Énorme plantage suite à un erreur du système
Résolu/Fermé
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
-
10 févr. 2008 à 22:30
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 - 9 mars 2008 à 15:49
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 - 9 mars 2008 à 15:49
A voir également:
- Énorme plantage suite à un erreur du système
- Erreur 0x80070643 - Guide
- Restauration du système - Guide
- Verification de l'etat du stockage systeme ps4 ✓ - Forum PS4
- Erreur 10016 epson - Forum Imprimante
- Dans la table des matières du document à télécharger, le chapitre 6 et ses 2 sections n'apparaissent pas. trouvez l'erreur dans la structure du document et corrigez-la. mettez à jour la table des matières. quel est le mot formé par les lettres en majuscules de la table des matières après sa mise à jour ? - Forum Word
47 réponses
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
2 mars 2008 à 20:56
2 mars 2008 à 20:56
D'accord, je suis prêt à le finir ce soir si tu es toujours libre : le rapport de combofix
ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 14:51:22
ComboFix-quarantined-files.txt 2008-03-03 19:51:06
ComboFix2.txt 2008-02-23 00:08:11
ComboFix3.txt 2008-02-20 23:29:44
ComboFix4.txt 2008-02-13 23:45:06
ComboFix5.txt 2008-02-13 00:26:42
.
2008-03-02 16:58:03 --- E O F ---
ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 14:51:22
ComboFix-quarantined-files.txt 2008-03-03 19:51:06
ComboFix2.txt 2008-02-23 00:08:11
ComboFix3.txt 2008-02-20 23:29:44
ComboFix4.txt 2008-02-13 23:45:06
ComboFix5.txt 2008-02-13 00:26:42
.
2008-03-02 16:58:03 --- E O F ---
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
2 mars 2008 à 20:57
2 mars 2008 à 20:57
Je suis d'accord pour le finir ce soir, si tu es toujours disponible : le rapport combofix ;
ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 14:51:22
ComboFix-quarantined-files.txt 2008-03-03 19:51:06
ComboFix2.txt 2008-02-23 00:08:11
ComboFix3.txt 2008-02-20 23:29:44
ComboFix4.txt 2008-02-13 23:45:06
ComboFix5.txt 2008-02-13 00:26:42
.
2008-03-02 16:58:03 --- E O F ---
Désolé du double message, sinon j'ai oublié de répondre à l'autre question. Mon pc se porte bien, il ne lag quasiment plus jamais, plus aucun message d'erreur, fluide tout roule bien en dirait et je t'en remercie .
ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 14:51:22
ComboFix-quarantined-files.txt 2008-03-03 19:51:06
ComboFix2.txt 2008-02-23 00:08:11
ComboFix3.txt 2008-02-20 23:29:44
ComboFix4.txt 2008-02-13 23:45:06
ComboFix5.txt 2008-02-13 00:26:42
.
2008-03-02 16:58:03 --- E O F ---
Désolé du double message, sinon j'ai oublié de répondre à l'autre question. Mon pc se porte bien, il ne lag quasiment plus jamais, plus aucun message d'erreur, fluide tout roule bien en dirait et je t'en remercie .
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
2 mars 2008 à 21:11
2 mars 2008 à 21:11
Re,
1/ * Sélectionne le texte suivant :
RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2/ Edite le rapport Combofix et un nouveau rapport Hijackthis.
FillPCA
1/ * Sélectionne le texte suivant :
RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2/ Edite le rapport Combofix et un nouveau rapport Hijackthis.
FillPCA
Re,
ComboFix 08-03-03.4 - User 2008-03-02 15:35:28.8 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-03 15:17 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]
[color=red]Files Infected - Win32.Agent.zb[/color]
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 15:55:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 16:10:43
ComboFix-quarantined-files.txt 2008-03-03 21:10:24
ComboFix2.txt 2008-03-03 19:51:25
ComboFix3.txt 2008-02-23 00:08:11
ComboFix4.txt 2008-02-20 23:29:44
ComboFix5.txt 2008-02-13 23:45:06
.
