Pub intempestives

ComboFix 08-03-23.2 - Michelle 2008-03-23 20:19:11.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.406 [GMT 1:00]
Endroit: D:\Documents and Settings\Michelle\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 18:48 . 2008-03-23 18:48 <REP> d-------- C:\WINDOWS\LastGood
2008-03-23 18:47 . 2008-03-23 18:47 <REP> d-------- D:\Documents and Settings\Michelle\Application Data\ATI
2008-03-23 18:47 . 2008-03-23 18:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-03-23 18:33 . 2008-03-23 18:33 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-23 18:31 . 2008-03-23 18:31 <REP> d-------- C:\Program Files\MSBuild
2008-03-23 18:28 . 2008-03-23 18:33 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-23 18:28 . 2008-03-23 18:28 <REP> d-------- C:\Program Files\Reference Assemblies
2008-03-23 18:27 . 2008-03-23 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-23 18:27 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-23 17:45 . 2008-03-23 18:11 <REP> d-------- C:\Program Files\Lopxp
2008-03-23 15:32 . 2008-03-23 15:32 <REP> d-------- D:\Documents and Settings\Michelle\Application Data\ma-config.com
2008-03-23 15:32 . 2008-03-23 15:32 <REP> d-------- C:\Program Files\ma-config.com
2008-03-23 12:23 . 2008-03-23 12:23 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-23 12:18 . 2004-08-03 22:59 95,360 --a------ C:\WINDOWS\system32\drivers\SET76.tmp
2008-03-23 12:02 . 2008-03-23 12:02 <REP> d-------- D:\Documents and Settings\Michelle\Application Data\Uniblue
2008-03-23 11:18 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-19 13:33 . 2008-03-19 13:33 <REP> d-------- D:\Documents and Settings\Michelle\Application Data\My Games
2008-03-19 12:59 . 2008-03-19 12:59 <REP> d-------- D:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-03-19 09:00 . 2008-03-19 09:20 <REP> d-------- C:\Program Files\RegCleaner
2008-03-19 08:22 . 2008-03-19 08:22 <REP> d-------- D:\Documents and Settings\Michelle\Application Data\Malwarebytes
2008-03-19 08:22 . 2008-03-19 08:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-19 08:22 . 2008-03-19 08:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-18 11:35 . 2008-03-18 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-18 11:01 . 2008-03-18 11:01 <REP> d-------- D:\Documents and Settings\NetworkService\Application Data\Webroot
2008-03-18 10:25 . 2008-03-18 10:25 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-18 10:25 . 2008-03-18 10:25 <REP> d-------- C:\Program Files\Avira
2008-03-17 13:13 . 2008-03-18 17:24 <REP> d-------- C:\Program Files\Charma_at
2008-03-17 13:05 . 2008-03-17 13:11 <REP> d-------- C:\Program Files\LegendOfElDorado_at
2008-03-15 13:37 . 2008-03-16 08:26 <REP> d-------- C:\Program Files\GoldMinerVegas_at
2008-03-13 13:32 . 2008-03-13 13:32 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 10:51 . 2008-03-11 10:51 <REP> d-------- C:\Program Files\Common Files
2008-02-26 22:52 . 2008-02-26 23:00 202 --a------ C:\WINDOWS\cdplayer.ini
2008-02-26 04:12 . 2008-02-26 04:12 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:59 . 2008-02-26 03:59 9,797,632 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-02-26 03:41 . 2008-02-26 03:41 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-02-26 03:41 . 2008-02-26 03:41 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-02-26 03:41 . 2008-02-26 03:41 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-02-26 03:29 . 2008-02-26 03:29 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 03:19 . 2008-02-26 03:19 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 19:19 --------- d-----w D:\Documents and Settings\Michelle\Application Data\Free Download Manager
2008-03-23 19:13 --------- d-----w C:\Program Files\Navilog1
2008-03-23 14:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 11:20 --------- d-----w C:\Program Files\ATI Technologies
2008-03-23 10:31 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-03-17 12:11 --------- d-----w C:\Program Files\Pogo FR
2008-03-13 13:42 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 08:55 --------- d-----w C:\Program Files\Defenza
2008-03-09 12:49 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-09 12:46 --------- d-----w C:\Program Files\Hitman Pro
2008-03-09 08:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 07:57 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-09 07:55 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-09 07:55 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-08 06:47 --------- d-----w C:\Program Files\Java
2008-03-04 13:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-26 18:24 --------- d-----w D:\Documents and Settings\Michelle\Application Data\vlc
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-19 15:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-19 15:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\MonteCristo
2008-02-14 07:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\QB9 S.R.L
2008-02-02 12:12 --------- d-----w D:\Documents and Settings\Michelle\Application Data\Sonic
