Sujet Précédent Sujet Suivant

Infection trojan Win32:TratBHO[Trj] + autres?

Fermé
cyril_seventy - 26 févr. 2008 à 15:57
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 2 mars 2008 à 13:44
Bonjour,
je suis infecté par infection trojan Win32:TratBHO[Trj] detecté par avast et surement autres chose : msn n'arrive plus à se conneter, infection sur e mule ds incomming.... bref la panique !


merci bcp


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:02, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Mes documents\Cyril\Security\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Mes documents\Cyril\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0019a42a] rundll32.exe "C:\WINDOWS\system32\kemjbfdq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.dogmazic.net/
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Mes documents\Cyril\Security\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE (file missing)
O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE (file missing)
O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program Files\BufferZone\BZRPCSS.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

15 réponses

Réponse 1 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
26 févr. 2008 à 16:05
Salut


Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
cyril_seventy
26 févr. 2008 à 16:18
j'avais deja commncer de le faire mais sans le mettre en mode ss echec, faut il que je le fasse?

voici qand meme le rapport:
ComboFix 08-02-25.3 - Marc 2008-02-26 16:00:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.372 [GMT 1:00]
Endroit: C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\MS2BWJ0P\ComboFix[1].exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[i] ADS - system32: deleted 0 bytes in 1 streams. [/i]
[i] ADS - svchost.exe: deleted 132 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\agexdgvs.dll
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\byxxvus.dll
C:\WINDOWS\system32\cbxywvs.dll
C:\WINDOWS\system32\ddcbbxu.dll
C:\WINDOWS\system32\ddccawu.dll
C:\WINDOWS\system32\eedofsiq.dll
C:\WINDOWS\system32\efcyyxv.dll
C:\WINDOWS\system32\esmnimnx.ini
C:\WINDOWS\system32\fccawwx.dll
C:\WINDOWS\system32\fccbaax.dll
C:\WINDOWS\system32\fccyvwu.dll
C:\WINDOWS\system32\fccyxxu.dll
C:\WINDOWS\system32\gebaxxu.dll
C:\WINDOWS\system32\gebyxyx.dll
C:\WINDOWS\system32\gucchvbu.dll
C:\WINDOWS\system32\hajhnvgu.dll
C:\WINDOWS\system32\hggebxy.dll
C:\WINDOWS\system32\hgghghf.dll
C:\WINDOWS\system32\hgghhih.dll
C:\WINDOWS\system32\icqrccsw.dll
C:\WINDOWS\system32\iifdddd.dll
C:\WINDOWS\system32\itwodtqk.dll
C:\WINDOWS\system32\ivyiotkm.dll
C:\WINDOWS\system32\jkkjjkj.dll
C:\WINDOWS\system32\jkklkkl.dll
C:\WINDOWS\system32\jvmsbdyv.dll
C:\WINDOWS\system32\kardkrmv.dll
C:\WINDOWS\system32\kemjbfdq.dll
C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\lnwoedtn.dll
C:\WINDOWS\system32\mbhcrx.dat
C:\WINDOWS\system32\mbhcrx.exe
C:\WINDOWS\system32\mbhcrx_nav.dat
c:\WINDOWS\system32\mbhcrx_navps.dat
c:\WINDOWS\system32\mbhcrx_navup.dat
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljkjig.dll
C:\WINDOWS\system32\nnnoolk.dll
C:\WINDOWS\system32\npubtmww.dll
C:\WINDOWS\system32\ntdeownl.ini
C:\WINDOWS\system32\opnkhgd.dll
C:\WINDOWS\system32\opnlmml.dll
C:\WINDOWS\system32\opnmjkh.dll
C:\WINDOWS\system32\opnmnkh.dll
C:\WINDOWS\system32\oqonauuf.dll
C:\WINDOWS\system32\pmnoolj.dll
C:\WINDOWS\system32\pmnopqp.dll
C:\WINDOWS\system32\qdfbjmek.ini
C:\WINDOWS\system32\qommjhf.dll
C:\WINDOWS\system32\qommlml.dll
C:\WINDOWS\system32\ssqnoml.dll
C:\WINDOWS\system32\ssqonli.dll
C:\WINDOWS\system32\tuvttuu.dll
C:\WINDOWS\system32\ugvnhjah.ini
C:\WINDOWS\system32\urqqonl.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\vcibyrgg.dll
C:\WINDOWS\system32\vmrkdrak.ini
C:\WINDOWS\system32\vmsbsoky.dll
C:\WINDOWS\system32\vtusssq.dll
C:\WINDOWS\system32\vydbsmvj.ini
C:\WINDOWS\system32\wsccrqci.ini
C:\WINDOWS\system32\wvusqrs.dll
C:\WINDOWS\system32\wvuvttu.dll
C:\WINDOWS\system32\xmsgdryy.ini
C:\WINDOWS\system32\xnminmse.dll
C:\WINDOWS\system32\xxyvssr.dll
C:\WINDOWS\system32\xxyyvsq.dll
C:\WINDOWS\system32\yaywxyx.dll
C:\WINDOWS\system32\yayxxut.dll
C:\WINDOWS\system32\ycowlpgf.dll
C:\WINDOWS\system32\yyrdgsmx.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 15:14 . <REP> C:\WINDOWS\LastGood.Tmp
2008-02-26 15:05 . 2008-02-26 15:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 09:38 . 2008-02-26 16:05 <REP> d-------- C:\Documents and Settings\Marc\Application Data\DNA
