05 09:24 . 2010-05-07 18:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-10 23:53 . 2010-05-15 14:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-06 23:38 . 2010-04-15 07:06 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-06 23:38 . 2010-05-13 00:48 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-03 12:55 . 2010-05-09 19:19 445370 c:\windows\system32\perfh009.dat
+ 2008-09-03 12:55 . 2010-05-16 18:21 445370 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2008-04-11 19:05 691712 c:\windows\system32\inetcomm.dll
+ 2008-04-14 12:00 . 2010-01-29 15:00 691712 c:\windows\system32\inetcomm.dll
- 2008-04-14 12:00 . 2008-04-11 19:05 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-14 12:00 . 2010-01-29 15:00 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-04-06 23:38 . 2010-04-15 07:06 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-14 12:00 . 2010-01-29 15:00 1315328 c:\windows\system32\dllcache\msoe.dll
- 2008-04-14 12:00 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\c6e18a.msp
+ 2010-04-09 19:21 . 2010-04-09 19:21 5025792 c:\windows\Installer\c6e176.msp
+ 2009-04-06 23:38 . 2010-05-13 00:47 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-06 23:38 . 2010-04-15 07:06 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-06 23:38 . 2010-05-13 00:47 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2009-04-05 23:42 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-24 8491008]
"nwiz"="nwiz.exe" [2008-02-24 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-24 81920]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-15 16862720]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-14 198160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-11-21 151552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-14 06:39 198160 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"9255:TCP"= 9255:TCP:Services
"9256:TCP"= 9256:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24/02/2010 13:17 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/05/2010 07:16 162768]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [21/03/2010 14:15 82952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/05/2010 07:16 19024]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24/02/2010 13:20 112592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 07:11 16384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [21/03/2010 14:15 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [21/03/2010 14:15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [21/03/2010 14:15 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Fichiers communs\Mcafee\SystemCore\mfefire.exe [21/03/2010 14:15 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe [21/03/2010 14:15 141792]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06/04/2008 16:42 50424]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [21/03/2010 14:15 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [21/03/2010 14:15 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [21/03/2010 14:15 88480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1ca0eea4bf5122e;Service Google Update (gupdate1ca0eea4bf5122e);c:\program files\Google\Update\GoogleUpdate.exe [27/07/2009 14:44 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [03/04/2008 21:03 131072]
S3 Dz3s2kxp;Dz3s2kxp;c:\windows\system32\drivers\Dz3s2kxp.sys [21/11/2009 18:12 10496]
S3 Dz3u2kxp;Dz3u2kxp;c:\windows\system32\drivers\Dz3u2kxp.sys [21/11/2009 18:12 11392]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [21/03/2010 14:15 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [21/03/2010 14:15 83496]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24/02/2010 13:16 365280]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [26/04/2009 20:07 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [26/04/2009 20:08 234888]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:44]
2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=040c&s=0&o=xph&d=0409&m=el1200-01h
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Christelle Maître\Application Data\Mozilla\Firefox\Profiles\s1xxum27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-16 14:36
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x837CE7D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\atapi -> atapi.sys @ 0xf72f5852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: NVIDIA nForce 10/100/1000 Mbps Networking Controller -> SendCompleteHandler -> 0x8338f5c0
PacketIndicateHandler -> NDIS.sys @ 0xf719aa21
SendHandler -> NDIS.sys @ 0xf717887b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\NTMARTA.DLL
- - - - - - - > 'lsass.exe'(1128)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
Heure de fin: 2010-05-16 14:42:11
ComboFix-quarantined-files.txt 2010-05-16 18:42
ComboFix2.txt 2010-05-10 16:12
ComboFix3.txt 2010-05-09 19:38
Avant-CF: 30 635 536 384 octets libres
Après-CF: 31 925 424 128 octets libres
- - End Of File - - 58ECAA8E5CD69E64DBA524518F603C34