voici le rapport de ComboFix
ComboFix 10-03-15.04 - fabien 16/03/2010 9:11.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.261 [GMT 1:00]
Lancé depuis: c:\documents and settings\fabien\Bureau\ComboFix.exe
AV: Pack Sécurité SFR 9.12 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Pack Sécurité SFR 9.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions\{6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}
c:\documents and settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions\{6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}\chrome.manifest
c:\documents and settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions\{6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}\chrome\xulcache.jar
c:\documents and settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions\{6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}\defaults\preferences\xulcache.js
c:\documents and settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\extensions\{6cff2a34-3b7b-4a3b-9477-0a7f70ba41f6}\install.rdf
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\msnmgr.exe
c:\windows\system32\drivers\bxvyxtfv.sys
c:\windows\system32\drivers\lrsxiimg.sys
c:\windows\system32\jxtbmcno.dll
c:\windows\system32\jyhaxzm.dll
c:\windows\system32\szipmzr.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://premium.virginmega.fr
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BXVYXTFV
-------\Legacy_ZYPNBWIW
-------\Service_bxvyxtfv
-------\Service_zypnbwiw
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-16 au 2010-03-16 ))))))))))))))))))))))))))))))))))))
.
2010-03-15 19:21 . 2010-03-15 19:21 -------- d-----w- c:\program files\CCleaner
2010-03-15 10:23 . 2010-03-15 10:23 61440 ----a-w- c:\documents and settings\fabien\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71fed10d-n\decora-sse.dll
2010-03-15 10:23 . 2010-03-15 10:23 348160 ----a-w- c:\documents and settings\fabien\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62d00499-n\msvcr71.dll
2010-03-15 10:23 . 2010-03-15 10:23 503808 ----a-w- c:\documents and settings\fabien\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62d00499-n\msvcp71.dll
2010-03-15 10:23 . 2010-03-15 10:23 12800 ----a-w- c:\documents and settings\fabien\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71fed10d-n\decora-d3d.dll
2010-03-15 10:23 . 2010-03-15 10:23 499712 ----a-w- c:\documents and settings\fabien\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62d00499-n\jmc.dll
2010-03-15 10:22 . 2010-03-15 10:22 -------- d-----w- c:\program files\Fichiers communs\Java
2010-03-15 10:22 . 2010-03-15 10:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 10:21 . 2010-03-15 10:21 -------- d-----w- c:\program files\Java
2010-03-15 06:54 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 06:54 . 2010-03-15 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 06:54 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 21:59 . 2010-03-15 04:55 -------- d-----w- c:\program files\PersonSecurity
2010-03-14 20:13 . 2010-03-14 20:20 -------- d-----w- c:\program files\RegCleaner
2010-03-14 20:02 . 2010-03-14 20:02 -------- d-----w- c:\program files\ToniArts
2010-03-14 19:34 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-13 19:41 . 2010-03-14 20:08 -------- d-----w- c:\program files\trend micro
2010-03-13 16:06 . 2010-03-13 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-03-13 16:06 . 2010-03-13 16:06 -------- d-----w- c:\documents and settings\fabien\Application Data\AVS4YOU
2010-03-13 16:05 . 2010-03-14 10:13 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-03-13 16:05 . 2009-06-30 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-13 16:05 . 2010-03-14 10:13 -------- d-----w- c:\program files\AVS4YOU
2010-03-13 13:55 . 2010-03-13 13:55 -------- d-----w- c:\documents and settings\fabien\Application Data\Malwarebytes
2010-03-13 13:55 . 2010-03-13 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 13:53 . 2010-03-13 13:53 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 13:53 . 2010-03-13 13:53 -------- d-----w- c:\documents and settings\fabien\Local Settings\Application Data\Mozilla
2010-03-12 08:18 . 2010-03-12 08:18 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-03-11 07:51 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-25 20:17 . 2010-02-25 20:17 -------- d-----w- c:\program files\VirginMega
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:02 . 2006-03-02 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-15 19:21 . 2010-03-15 19:21 96512 ----a-w- c:\windows\system32\drivers\OLD2584.tmp
2010-03-15 17:51 . 2010-03-15 17:51 96512 ----a-w- c:\windows\system32\drivers\OLD988.tmp
2010-03-15 16:15 . 2010-03-15 16:15 96512 ----a-w- c:\windows\system32\drivers\OLD1CE0.tmp
2010-03-15 14:16 . 2009-02-22 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-15 10:10 . 2006-03-02 12:00 67476 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-15 10:10 . 2006-03-02 12:00 454462 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-14 20:02 . 2008-11-27 08:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 19:46 . 2009-02-22 13:12 -------- d-----w- c:\program files\Google