2008-02-24 17:44 . 2008-02-25 17:44 586 ---hs---- C:\WINDOWS\system32\fwtkmigt.ini
2008-02-23 17:16 . 2008-02-23 17:16 294 ---hs---- C:\WINDOWS\system32\bjqcpffp.ini
2008-02-20 10:41 . 2008-02-21 10:46 586 ---hs---- C:\WINDOWS\system32\mfkisfgc.ini
2008-02-18 00:10 . 2008-02-18 00:10 <REP> d-------- C:\Program Files\InfraRecorder
2008-02-18 00:10 . 2008-02-18 00:18 <REP> d-------- C:\Documents and Settings\Marc\Application Data\InfraRecorder
2008-02-17 20:56 . 2008-02-18 00:10 <REP> d-------- C:\Program Files\Free Easy Burner
2008-02-17 20:56 . 2005-03-11 17:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-02-17 20:56 . 2005-02-24 12:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-02-17 20:56 . 2005-02-24 11:51 348,160 --a------ C:\WINDOWS\system32\WMAFile.dll
2008-02-17 20:56 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-02-17 20:56 . 2005-01-10 12:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-02-17 20:56 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-02-17 20:56 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-02-17 20:56 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-02-14 11:42 . 2008-02-15 10:28 354 ---hs---- C:\WINDOWS\system32\wkmbftfk.ini
2008-02-13 22:58 . 2008-02-13 22:58 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-07 22:22 . 2008-02-07 22:22 244 --ah----- C:\sqmnoopt18.sqm
2008-02-07 22:22 . 2008-02-07 22:22 232 --ah----- C:\sqmdata18.sqm
2008-02-07 22:18 . 2008-02-07 22:18 244 --ah----- C:\sqmnoopt17.sqm
2008-02-07 22:18 . 2008-02-07 22:18 232 --ah----- C:\sqmdata17.sqm
2008-02-07 22:17 . 2008-02-07 22:17 244 --ah----- C:\sqmnoopt16.sqm
2008-02-07 22:17 . 2008-02-07 22:17 232 --ah----- C:\sqmdata16.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt15.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt14.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt12.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt11.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata15.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata14.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata13.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata12.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata11.sqm
2008-02-07 22:02 . 2008-02-07 22:02 244 --ah----- C:\sqmnoopt10.sqm
2008-02-07 22:02 . 2008-02-07 22:02 232 --ah----- C:\sqmdata10.sqm
2008-02-01 22:52 . 2008-02-01 22:52 <REP> d-------- C:\Program Files\DNA
2008-02-01 19:31 . 2008-02-02 20:41 37,888 --a------ C:\WINDOWS\system32\rar.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 20:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 15:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-26 14:13 --------- dcsha-w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 14:03 --------- d---a-w C:\Program Files\MSN Messenger
2008-02-25 23:21 --------- d-----w C:\Program Files\eMule
2008-02-17 23:03 --------- d-----w C:\Program Files\Eudora
2008-02-17 19:52 --------- d-----w C:\Program Files\VSO
2008-02-17 19:48 --------- d-----w C:\Documents and Settings\Marc\Application Data\Vso
2008-02-01 22:05 --------- d-----w C:\Documents and Settings\Marc\Application Data\BitTorrent
2008-01-25 22:38 --------- d-----w C:\Program Files\Anark
2008-01-25 13:21 --------- d-----w C:\Program Files\Skyline
2008-01-21 10:34 --------- d-----w C:\Program Files\Maple 9.5
2008-01-12 22:32 --------- d-----w C:\Documents and Settings\Marc\Application Data\AdobeUM
2008-01-02 22:58 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-02 13:02 --------- d-----w C:\Program Files\iTunes
2008-01-01 13:09 --------- d---a-w C:\Program Files\Messenger Plus! Live
2008-01-01 11:34 --------- d-----w C:\Documents and Settings\Marc\Application Data\Samsung
2007-12-31 14:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 14:57 --------- d-----w C:\Program Files\Samsung
2007-12-29 10:59 --------- d--h--w C:\Program Files\Zero G Registry
2006-12-26 15:54 87,608 ----a-w C:\Documents and Settings\Marc\Application Data\ezpinst.exe
