Win32:TratBHO[Trj]
raph2554
Messages postés
2
Statut
Membre
-
raph2554 Messages postés 2 Statut Membre -
raph2554 Messages postés 2 Statut Membre -
Bonjour,
Merci de votre aide voilà j'ai ce foutu virus "Win32:TratBHO[Trj]" aidez moi svp à m'en débarasser ! j'en peut plus il revient toujours !!! lol
Merci beaucoup,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:14, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
H:\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcbxvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1206653037.dll
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcbxvw - C:\WINDOWS\SYSTEM32\ddcbxvw.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - J:\vegas\partage\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - J:\vegas\partage\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Merci de votre aide voilà j'ai ce foutu virus "Win32:TratBHO[Trj]" aidez moi svp à m'en débarasser ! j'en peut plus il revient toujours !!! lol
Merci beaucoup,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:14, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
H:\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcbxvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1206653037.dll
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcbxvw - C:\WINDOWS\SYSTEM32\ddcbxvw.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - J:\vegas\partage\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - J:\vegas\partage\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
1 réponse
ComboFix 08-03-27.5 - SNOOPY 2008-03-29 15:09:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.627 [GMT 1:00]
Endroit: C:\Documents and Settings\SNOOPY\Mes documents\Téléchargement internet\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\SNOOPY\Application Data\inst.exe
C:\Program Files\Helper
C:\Program Files\Helper\1206653037.dll
C:\WINDOWS\system32\ddcbxvw.dll
C:\WINDOWS\system32\gebyw.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_grande48
-------\Service_npf
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
.
2008-03-29 14:51 . 2008-03-29 14:51 <REP> d-------- C:\Program Files\Trend Micro
2008-03-28 21:47 . 2008-03-29 15:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 21:47 . 2008-03-28 21:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-28 21:22 . 2008-03-28 21:22 <REP> d-------- C:\Program Files\Panda Security
2008-03-28 21:13 . 2008-03-28 21:19 <REP> d-------- C:\Documents and Settings\SNOOPY\.housecall6.6
2008-03-27 22:23 . 2008-03-27 22:23 58,368 --a------ C:\mxuxc.exe
2008-03-27 22:23 . 2008-03-27 22:23 6,144 --a------ C:\vwhfxvxv.exe
2008-03-27 22:23 . 2008-03-27 22:23 6,144 --a------ C:\kbvxxo.exe
2008-03-27 07:05 . 2008-03-27 07:05 <REP> d--h----- C:\WINDOWS\PIF
2008-03-25 23:25 . 2008-03-25 23:25 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-25 00:55 . 2008-03-25 00:55 <REP> d-------- C:\Program Files\Pinnacle
2008-03-24 19:45 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-03-24 12:14 . 2008-03-25 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-24 11:30 . 2008-03-24 11:30 <REP> d-------- C:\Documents and Settings\SNOOPY\.DownloadManager
2008-03-21 20:52 . 2008-03-22 02:36 <REP> d-------- C:\Temp
2008-03-17 06:55 . 2008-03-21 21:28 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Publish Providers
2008-03-17 06:54 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-17 06:54 . 2002-12-17 17:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-03-17 06:54 . 2002-10-20 15:01 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-03-17 06:53 . 2008-03-21 21:28 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Sony
2008-03-15 01:15 . 2008-03-15 01:15 385 --a------ C:\WINDOWS\ODBC.INI
2008-03-14 19:13 . 2008-03-14 19:13 31,099 --a------ C:\WINDOWS\system32\TuneUpDefragService_20080314-181354.dmp
2008-03-11 23:13 . 2008-03-11 23:10 4,732 --a------ C:\a.pando
2008-03-11 07:14 . 2008-03-11 07:14 <REP> d-------- C:\Contacts
2008-03-11 07:13 . 2008-03-12 07:04 <REP> d-------- C:\Program Files\EphPod
2008-03-11 07:13 . 2008-03-11 07:13 <REP> d-------- C:\iPod_Control
2008-03-10 21:30 . 2008-03-10 21:35 <REP> d-------- C:\Program Files\Ipod Video Converter
2008-03-10 21:30 . 2006-07-11 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-03-10 21:30 . 2006-05-12 08:37 490,496 --a------ C:\WINDOWS\system32\MP4Splitter.ax
2008-03-10 21:30 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-10 21:30 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-03-10 21:30 . 2007-07-20 07:05 132,880 --a------ C:\WINDOWS\system32\msinet.OCX
2008-03-10 21:30 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-03-10 21:30 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-03-10 21:30 . 1998-07-13 00:00 20,992 --a------ C:\WINDOWS\system32\CMCT2FR.DLL
2008-03-10 21:30 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-03-10 20:59 . 2008-03-11 19:49 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Apple Computer
2008-03-10 20:58 . 2008-03-10 20:59 <REP> d-------- C:\Program Files\iTunes