2010-03-12 13:31 . 2008-11-27 17:59 -------- d-----w- c:\documents and settings\fabien\Application Data\F-Secure
2010-03-11 20:16 . 2009-02-14 12:06 -------- d-----w- c:\program files\Windows Live
2010-03-11 19:37 . 2010-02-13 20:36 -------- d-----w- c:\documents and settings\fabien\Application Data\Skype
2010-02-25 20:15 . 2009-02-22 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-02-13 20:41 . 2010-02-13 20:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-13 20:41 . 2010-02-13 20:41 -------- d-----w- c:\documents and settings\fabien\Application Data\skypePM
2010-02-13 20:36 . 2010-02-13 20:36 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-02-13 20:36 . 2010-02-13 20:36 -------- d-----r- c:\program files\Skype
2010-02-13 20:36 . 2010-02-13 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-01 10:51 . 2008-11-26 17:50 -------- d-----w- c:\program files\Pack Securite
2010-02-01 10:50 . 2009-01-25 16:09 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-02-01 10:42 . 2008-11-26 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-01-03 14:30 . 2008-11-26 17:07 47032 ----a-w- c:\documents and settings\fabien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2008-11-26 15:48 347648 ----a-w- c:\windows\system32\mspaint.exe
.
------- Sigcheck -------
[-] 2010-03-15 20:02 . F4D8D2AF5AA13FFA0A35A9484920D0F9 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"HPWireless"="c:\program files\HP Wireless Adapter\HPWLAN.exe" [2006-10-04 618496]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Red‚marrer le gestionnaire de connexion.lnk - c:\program files\HP Wireless Printer Adapter\ConnectMgr.exe [2008-11-27 1122304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2002-11-05 02:00 184320 ----a-w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-22 13:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [25/01/2009 17:09 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [26/11/2008 18:52 81864]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Pack Securite\HIPS\drivers\fshs.sys [24/01/2009 14:21 69928]
R2 HPEAPPkt;Realtek EAPPkt Protocol(HP);c:\windows\system32\drivers\HPEAPPkt.sys [27/11/2008 18:18 68864]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [26/11/2008 18:50 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Pack Securite\ORSP Client\fsorsp.exe [24/01/2009 14:21 55992]
R3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [27/11/2008 09:38 11648]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [27/11/2008 09:38 10752]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [27/11/2008 09:38 37120]
R3 RTLWUSB;Wireless Adapter;c:\windows\system32\drivers\HPL8187.SYS [27/11/2008 18:19 189440]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [13/07/2005 16:37 260608]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [27/11/2008 18:19 13532]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [20/09/2002 18:42 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [20/09/2002 18:43 231983]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [22/03/2009 20:44 186551]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [26/11/2008 18:50 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [26/11/2008 18:50 27048]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - BXVYXTFV
*Deregistered* - bxvyxtfv
.
Contenu du dossier 'Tâches planifiées'
2010-03-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 10:29]
2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{5AF6D8A3-9F68-41B6-BB48-5E84CF2969FB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.neufportail.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Pack Securite\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\fabien\Application Data\Mozilla\Firefox\Profiles\amylm2er.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/
FF - component: c:\program files\Pack Securite\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellIconOverlayIdentifiers-{2CE7E8CF-3385-4FE9-8721-C04D57D02023} - (no file)
AddRemove-HijackThis - c:\documents and settings\fabien\Bureau\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 09:29
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(768)
c:\program files\pack securite\hips\fshook32.dll
- - - - - - - > 'lsass.exe'(824)
c:\program files\Pack Securite\FSPS\program\FSLSP.DLL
c:\program files\pack securite\hips\fshook32.dll
- - - - - - - > 'explorer.exe'(3040)
c:\program files\pack securite\hips\fshook32.dll
c:\program files\Pack Securite\Spam Control\fsscoepl.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Pack Securite\Anti-Virus\fsgk32st.exe
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Pack Securite\Anti-Virus\FSGK32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Pack Securite\Common\FSHDLL32.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Pack Securite\FWES\Program\fsdfwd.exe
c:\program files\Pack Securite\Anti-Virus\fssm32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pack Securite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Heure de fin: 2010-03-16 09:34:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-16 08:34
Avant-CF: 30 450 892 800 octets libres
Après-CF: 30 356 721 664 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 457A212706356D0BEC1E03E8B2F7D01D