2008-01-25 06:51 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-22 12:50 71 ----a-w C:\Program Files\ETIQ.TXT
2007-12-10 19:43 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-23 07:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_19.54.30,15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 19:04:40 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f187e672d236454e90c6970a93df783c\AspNetMMCExt.ni.dll
+ 2008-03-23 19:04:21 434,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\[u]0/u7a304a4660bb4478b54a00d73b1efbb\ComSvcConfig.ni.exe
+ 2008-03-23 19:04:41 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e04b852c1880c46943c7665c6c69a45\CustomMarshalers.ni.dll
+ 2008-03-23 19:04:40 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\73f3853290b01d46a946b6c8adb69fec\dfsvc.ni.exe
+ 2008-03-23 19:04:42 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8d9412c3a0af9b448d59e68eb1733e5a\Microsoft.Build.Engine.ni.dll
+ 2008-03-23 19:04:24 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c2579038cbd1634689b397a4403b9dbd\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-03-23 19:04:24 1,069,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e0b25dfbaba09843a8f3dab0630f83a9\Microsoft.Transactions.Bridge.ni.dll
+ 2008-03-23 19:04:43 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4ae01b025b5f2e48ad86904180361afc\Microsoft.VisualBasic.ni.dll
+ 2008-03-23 19:04:45 1,576,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b546204845b0f4499323f3f75c3385c1\PresentationBuildTasks.ni.dll
+ 2008-03-23 19:04:24 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5129372330554047a1c08a37962085e9\ServiceModelReg.ni.exe
+ 2008-03-23 19:04:25 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\61f21f9e77510549ad4bb30d996df08e\SMDiagnostics.ni.dll
+ 2008-03-23 19:04:25 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\34a7ed8c3b9b144c94938c6073b63ebf\SMSvcHost.ni.exe
+ 2008-03-23 19:04:47 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\2026c6486d7ab140917ea8841e964404\sysglobl.ni.dll
+ 2008-03-23 19:03:55 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ff9d4235467030499a2e8b3c0b49d51c\System.IdentityModel.Selectors.ni.dll
+ 2008-03-23 19:03:54 995,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\80f1cb6e94b97e48a25bbcab6b5ca1e6\System.IdentityModel.ni.dll
+ 2008-03-23 19:03:55 425,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcb726bdd26de840a77adb5a12483c24\System.IO.Log.ni.dll
+ 2008-03-23 19:03:58 2,371,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a975e9d7e5e4834f9244b18a10dbf104\System.Runtime.Serialization.ni.dll
+ 2008-03-23 19:04:20 17,506,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\65027743acfe4f489bbcaee8ee006273\System.ServiceModel.ni.dll
+ 2008-03-23 19:04:47 2,043,904 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\6244e5d858366644b907f015fe9982d3\System.Speech.ni.dll
+ 2008-03-23 19:04:50 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f8054f1246ba5a4a9086ad785df3ddf9\System.Web.Mobile.ni.dll
+ 2008-03-23 19:04:51 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\42b70a670f78054c96ad60b58e2c0a76\UIAutomationClient.ni.dll
+ 2008-03-23 19:04:52 1,122,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\4348b5a74d9f0b4faa871c01fab0b04c\UIAutomationClientsideProviders.ni.dll
+ 2008-03-23 19:04:53 245,760 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d8cc51035ae0da42a0582db06c51759e\WindowsFormsIntegration.ni.dll
+ 2008-03-23 19:04:26 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\54b726c83509994dbe8fefcb6970ca15\WsatConfig.ni.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 10:14 68856]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"EasyAntivirus"="C:\Program Files\EasyAntivirus\bin\ClamTray.exe" [2005-11-24 16:49 53248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-18 10:26 249896]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-22 01:58 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-22 01:53 98304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - D:\belkin\BTTray.exe [2006-06-07 17:05:38 553021]
OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2007-07-31 10:08:26 257536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\APPS\\skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-11 19:36]
R3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 18:14]
S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 ProcMonitor;Process Monitor;C:\Program Files\EasyAntivirus\bin\ProcObsrv.sys [2005-10-05 11:37]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-12-05 07:27]
S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-23 18:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-03-23 09:53:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1185871944.job"
- D:\HP\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 20:20:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-03-23 20:20:28
ComboFix-quarantined-files.txt 2008-03-23 19:20:26
ComboFix2.txt 2008-03-23 18:54:45
ComboFix3.txt 2007-12-10 19:21:41
.
2008-03-23 16:52:11 --- E O F ---

ah bon ! on continue alors !