2006-12-26 15:54 47,360 -c--a-w C:\Documents and Settings\Marc\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{044CA475-ECB9-4D2C-ADF3-CDD01AA67523}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BE38B33-87C9-4504-93DC-1C1CE5A691CA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BC1504C-BAD2-4B40-895A-4E203CAC87D1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48814d70-c198-4159-896e-03150f72c4c1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59D0CA93-F817-4A43-A869-C02232612CE7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67E174BA-E219-44E1-9455-CBC879C9A205}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9E7A541-05FE-4A30-9276-593AA0672C8B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3717193-94EA-462B-A821-DDFE1BF0ABAD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D025BDD3-6CBB-4D42-888F-9850FA5594A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50C7DF1-24C4-4C46-8354-C92D49152234}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 11:26 68856]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 11:29 287040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04 59392]
"LaunchApp"="Alaunch" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-14 07:48 14477312 C:\WINDOWS\RTHDCPL.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 19:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 19:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 19:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 19:00 455168]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 08:03 352256]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Alcmtr"="ALCMTR.EXE" [2005-06-14 07:48 69632 C:\WINDOWS\Alcmtr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 19:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinSpooler.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Eudora\Odile\EuShlExt.dll [2002-09-30 17:36 86016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless 802.11g USB Adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless 802.11g USB Adapter.lnk
backup=C:\WINDOWS\pss\Wireless 802.11g USB Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BufferZone]
C:\Program Files\BufferZone\CLIENTGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
-ra------ 2006-04-19 16:21 94208 C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 19:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 14:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-06-19 09:17 1241088 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFFAP]
-ra------ 2003-08-05 09:43 45056 C:\WINDOWS\system32\HotfixQ0306270.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 17:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 11:26 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-01-29 12:07 3718312 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"kavsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 08:16]
R0 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 10:29]
R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2007-09-11 16:13]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2005-05-31 07:34]
R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 21:05]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 13:46]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2005-05-31 07:34]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2005-05-31 10:43]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-05-31 07:34]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-05-31 10:43]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-05-31 07:34]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 21:05]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys []
S2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\CLNTSVC.EXE []
S2 BZDcomLaunch;BufferZone DCOM Helper;C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE []
S2 BZRpcSs;BufferZone RPC Helper;C:\Program Files\BufferZone\BZRPCSS.EXE []
S2 hcw88ts;Hauppauge WinTV 88x TS Capture;C:\WINDOWS\system32\drivers\hcw88ts.sys [2005-03-23 05:12]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 10:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15675d26-32c6-11dc-bf40-00142a459835}]
\Shell\AutoRun\command - J:\start.exe
\Shell\Clé-contact\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61f4c38c-bedf-11dc-8049-00142a459835}]
\Shell\AutoRun\command - K:\start.exe
\Shell\FramaKey\command - K:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e4fb9c-c96c-11db-be84-00142a459835}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-25 12:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 16:08:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Mes documents\Cyril\Security\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\WinSpooler.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-26 16:12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 15:12:27
.
2008-02-13 22:00:09 --- E O F ---
0
Réponse 2 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
26 févr. 2008 à 16:24
pas mal ... oui refais le en mode sans echec stp, et poste le nouveau rapport