2008-03-10 20:58 . 2008-03-10 20:58 <REP> d-------- C:\Program Files\iPod
2008-03-10 20:58 . 2008-03-10 20:58 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-03-10 20:58 . 2008-03-10 20:58 <REP> d-------- C:\Program Files\Bonjour
2008-03-10 20:58 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-08 22:18 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-08 22:18 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-08 00:17 . 2008-03-08 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-07 07:06 . 2008-03-07 07:06 <REP> d-------- C:\Slideshow
2008-03-07 07:06 . 2008-03-07 07:06 <REP> d-------- C:\DVD-Slideshow
2008-03-07 07:05 . 2008-03-07 23:20 <REP> d-------- C:\Program Files\Slideshow pro
2008-03-07 07:05 . 2008-03-07 07:05 <REP> d-------- C:\Program Files\mresreg
2008-03-06 19:55 . 2008-03-06 19:55 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-06 19:55 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-04 17:47 . 2008-03-04 17:47 <REP> d-------- C:\Program Files\GT Interactive
2008-03-04 17:47 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2008-03-03 23:25 . 2008-03-15 01:04 <REP> d-------- C:\Program Files\Everest Poker
2008-03-03 22:16 . 2008-03-04 18:37 <REP> d-------- C:\Program Files\CyberMUT
2008-03-03 21:00 . 2008-03-03 22:15 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Votre Budget 2008
2008-03-03 21:00 . 2002-09-27 14:42 25,088 --------- C:\WINDOWS\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 21:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-28 20:00 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-27 21:11 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-26 22:06 --------- d-----w C:\Documents and Settings\SNOOPY\Application Data\gtk-2.0
2008-03-20 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-10 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-03 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 17:10 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-02-27 22:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-23 00:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-22 23:35 --------- d-----w C:\Program Files\Microsoft Visual Basic 2005 Power Packs
2008-02-22 23:13 --------- d-----w C:\Program Files\ABC Amber PDF Converter
2008-02-22 16:33 --------- d-----w C:\Program Files\RustemSoft
2008-02-18 21:47 --------- d-----w C:\Program Files\QuickTime
2008-02-18 21:46 --------- d-----w C:\Program Files\Apple Software Update
2008-02-18 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-16 12:25 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-02-16 11:45 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-02-15 12:22 --------- d-----w C:\Program Files\Real
2008-02-14 22:03 --------- d-----w C:\Program Files\EoRezo
2008-02-14 22:03 --------- d-----w C:\Documents and Settings\SNOOPY\Application Data\EoRezo
2008-02-14 16:25 --------- d-----w C:\Documents and Settings\SNOOPY\Application Data\ItsLabel
2008-02-14 16:24 --------- d-----w C:\Program Files\PDFCreator
2008-02-13 23:00 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-13 22:53 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-02-13 22:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-13 22:51 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-02-13 22:49 --------- d-----w C:\Program Files\Microsoft SDKs
2008-02-13 22:46 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-13 22:46 --------- d-----w C:\Program Files\MSBuild
2008-02-13 22:09 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-10 20:50 --------- d-----w C:\Program Files\DivX
2008-02-10 15:21 --------- d-----w C:\Program Files\Java
2008-02-10 14:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-06 22:03 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2008-01-31 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-01-31 22:09 --------- d-----w C:\Program Files\FriendShop
2008-01-31 19:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-31 19:50 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-02 23:14 47,360 ----a-w C:\Documents and Settings\SNOOPY\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2007-08-17 08:23 524288]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"H:\\IncrediMail\\bin\\IncMail.exe"=
"H:\\eMule\\emule.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58070:TCP"= 58070:TCP:Pando P2P TCP Listening Port
"58070:UDP"= 58070:UDP:Pando P2P UDP Listening Port
R1 Odptdi;Odptdi;C:\WINDOWS\system32\drivers\odptdi.sys [2007-08-01 18:08]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 21:00]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-06 19:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-22 11:17:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 14:15:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 15:15:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-29 15:17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 14:17:47
Pre-Run: 21,981,741,056 octets libres
Post-Run: 21,861,650,432 octets libres
.