2008-03-02 20:26:25 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:12 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
ComboFix 08-03-03.4 - User 2008-03-02 15:35:28.8 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-03 15:17 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]
[color=red]Files Infected - Win32.Agent.zb[/color]
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 15:55:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 16:10:43
ComboFix-quarantined-files.txt 2008-03-03 21:10:24
ComboFix2.txt 2008-03-03 19:51:25
ComboFix3.txt 2008-02-23 00:08:11
ComboFix4.txt 2008-02-20 23:29:44
ComboFix5.txt 2008-02-13 23:45:06
.
2008-03-02 20:26:25 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:12 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
2 mars 2008 à 22:16
2 mars 2008 à 22:16
Re,
Je me renseigne, car il y a un agent infectieux qui ne part pas.
FillPCA
Edite : peux-tu faire ceci :
* Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
* Dézippe-le sur ton bureau (Clic droit>Extraire ici).
* Double-clique sur GenProc.bat et édite le rapport généré par le programme.
* Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
FillPCA
Je me renseigne, car il y a un agent infectieux qui ne part pas.
FillPCA
Edite : peux-tu faire ceci :
* Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
* Dézippe-le sur ton bureau (Clic droit>Extraire ici).
* Double-clique sur GenProc.bat et édite le rapport généré par le programme.
* Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
2 mars 2008 à 22:28
2 mars 2008 à 22:28
Re, alors voilà :
[1] GenProc 0.79 Mon 03/03/2008 : Aucune infection caractéristique trouvée !
[1] GenProc 0.79 Mon 03/03/2008 : Aucune infection caractéristique trouvée !
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
2 mars 2008 à 22:29
2 mars 2008 à 22:29
OK. J'ai demandé de l'aide de la part de copains.
Une question : msn fonctionne normalement ?
FillPCA
Une question : msn fonctionne normalement ?
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
2 mars 2008 à 22:36
2 mars 2008 à 22:36
Merci de ton aide .
Msn fonctionne fonctionne normalement, il se peut que le problème vient du fait que j'aie mal désinstaller le programme Msn discovery et que il y a un problème dessus ? Il me demande le fichier manquant pour msn discovery puis lorsque je clique sur ok il m'affiche msn normalement ? Devrai-je installer msn discovery et le dé-installer pour voir si sa corrigerai le problème ?
Msn fonctionne fonctionne normalement, il se peut que le problème vient du fait que j'aie mal désinstaller le programme Msn discovery et que il y a un problème dessus ? Il me demande le fichier manquant pour msn discovery puis lorsque je clique sur ok il m'affiche msn normalement ? Devrai-je installer msn discovery et le dé-installer pour voir si sa corrigerai le problème ?
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
2 mars 2008 à 22:56
2 mars 2008 à 22:56
Re,
On va faire ceci :
1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
Clique sur fix/réparer.
2/ * Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :
EmptyTemp
* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
3/ Lance combofix normalement.
4/ Essaie Windows Live messengers et dis-moi comment ça marche.
FillPCA
On va faire ceci :
1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
Clique sur fix/réparer.
2/ * Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :
EmptyTemp
* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
3/ Lance combofix normalement.
4/ Essaie Windows Live messengers et dis-moi comment ça marche.
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
2 mars 2008 à 23:59
2 mars 2008 à 23:59
Re,
File/Folder C:\Program Files\Windows Live\Messenger\msnmsgr .exe not found.
[Custom Input]
< EmptyTemp >
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF153.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF1B73.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD012.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD053.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFFDB1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00714.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07fa2.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
OTMoveIt2 v1.0.19 log created on 03032008_170439
ComboFix 08-03-03.4 - User 2008-03-03 17:22:47.9 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-03 17:09 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-03 17:09 25,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-03 17:11 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>/code
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 17:40:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 17:54:39
ComboFix-quarantined-files.txt 2008-03-03 22:54:20
ComboFix2.txt 2008-03-03 21:10:47
ComboFix3.txt 2008-03-03 19:51:25
ComboFix4.txt 2008-02-23 00:08:11
ComboFix5.txt 2008-02-20 23:29:44
.