++
0
Réponse 3 / 15
cyril_seventy
26 févr. 2008 à 16:43
ComboFix 08-02-25.3 - Marc 2008-02-26 16:32:06.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.765 [GMT 1:00]
Endroit: C:\Documents and Settings\Marc\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 15:05 . 2008-02-26 15:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 09:38 . 2008-02-26 16:27 <REP> d-------- C:\Documents and Settings\Marc\Application Data\DNA
2008-02-24 17:44 . 2008-02-25 17:44 586 ---hs---- C:\WINDOWS\system32\fwtkmigt.ini
2008-02-23 17:16 . 2008-02-23 17:16 294 ---hs---- C:\WINDOWS\system32\bjqcpffp.ini
2008-02-20 10:41 . 2008-02-21 10:46 586 ---hs---- C:\WINDOWS\system32\mfkisfgc.ini
2008-02-18 00:10 . 2008-02-18 00:10 <REP> d-------- C:\Program Files\InfraRecorder
2008-02-18 00:10 . 2008-02-18 00:18 <REP> d-------- C:\Documents and Settings\Marc\Application Data\InfraRecorder
2008-02-17 20:56 . 2008-02-18 00:10 <REP> d-------- C:\Program Files\Free Easy Burner
2008-02-17 20:56 . 2005-03-11 17:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-02-17 20:56 . 2005-02-24 12:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-02-17 20:56 . 2005-02-24 11:51 348,160 --a------ C:\WINDOWS\system32\WMAFile.dll
2008-02-17 20:56 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-02-17 20:56 . 2005-01-10 12:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-02-17 20:56 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-02-17 20:56 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-02-17 20:56 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-02-14 11:42 . 2008-02-15 10:28 354 ---hs---- C:\WINDOWS\system32\wkmbftfk.ini
2008-02-13 22:58 . 2008-02-13 22:58 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-07 22:22 . 2008-02-07 22:22 244 --ah----- C:\sqmnoopt18.sqm
2008-02-07 22:22 . 2008-02-07 22:22 232 --ah----- C:\sqmdata18.sqm
2008-02-07 22:18 . 2008-02-07 22:18 244 --ah----- C:\sqmnoopt17.sqm
2008-02-07 22:18 . 2008-02-07 22:18 232 --ah----- C:\sqmdata17.sqm
2008-02-07 22:17 . 2008-02-07 22:17 244 --ah----- C:\sqmnoopt16.sqm
2008-02-07 22:17 . 2008-02-07 22:17 232 --ah----- C:\sqmdata16.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt15.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt14.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt12.sqm
2008-02-07 22:09 . 2008-02-07 22:09 244 --ah----- C:\sqmnoopt11.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata15.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata14.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata13.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata12.sqm
2008-02-07 22:09 . 2008-02-07 22:09 232 --ah----- C:\sqmdata11.sqm
2008-02-07 22:02 . 2008-02-07 22:02 244 --ah----- C:\sqmnoopt10.sqm
2008-02-07 22:02 . 2008-02-07 22:02 232 --ah----- C:\sqmdata10.sqm
2008-02-01 22:52 . 2008-02-01 22:52 <REP> d-------- C:\Program Files\DNA
2008-02-01 19:31 . 2008-02-02 20:41 37,888 --a------ C:\WINDOWS\system32\rar.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 20:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 15:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-26 14:13 --------- dcsha-w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 14:03 --------- d---a-w C:\Program Files\MSN Messenger
2008-02-25 23:21 --------- d-----w C:\Program Files\eMule
2008-02-25 12:48 609,280 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-02-25 12:48 1,643,008 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-02-24 11:55 350,208 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-02-24 11:55 1,636,864 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-02-24 11:39 2,692,608 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-02-24 11:39 1,636,352 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-17 23:03 --------- d-----w C:\Program Files\Eudora
2008-02-17 19:52 --------- d-----w C:\Program Files\VSO
2008-02-17 19:48 --------- d-----w C:\Documents and Settings\Marc\Application Data\Vso
2008-02-16 00:10 1,584,128 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-02-15 16:44 2,785,792 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-15 16:44 1,582,080 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-11 08:49 114,201 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_10_22_02_52_small.dmp.zip
2008-02-03 18:48 2,984,960 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-02 19:59 40,448 ----a-w C:\WINDOWS\system32\NTSpool.exe
2008-02-02 19:41 1,470,464 ----a-w C:\WINDOWS\system32\WinSpooler.exe
2008-02-01 22:05 --------- d-----w C:\Documents and Settings\Marc\Application Data\BitTorrent
2008-01-25 22:38 --------- d-----w C:\Program Files\Anark
2008-01-25 13:21 --------- d-----w C:\Program Files\Skyline
2008-01-21 10:34 --------- d-----w C:\Program Files\Maple 9.5
2008-01-12 22:32 --------- d-----w C:\Documents and Settings\Marc\Application Data\AdobeUM
2008-01-12 22:31 16,537,093 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_12_15_09_09_full.dmp.zip
2008-01-12 22:31 115,043 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_12_15_08_53_small.dmp.zip
2008-01-12 14:09 3,071,488 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-08 21:04 3,245,568 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-01-08 21:01 3,245,568 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-01-05 17:44 7,262,983 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-02 22:58 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-02 13:02 --------- d-----w C:\Program Files\iTunes
2008-01-01 13:09 --------- d---a-w C:\Program Files\Messenger Plus! Live
2008-01-01 11:34 --------- d-----w C:\Documents and Settings\Marc\Application Data\Samsung
2007-12-31 14:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 14:57 --------- d-----w C:\Program Files\Samsung