2008-03-24 09:52:39 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.627 [GMT 1:00]
Endroit: C:\Documents and Settings\SNOOPY\Mes documents\Téléchargement internet\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\SNOOPY\Application Data\inst.exe
C:\Program Files\Helper
C:\Program Files\Helper\1206653037.dll
C:\WINDOWS\system32\ddcbxvw.dll
C:\WINDOWS\system32\gebyw.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_grande48
-------\Service_npf
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
.
2008-03-29 14:51 . 2008-03-29 14:51 <REP> d-------- C:\Program Files\Trend Micro
2008-03-28 21:47 . 2008-03-29 15:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 21:47 . 2008-03-28 21:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-28 21:22 . 2008-03-28 21:22 <REP> d-------- C:\Program Files\Panda Security
2008-03-28 21:13 . 2008-03-28 21:19 <REP> d-------- C:\Documents and Settings\SNOOPY\.housecall6.6
2008-03-27 22:23 . 2008-03-27 22:23 58,368 --a------ C:\mxuxc.exe
2008-03-27 22:23 . 2008-03-27 22:23 6,144 --a------ C:\vwhfxvxv.exe
2008-03-27 22:23 . 2008-03-27 22:23 6,144 --a------ C:\kbvxxo.exe
2008-03-27 07:05 . 2008-03-27 07:05 <REP> d--h----- C:\WINDOWS\PIF
2008-03-25 23:25 . 2008-03-25 23:25 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-25 00:55 . 2008-03-25 00:55 <REP> d-------- C:\Program Files\Pinnacle
2008-03-24 19:45 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-03-24 12:14 . 2008-03-25 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-24 11:30 . 2008-03-24 11:30 <REP> d-------- C:\Documents and Settings\SNOOPY\.DownloadManager
2008-03-21 20:52 . 2008-03-22 02:36 <REP> d-------- C:\Temp
2008-03-17 06:55 . 2008-03-21 21:28 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Publish Providers
2008-03-17 06:54 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-17 06:54 . 2002-12-17 17:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-03-17 06:54 . 2002-10-20 15:01 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-03-17 06:53 . 2008-03-21 21:28 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Sony
2008-03-15 01:15 . 2008-03-15 01:15 385 --a------ C:\WINDOWS\ODBC.INI
2008-03-14 19:13 . 2008-03-14 19:13 31,099 --a------ C:\WINDOWS\system32\TuneUpDefragService_20080314-181354.dmp
2008-03-11 23:13 . 2008-03-11 23:10 4,732 --a------ C:\a.pando
2008-03-11 07:14 . 2008-03-11 07:14 <REP> d-------- C:\Contacts
2008-03-11 07:13 . 2008-03-12 07:04 <REP> d-------- C:\Program Files\EphPod
2008-03-11 07:13 . 2008-03-11 07:13 <REP> d-------- C:\iPod_Control
2008-03-10 21:30 . 2008-03-10 21:35 <REP> d-------- C:\Program Files\Ipod Video Converter
2008-03-10 21:30 . 2006-07-11 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-03-10 21:30 . 2006-05-12 08:37 490,496 --a------ C:\WINDOWS\system32\MP4Splitter.ax
2008-03-10 21:30 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-10 21:30 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-03-10 21:30 . 2007-07-20 07:05 132,880 --a------ C:\WINDOWS\system32\msinet.OCX
2008-03-10 21:30 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-03-10 21:30 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-03-10 21:30 . 1998-07-13 00:00 20,992 --a------ C:\WINDOWS\system32\CMCT2FR.DLL
2008-03-10 21:30 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-03-10 20:59 . 2008-03-11 19:49 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Apple Computer
2008-03-10 20:58 . 2008-03-10 20:59 <REP> d-------- C:\Program Files\iTunes
2008-03-10 20:58 . 2008-03-10 20:58 <REP> d-------- C:\Program Files\iPod
2008-03-10 20:58 . 2008-03-10 20:58 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-03-10 20:58 . 2008-03-10 20:58 <REP> d-------- C:\Program Files\Bonjour
2008-03-10 20:58 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-08 22:18 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-08 22:18 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-08 00:17 . 2008-03-08 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-07 07:06 . 2008-03-07 07:06 <REP> d-------- C:\Slideshow
2008-03-07 07:06 . 2008-03-07 07:06 <REP> d-------- C:\DVD-Slideshow
2008-03-07 07:05 . 2008-03-07 23:20 <REP> d-------- C:\Program Files\Slideshow pro
2008-03-07 07:05 . 2008-03-07 07:05 <REP> d-------- C:\Program Files\mresreg
2008-03-06 19:55 . 2008-03-06 19:55 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-06 19:55 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-04 17:47 . 2008-03-04 17:47 <REP> d-------- C:\Program Files\GT Interactive
2008-03-04 17:47 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2008-03-03 23:25 . 2008-03-15 01:04 <REP> d-------- C:\Program Files\Everest Poker
2008-03-03 22:16 . 2008-03-04 18:37 <REP> d-------- C:\Program Files\CyberMUT
2008-03-03 21:00 . 2008-03-03 22:15 <REP> d-------- C:\Documents and Settings\SNOOPY\Application Data\Votre Budget 2008
2008-03-03 21:00 . 2002-09-27 14:42 25,088 --------- C:\WINDOWS\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 21:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-28 20:00 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-27 21:11 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-26 22:06 --------- d-----w C:\Documents and Settings\SNOOPY\Application Data\gtk-2.0
2008-03-20 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-10 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-03 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 17:10 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-02-27 22:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-23 00:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-22 23:35 --------- d-----w C:\Program Files\Microsoft Visual Basic 2005 Power Packs
2008-02-22 23:13 --------- d-----w C:\Program Files\ABC Amber PDF Converter
2008-02-22 16:33 --------- d-----w C:\Program Files\RustemSoft
2008-02-18 21:47 --------- d-----w C:\Program Files\QuickTime
2008-02-18 21:46 --------- d-----w C:\Program Files\Apple Software Update
2008-02-18 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-16 12:25 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-02-16 11:45 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-02-15 12:22 --------- d-----w C:\Program Files\Real
2008-02-14 22:03 --------- d-----w C:\Program Files\EoRezo
2008-02-14 22:03 --------- d-----w C:\Documents and Settings\SNOOPY\Application Data\EoRezo
2008-02-14 16:25 --------- d-----w C:\Documents and Settings\SNOOPY\Application Data\ItsLabel
2008-02-14 16:24 --------- d-----w C:\Program Files\PDFCreator
2008-02-13 23:00 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-13 22:53 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-02-13 22:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-13 22:51 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-02-13 22:49 --------- d-----w C:\Program Files\Microsoft SDKs
2008-02-13 22:46 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-13 22:46 --------- d-----w C:\Program Files\MSBuild
2008-02-13 22:09 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-10 20:50 --------- d-----w C:\Program Files\DivX
2008-02-10 15:21 --------- d-----w C:\Program Files\Java
2008-02-10 14:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-06 22:03 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2008-01-31 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-01-31 22:09 --------- d-----w C:\Program Files\FriendShop
2008-01-31 19:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-31 19:50 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-02 23:14 47,360 ----a-w C:\Documents and Settings\SNOOPY\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2007-08-17 08:23 524288]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"H:\\IncrediMail\\bin\\IncMail.exe"=
"H:\\eMule\\emule.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58070:TCP"= 58070:TCP:Pando P2P TCP Listening Port
"58070:UDP"= 58070:UDP:Pando P2P UDP Listening Port
R1 Odptdi;Odptdi;C:\WINDOWS\system32\drivers\odptdi.sys [2007-08-01 18:08]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 21:00]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-06 19:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-22 11:17:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 14:15:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 15:15:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-29 15:17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 14:17:47
Pre-Run: 21,981,741,056 octets libres
Post-Run: 21,861,650,432 octets libres
.
2008-03-24 09:52:39 --- E O F ---