2008-03-03 22:08:55 --- E O F ---
WLM semble fonctionne normalement, il a l'air plus fluide et un brin plus rapide , l'infection est-elle toujours présente ?
File/Folder C:\Program Files\Windows Live\Messenger\msnmsgr .exe not found.
[Custom Input]
< EmptyTemp >
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF153.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF1B73.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD012.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD053.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFFDB1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00714.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07fa2.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
OTMoveIt2 v1.0.19 log created on 03032008_170439
ComboFix 08-03-03.4 - User 2008-03-03 17:22:47.9 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-03 17:09 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-03 17:09 25,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-03 17:11 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>/code
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 17:40:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 17:54:39
ComboFix-quarantined-files.txt 2008-03-03 22:54:20
ComboFix2.txt 2008-03-03 21:10:47
ComboFix3.txt 2008-03-03 19:51:25
ComboFix4.txt 2008-02-23 00:08:11
ComboFix5.txt 2008-02-20 23:29:44
.
2008-03-03 22:08:55 --- E O F ---
WLM semble fonctionne normalement, il a l'air plus fluide et un brin plus rapide , l'infection est-elle toujours présente ?
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
3 mars 2008 à 00:03
3 mars 2008 à 00:03
Re,
Elle apparait dans le rapport, mais je pense à un faux-positif. Je pense que c'est réglé, mais je t'apporte confirmation dès que j'ai du nouveau.
En attendant, peux-tu faire ceci ?
* Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
* Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
* Ton Bureau va disparaître. Ceci est normal.
* S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.
FillPCA
Elle apparait dans le rapport, mais je pense à un faux-positif. Je pense que c'est réglé, mais je t'apporte confirmation dès que j'ai du nouveau.
En attendant, peux-tu faire ceci ?
* Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
* Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
* Ton Bureau va disparaître. Ceci est normal.
* S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
3 mars 2008 à 00:23
3 mars 2008 à 00:23
Ça va aucun problème, je l'ai effectué :
-->- Suppression:
C:\Documents and Settings\User\Desktop\SdFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\User\Desktop\LopXpMh2: supprimé !
C:\Documents and Settings\User\Desktop\GenProc: supprimé !
-->- Suppression:
C:\Documents and Settings\User\Desktop\SdFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\User\Desktop\LopXpMh2: supprimé !
C:\Documents and Settings\User\Desktop\GenProc: supprimé !
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
3 mars 2008 à 10:29
3 mars 2008 à 10:29
Salut,
J'ai peut-être une piste.
FillPCA
J'ai peut-être une piste.
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
4 mars 2008 à 00:43
4 mars 2008 à 00:43
Ah d'accord c'est une bonne nouvelle, si tu as besoin d'un coup de pouce pour recherche, tu pourrais me dire les mots-clefs principales et je chercherai sur google, puisque je ne connais pas le nom ou le type de l'infection
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
4 mars 2008 à 21:47
4 mars 2008 à 21:47
Salut,
Les difficultés du nettoyage seraient apparemment liées au mode d'affichage lié à ce forum. On va se resservir de Combofix.
* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Envoie-moi ce rapport soit par un serveur d'hébergement comme YousendIt ou par Email à l'adresse suivante :
ncquqtqz@trashmail.net
FillPCA
Les difficultés du nettoyage seraient apparemment liées au mode d'affichage lié à ce forum. On va se resservir de Combofix.
* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Envoie-moi ce rapport soit par un serveur d'hébergement comme YousendIt ou par Email à l'adresse suivante :
ncquqtqz@trashmail.net
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
5 mars 2008 à 01:39
5 mars 2008 à 01:39
Salut !
Voilà scan effectué et disponible ici même :
https://www.hightail.com/
Merci !
Voilà scan effectué et disponible ici même :
https://www.hightail.com/
Merci !
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
5 mars 2008 à 09:31
5 mars 2008 à 09:31
bonjour,
Le format d'affichage est en effet différent !
* Sélectionne le texte suivant :
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Edite ce rapport.
FillPCA
Le format d'affichage est en effet différent !
* Sélectionne le texte suivant :
RENV:: C:\Program Files\Windows Live\Messenger\msnmsgr .exe C:\Program Files\Windows Live\Messenger\msnmsgr .exe C:\Program Files\Windows Live\Messenger\msnmsgr .exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Edite ce rapport.
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
5 mars 2008 à 17:11
5 mars 2008 à 17:11
Salut voilà le scan effectué, je l'ai aussi hebergé sur YouSendIt au cas ou il y aurait un problème :
https://www.hightail.com/
et
ComboFix 08-03-04.4 - User 2008-03-05 10:51:21.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d-------- C:\Program Files\Uniblue
2008-03-04 20:49 . 2008-03-04 20:51 <DIR> d-------- C:\Documents and Settings\User\.LocalCooling
2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{7C24407D-548F-4211-9AD3-2549A100B03D}
2008-03-04 16:41 . 2008-03-04 17:16 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-03-04 13:28 . 2008-03-04 13:28 2,208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys
2008-03-03 20:42 . 2008-03-03 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-03-03 20:41 . 2008-03-03 20:41 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\BoontyGames
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Boonty
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-03-03 20:48 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-04 22:22 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-04 22:22 32,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-05 09:58 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 17:30 . 2008-03-03 18:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 10:35 . 2008-03-03 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-03-05 10:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 00:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 20:14 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-03-04 19:34 --------- d-----w C:\Program Files\TheTurtle
2008-03-04 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-04 15:22 --------- d-----w C:\Program Files\SnIco Edit
2008-02-04 02:13 --------- d-----w C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-04 02:11 --------- d-----w C:\Program Files\GtkRadiant 1.5.0
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-14 10:06 21,632 ----a-w C:\WINDOWS\system32\drivers\ManyCam.sys
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-04_19.33.54.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-05 14:58:01 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 20:06 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 12:44 815104]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"PopUpStopperFreeEdition"=; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LocalCooling"=; "C:\Program Files\LocalCooling\localcooling.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-03-04 13:28]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 05:06]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-03-03 20:41]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 11:01:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TheTurtle\rkmt.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TheTurtle\rkmt.dll
.
Completion time: 2008-03-05 11:05:27
ComboFix2.txt 2008-03-05 00:35:43
ComboFix3.txt 2008-03-03 22:54:42
.
2008-03-05 03:21:41 --- E O F ---
Merci :)
https://www.hightail.com/
et
ComboFix 08-03-04.4 - User 2008-03-05 10:51:21.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d-------- C:\Program Files\Uniblue
2008-03-04 20:49 . 2008-03-04 20:51 <DIR> d-------- C:\Documents and Settings\User\.LocalCooling
2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{7C24407D-548F-4211-9AD3-2549A100B03D}
2008-03-04 16:41 . 2008-03-04 17:16 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-03-04 13:28 . 2008-03-04 13:28 2,208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys
2008-03-03 20:42 . 2008-03-03 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-03-03 20:41 . 2008-03-03 20:41 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\BoontyGames
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Boonty
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-03-03 20:48 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-04 22:22 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-04 22:22 32,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-05 09:58 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 17:30 . 2008-03-03 18:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 10:35 . 2008-03-03 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-03-05 10:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 00:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 20:14 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-03-04 19:34 --------- d-----w C:\Program Files\TheTurtle
2008-03-04 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-04 15:22 --------- d-----w C:\Program Files\SnIco Edit
2008-02-04 02:13 --------- d-----w C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-04 02:11 --------- d-----w C:\Program Files\GtkRadiant 1.5.0
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-14 10:06 21,632 ----a-w C:\WINDOWS\system32\drivers\ManyCam.sys
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-04_19.33.54.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-05 14:58:01 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 20:06 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 12:44 815104]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"PopUpStopperFreeEdition"=; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LocalCooling"=; "C:\Program Files\LocalCooling\localcooling.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-03-04 13:28]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 05:06]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-03-03 20:41]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 11:01:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TheTurtle\rkmt.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TheTurtle\rkmt.dll
.
Completion time: 2008-03-05 11:05:27
ComboFix2.txt 2008-03-05 00:35:43
ComboFix3.txt 2008-03-03 22:54:42
.
2008-03-05 03:21:41 --- E O F ---
Merci :)
FillPCA
Messages postés
2242
Date d'inscription
samedi 21 avril 2007
Statut
Non membre
Dernière intervention
18 février 2023
123
5 mars 2008 à 21:15
5 mars 2008 à 21:15
Salut,
1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".
* "appliquer" et "ok"
2/ * Peux-tu tester ceci : C:\WINDOWS\system32\drivers\nxsIO32.sys
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
FillPCA
1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".
* "appliquer" et "ok"
2/ * Peux-tu tester ceci : C:\WINDOWS\system32\drivers\nxsIO32.sys
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
FillPCA
Foud35
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
5 mars 2008 à 22:48
5 mars 2008 à 22:48
Salut rapport effectué :
Fichier nxsIO32.sys reçu le 2008.03.05 22:40:38 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.13%)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.4.0 2008.03.05 -
AntiVir 7.6.0.73 2008.03.05 -
Authentium 4.93.8 2008.03.04 -
Avast 4.7.1098.0 2008.03.05 -
AVG 7.5.0.516 2008.03.05 -
BitDefender 7.2 2008.03.05 -
CAT-QuickHeal 9.50 2008.03.05 -
ClamAV 0.92.1 2008.03.05 -
DrWeb 4.44.0.09170 2008.03.05 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5590 2008.03.05 -
Ewido 4.0 2008.03.05 -
FileAdvisor 1 2008.03.05 -
Fortinet 3.14.0.0 2008.03.05 -
F-Prot 4.4.2.54 2008.03.04 -
F-Secure 6.70.13260.0 2008.03.05 -
Ikarus T3.1.1.20 2008.03.05 -
Kaspersky 7.0.0.125 2008.03.05 -
McAfee 5245 2008.03.05 -
Microsoft 1.3301 2008.03.05 -
NOD32v2 2923 2008.03.05 -
Norman 5.80.02 2008.03.05 -
Panda 9.0.0.4 2008.03.05 -
Prevx1 V2 2008.03.05 -
Rising 20.34.22.00 2008.03.05 -
Sophos 4.27.0 2008.03.05 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.05 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.05 -
Webwasher-Gateway 6.6.2 2008.03.05 Win32.Malware.gen!88 (suspicious)
Information additionnelle
File size: 2208 bytes
Merci d'avance
Fichier nxsIO32.sys reçu le 2008.03.05 22:40:38 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.13%)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.4.0 2008.03.05 -
AntiVir 7.6.0.73 2008.03.05 -
Authentium 4.93.8 2008.03.04 -
Avast 4.7.1098.0 2008.03.05 -
AVG 7.5.0.516 2008.03.05 -
BitDefender 7.2 2008.03.05 -
CAT-QuickHeal 9.50 2008.03.05 -
ClamAV 0.92.1 2008.03.05 -
DrWeb 4.44.0.09170 2008.03.05 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5590 2008.03.05 -
Ewido 4.0 2008.03.05 -
FileAdvisor 1 2008.03.05 -
Fortinet 3.14.0.0 2008.03.05 -
F-Prot 4.4.2.54 2008.03.04 -
F-Secure 6.70.13260.0 2008.03.05 -
Ikarus T3.1.1.20 2008.03.05 -
Kaspersky 7.0.0.125 2008.03.05 -
McAfee 5245 2008.03.05 -
Microsoft 1.3301 2008.03.05 -
NOD32v2 2923 2008.03.05 -
Norman 5.80.02 2008.03.05 -
Panda 9.0.0.4 2008.03.05 -
Prevx1 V2 2008.03.05 -
Rising 20.34.22.00 2008.03.05 -
Sophos 4.27.0 2008.03.05 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.05 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.05 -
Webwasher-Gateway 6.6.2 2008.03.05 Win32.Malware.gen!88 (suspicious)
Information additionnelle
File size: 2208 bytes
Merci d'avance