2007-12-29 10:59 28,672 ----a-w C:\WINDOWS\system32\maplec.dll
2007-12-29 10:59 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-13 12:02 2,867,712 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-21 12:18 2,616,320 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-10-21 18:02 2,353,152 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-10-07 15:31 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-09-30 11:18 3,084,800 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-09-30 11:18 2,217,472 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-09-30 08:49 2,217,472 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-09-29 10:55 2,213,888 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-09-27 08:52 2,206,208 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-09-25 20:36 2,202,112 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-09-25 20:36 1,643,008 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-09-25 14:19 2,197,504 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-09-24 13:26 2,194,432 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-09-24 13:24 183,808 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-09-24 11:39 2,194,944 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-09-24 10:00 3,769,344 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-09-16 09:24 30,602 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_16_00_13_57_small.dmp.zip
2007-07-08 07:25 16,568,682 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_21_58_52_full.dmp.zip
2007-07-08 07:25 113,337 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_07_21_58_12_small.dmp.zip
2007-06-30 07:24 20,866,788 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_06_30_09_22_29_full.dmp.zip
2007-06-25 08:17 45,396 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_25_01_31_20_small.dmp.zip
2007-01-21 08:55 102,343 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_20_14_01_40_small.dmp.zip
2007-01-06 10:39 109,634 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_06_11_26_08_small.dmp.zip
2006-12-26 15:54 87,608 ----a-w C:\Documents and Settings\Marc\Application Data\ezpinst.exe
2006-12-26 15:54 47,360 -c--a-w C:\Documents and Settings\Marc\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 11:26 68856]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 11:29 287040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04 59392]
"LaunchApp"="Alaunch" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-14 07:48 14477312 C:\WINDOWS\RTHDCPL.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 19:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 19:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 19:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 19:00 455168]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 08:03 352256]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-10 19:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 19:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinSpooler.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Eudora\Odile\EuShlExt.dll [2002-09-30 17:36 86016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless 802.11g USB Adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless 802.11g USB Adapter.lnk
backup=C:\WINDOWS\pss\Wireless 802.11g USB Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BufferZone]
C:\Program Files\BufferZone\CLIENTGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
-ra------ 2006-04-19 16:21 94208 C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 19:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 14:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-06-19 09:17 1241088 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFFAP]
-ra------ 2003-08-05 09:43 45056 C:\WINDOWS\system32\HotfixQ0306270.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 17:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 11:26 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-01-29 12:07 3718312 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"kavsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 08:16]
R0 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 10:29]
R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2007-09-11 16:13]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2005-05-31 07:34]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys []
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 21:05]
S2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\CLNTSVC.EXE []
S2 BZDcomLaunch;BufferZone DCOM Helper;C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE []
S2 BZRpcSs;BufferZone RPC Helper;C:\Program Files\BufferZone\BZRPCSS.EXE []
S2 hcw88ts;Hauppauge WinTV 88x TS Capture;C:\WINDOWS\system32\drivers\hcw88ts.sys [2005-03-23 05:12]
S2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 13:46]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 10:35]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2005-05-31 07:34]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2005-05-31 10:43]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-05-31 07:34]
S3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-05-31 10:43]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-05-31 07:34]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 21:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15675d26-32c6-11dc-bf40-00142a459835}]
\Shell\AutoRun\command - J:\start.exe
\Shell\Clé-contact\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61f4c38c-bedf-11dc-8049-00142a459835}]
\Shell\AutoRun\command - K:\start.exe
\Shell\FramaKey\command - K:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e4fb9c-c96c-11db-be84-00142a459835}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

*Newly Created Service* - HCW88TS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 12:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 16:35:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-26 16:35:32
ComboFix-quarantined-files.txt 2008-02-26 15:35:30
ComboFix2.txt 2008-02-26 15:12:32
.
2008-02-13 22:00:09 --- E O F ---
0
Réponse 4 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
26 févr. 2008 à 16:48
ok,

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum stp
++

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
cyril_seventy
26 févr. 2008 à 17:26
voici le rapport :



Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\Marc\LOCALS~1\Temp\runme.exe - Deleted
C:\WINDOWS\system32\NTSpool.exe - Deleted
C:\WINDOWS\system32\WinSpooler.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:

C:\WINDOWS
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
WINDOWS: deleted 0 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 17:18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000003a
"TracesSuccessful"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\734\Shell]
"MaxP??%:???\1?\5??\xc0\xff\35"=dword:ffffffff

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1920


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Marc\Bureau\SDFIXJ~1\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Sat 20 Nov 2004 36,864 A..H. --- "C:\WINDOWS\system32\kill1211.exe"
Sat 9 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 9 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 9 Jul 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 9 Jul 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 9 Jul 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1211.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\XDRV\rescan.exe"
Wed 26 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 10 Jun 2006 400 A.SH. --- "C:\Documents and Settings\Marc\Mes documents\drmv2key.bak"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT5.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT4.tmp"
Tue 26 Feb 2008 5,662 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE1.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\Virtual\Untrusted\C_\WINDOWS\SoftwareDistribution\Download\326d1a08fc685e3efad9e9a5b059ebfb\BIT15.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\Virtual\Untrusted\C_\WINDOWS\SoftwareDistribution\Download\5b6da8fb69b176ee583a3734e2af76e6\BIT16.tmp"

[b]Finished![/b]
0
Réponse 6 / 15
cyril_seventy
26 févr. 2008 à 17:38
A t-on fini ?
0
Réponse 7 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
26 févr. 2008 à 22:09
re

non, pas encore, mais ça avance !


Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
Réponse 8 / 15
cyril_seventy
26 févr. 2008 à 23:51
VundoFix V6.7.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 23:07:46 26/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAudioFile2.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOAVIFile.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ALOWMAFile2.dll
C:\WINDOWS\system32\ALOWMAFile2.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 9 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
26 févr. 2008 à 23:58
ok, je te donne la suite demain !

@+
0
Réponse 10 / 15
cyril_seventy
29 févr. 2008 à 21:56
je suis revenu, je suis pret à faire la suite

merci bcp par avance
cyril
0
Réponse 11 / 15
cyril_seventy
1 mars 2008 à 10:01
s'il vous plait, aidez moi...

cyril
0
Réponse 12 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
1 mars 2008 à 12:08
Salut

t'inquiète pas, on tarde un peu à répondre, mais on abandonne pas nos postes !

fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

0
cyril_seventy
2 mars 2008 à 11:47
d'accord merci bcp. ca va deja bcp mieux !

cyril
0
Réponse 13 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
2 mars 2008 à 13:04
Salut

tu aurais du poster les rapports !!

++
0
Réponse 14 / 15
cyril_seventy
2 mars 2008 à 13:39
c'est a dire que je n'ai pas eu encore le tpes de fiare la derniere etape, je te refait signe quand je l'ai effectué.

cyril
0
Réponse 15 / 15
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
2 mars 2008 à 13:44
ah ! ok ! :)

@+
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses