Désinfectation de mon pc..!! help !!
Math
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
récament, j'ai pris contience que mon pc était plein de trojans, spyware, etc... j'ai suivis les conceils sur ce forum et maintenent arrivé a une étape ou j'ai besoin d'aide avec "hijackthis" ... j'ai fait ce que demandé et voila ce que sa ma donné.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:10, on 2008-09-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {877FB8C9-2EF3-4B96-B2B1-7CE2CB857FD0} - C:\WINDOWS\system32\fccaArrp.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Math\LOCALS~1\Temp\IXP001.TMP\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e017bed5] rundll32.exe "C:\WINDOWS\system32\tshmyayf.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://toshibatec.ca/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaArrp - fccaArrp.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
récament, j'ai pris contience que mon pc était plein de trojans, spyware, etc... j'ai suivis les conceils sur ce forum et maintenent arrivé a une étape ou j'ai besoin d'aide avec "hijackthis" ... j'ai fait ce que demandé et voila ce que sa ma donné.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:10, on 2008-09-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {877FB8C9-2EF3-4B96-B2B1-7CE2CB857FD0} - C:\WINDOWS\system32\fccaArrp.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Math\LOCALS~1\Temp\IXP001.TMP\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e017bed5] rundll32.exe "C:\WINDOWS\system32\tshmyayf.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://toshibatec.ca/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaArrp - fccaArrp.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
A voir également:
- Désinfectation de mon pc..!! help !!
- Mon pc est lent - Guide
- Plus de son sur mon pc - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
4 réponses
Bonsoir,
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par CCM.net. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).
Bon courage.
A+
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par CCM.net. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).
Bon courage.
A+
Salut.
Très bien,
Alors,
> Télécharge ATF Cleaner par Atribune sur ton bureau.
- Démarre ATF-Cleaner et Coche les valeurs suivantes :
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle Bin
- Clique sur <Empty Selected> et au message "Done Cleaning" sur <Ok>
NB : Si tu utilises Firefox ou Opera :
- Clique sur Firefox ou Opera en haut puis choisis <Select All>.
- Clique sur le bouton <Empty Selected> (NB : Si tu veux conserver tes mots de passe sauvegardés alors clique sur <No> à l'invite).
- Clique sur <Main> pour revenir à menu principal
- Clique sur <Exit>, du menu prinicipal, pour quitter ATFcleaner.
Ensuite,
> Télécharge MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Installe le programme puis lance le stp.
NB : S'il te manque COMCTL32.OCX alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour")
- Démarre en mode sans échec sans passer par MSconfig : (image). Si problème : tuto ici
- Lance le MalwareByte's Anti-Malware puis clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- Après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum stp.
Pour finir envoie un nouveau HiJackT stp.
Le PC va mieux ?
A+
Très bien,
Alors,
> Télécharge ATF Cleaner par Atribune sur ton bureau.
- Démarre ATF-Cleaner et Coche les valeurs suivantes :
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle Bin
- Clique sur <Empty Selected> et au message "Done Cleaning" sur <Ok>
NB : Si tu utilises Firefox ou Opera :
- Clique sur Firefox ou Opera en haut puis choisis <Select All>.
- Clique sur le bouton <Empty Selected> (NB : Si tu veux conserver tes mots de passe sauvegardés alors clique sur <No> à l'invite).
- Clique sur <Main> pour revenir à menu principal
- Clique sur <Exit>, du menu prinicipal, pour quitter ATFcleaner.
Ensuite,
> Télécharge MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Installe le programme puis lance le stp.
NB : S'il te manque COMCTL32.OCX alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour")
- Démarre en mode sans échec sans passer par MSconfig : (image). Si problème : tuto ici
- Lance le MalwareByte's Anti-Malware puis clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- Après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum stp.
Pour finir envoie un nouveau HiJackT stp.
Le PC va mieux ?
A+
merci voila !!! je te fait parvenir ce que cela ma donné !
ComboFix 08-09-10.04 - Math 2008-09-11 19:51:44.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.238 [GMT -4:00]
Endroit: C:\Documents and Settings\Math\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMe3248d49.txt
C:\WINDOWS\BMe3248d49.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\budvowql.ini
C:\WINDOWS\system32\fyaymhst.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\StDKmnpo.ini
C:\WINDOWS\system32\StDKmnpo.ini2
C:\WINDOWS\system32\tshmyayf.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 19:13 . 2008-09-11 19:13 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 18:03 . 2008-09-11 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-09-11 17:58 . 2004-09-29 05:35 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-11 17:58 . 2004-09-25 06:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-11 17:58 . 2004-09-29 06:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-09-11 17:58 . 2004-09-29 06:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-11 17:58 . 2004-09-29 05:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-11 17:58 . 2008-09-11 17:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\Math\Application Data\SUPERAntiSpyware.com
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Program Files\CCleaner
2008-09-11 12:45 . 2008-09-11 12:45 <REP> d-------- C:\Program Files\Alwil Software
2008-09-11 12:45 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-11 12:45 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-11 12:45 . 2003-02-20 23:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-11 10:22 . 2008-09-11 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Documents and Settings\Math\Application Data\PC Tools
2008-09-11 10:21 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-11 10:21 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-11 10:21 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-11 10:21 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-10 21:00 . 2008-09-10 21:00 <REP> d-------- C:\Program Files\AVSMedia
2008-09-10 21:00 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-09-10 21:00 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-09-10 21:00 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-09-10 21:00 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-10 21:00 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-10 21:00 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-09-10 21:00 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-09-10 21:00 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-09-10 21:00 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\Math\Application Data\AVS4YOU
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\AVS4YOU
2008-09-10 20:37 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-09-10 20:37 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-09 13:26 . 2008-09-09 13:26 <REP> d-------- C:\Program Files\World of Warcraft
2008-09-08 22:50 . 2008-09-08 22:50 <REP> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iTunes
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iPod
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-04 18:29 . 2008-09-10 22:09 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-01 21:56 . 2008-09-01 21:56 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-08-31 18:11 . 2008-08-31 18:11 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ahead
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Nero
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-08-27 22:46 . 2008-08-27 22:46 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-23 16:15 . 2008-08-23 16:15 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-23 16:06 . 2008-08-23 16:06 <REP> d-------- C:\WINDOWS\EHome
2008-08-22 14:54 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-08-22 14:54 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-08-20 15:06 . 2008-08-20 15:06 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ventrilo
2008-08-20 15:04 . 2008-08-20 15:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 21:34 . 2008-08-18 21:34 <REP> d-------- C:\Documents and Settings\Math\Application Data\TigerPlayer
2008-08-18 21:32 . 2008-08-18 21:32 <REP> d-------- C:\Program Files\MpcStar
2008-08-17 10:47 . 2008-08-17 10:47 <REP> d-------- C:\Program Files\Alcohol Soft
2008-08-16 21:54 . 2008-08-16 21:54 <REP> d--hs---- C:\FOUND.002
2008-08-16 18:55 . 2008-08-16 18:55 0 --a------ C:\WINDOWS\TPTray.INI
2008-08-16 17:29 . 2008-08-16 17:29 <REP> d-------- C:\Program Files\AMX Mod X
2008-08-16 17:07 . 2008-08-16 17:07 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d-------- C:\WINDOWS\Logs
2008-08-16 15:28 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-13 23:07 . 2008-04-11 15:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 21:52 --------- d-----w C:\Documents and Settings\Math\Application Data\vlc
2008-08-02 21:48 --------- d-----w C:\Program Files\VideoLAN
2008-08-02 21:39 --------- d-----w C:\Program Files\Xvid
2008-08-02 21:33 --------- d-----w C:\Documents and Settings\Math\Application Data\DivX
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-27 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-27 21:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-26 01:48 --------- d-----w C:\Program Files\Veoh Networks
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 01:13 --------- d-----w C:\Program Files\StepMania
2008-07-16 00:42 --------- d-----w C:\Documents and Settings\Math\Application Data\fretsonfire
2008-07-16 00:01 --------- d-----w C:\Program Files\Frets on Fire
2008-07-12 21:16 --------- d-----w C:\Program Files\directx
2008-07-12 12:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 12:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 12:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-28 17:51 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 17:38 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 01:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-27 184320]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248]
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-09-17 28672]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Steam\\steamapps\\MAT_BOYS\\counter-strike\\hl.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\dedicated server\\hlds.exe"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 RPCH;Remote Procedure Call (HPM);C:\Program Files\NetMeeting\Intell.exe [2005-06-16 397824]
S2 RPCM;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C567C3AC-E153-FCFD-D662-81F23D52F4A9}]
C:\DOCUME~1\Math\LOCALS~1\Temp\IXP001.TMP\svchost.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-e017bed5 - C:\WINDOWS\system32\tshmyayf.dll
ShellExecuteHooks-{0015383A-D7A2-456A-AE04-EB9ABF822FE4} - C:\WINDOWS\TEMP\Down(0)ow.dll
Notify-fccaArrp - fccaArrp.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 19:56:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\NetMeeting\Down(0).dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE
C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE
C:\PROGRAM FILES\APOINT2K\APNTEX.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 20:00:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 00:00:04
Pre-Run: 18,088,296,448 octets libres
Post-Run: 18,676,056,064 octets libres
293 --- E O F --- 2008-09-10 21:15:56
ComboFix 08-09-10.04 - Math 2008-09-11 19:51:44.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.238 [GMT -4:00]
Endroit: C:\Documents and Settings\Math\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMe3248d49.txt
C:\WINDOWS\BMe3248d49.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\budvowql.ini
C:\WINDOWS\system32\fyaymhst.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\StDKmnpo.ini
C:\WINDOWS\system32\StDKmnpo.ini2
C:\WINDOWS\system32\tshmyayf.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 19:13 . 2008-09-11 19:13 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 18:03 . 2008-09-11 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-09-11 17:58 . 2004-09-29 05:35 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-11 17:58 . 2004-09-25 06:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-11 17:58 . 2004-09-29 06:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-09-11 17:58 . 2004-09-29 06:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-11 17:58 . 2004-09-29 05:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-11 17:58 . 2008-09-11 17:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\Math\Application Data\SUPERAntiSpyware.com
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Program Files\CCleaner
2008-09-11 12:45 . 2008-09-11 12:45 <REP> d-------- C:\Program Files\Alwil Software
2008-09-11 12:45 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-11 12:45 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-11 12:45 . 2003-02-20 23:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-11 10:22 . 2008-09-11 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Documents and Settings\Math\Application Data\PC Tools
2008-09-11 10:21 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-11 10:21 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-11 10:21 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-11 10:21 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-10 21:00 . 2008-09-10 21:00 <REP> d-------- C:\Program Files\AVSMedia
2008-09-10 21:00 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-09-10 21:00 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-09-10 21:00 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-09-10 21:00 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-10 21:00 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-10 21:00 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-09-10 21:00 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-09-10 21:00 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-09-10 21:00 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\Math\Application Data\AVS4YOU
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\AVS4YOU
2008-09-10 20:37 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-09-10 20:37 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-09 13:26 . 2008-09-09 13:26 <REP> d-------- C:\Program Files\World of Warcraft
2008-09-08 22:50 . 2008-09-08 22:50 <REP> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iTunes
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iPod
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-04 18:29 . 2008-09-10 22:09 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-01 21:56 . 2008-09-01 21:56 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-08-31 18:11 . 2008-08-31 18:11 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ahead
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Nero
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-08-27 22:46 . 2008-08-27 22:46 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-23 16:15 . 2008-08-23 16:15 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-23 16:06 . 2008-08-23 16:06 <REP> d-------- C:\WINDOWS\EHome
2008-08-22 14:54 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-08-22 14:54 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-08-20 15:06 . 2008-08-20 15:06 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ventrilo
2008-08-20 15:04 . 2008-08-20 15:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 21:34 . 2008-08-18 21:34 <REP> d-------- C:\Documents and Settings\Math\Application Data\TigerPlayer
2008-08-18 21:32 . 2008-08-18 21:32 <REP> d-------- C:\Program Files\MpcStar
2008-08-17 10:47 . 2008-08-17 10:47 <REP> d-------- C:\Program Files\Alcohol Soft
2008-08-16 21:54 . 2008-08-16 21:54 <REP> d--hs---- C:\FOUND.002
2008-08-16 18:55 . 2008-08-16 18:55 0 --a------ C:\WINDOWS\TPTray.INI
2008-08-16 17:29 . 2008-08-16 17:29 <REP> d-------- C:\Program Files\AMX Mod X
2008-08-16 17:07 . 2008-08-16 17:07 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d-------- C:\WINDOWS\Logs
2008-08-16 15:28 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-13 23:07 . 2008-04-11 15:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 21:52 --------- d-----w C:\Documents and Settings\Math\Application Data\vlc
2008-08-02 21:48 --------- d-----w C:\Program Files\VideoLAN
2008-08-02 21:39 --------- d-----w C:\Program Files\Xvid
2008-08-02 21:33 --------- d-----w C:\Documents and Settings\Math\Application Data\DivX
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-27 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-27 21:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-26 01:48 --------- d-----w C:\Program Files\Veoh Networks
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 01:13 --------- d-----w C:\Program Files\StepMania
2008-07-16 00:42 --------- d-----w C:\Documents and Settings\Math\Application Data\fretsonfire
2008-07-16 00:01 --------- d-----w C:\Program Files\Frets on Fire
2008-07-12 21:16 --------- d-----w C:\Program Files\directx
2008-07-12 12:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 12:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 12:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-28 17:51 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 17:38 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 01:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-27 184320]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248]
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-09-17 28672]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Steam\\steamapps\\MAT_BOYS\\counter-strike\\hl.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\dedicated server\\hlds.exe"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 RPCH;Remote Procedure Call (HPM);C:\Program Files\NetMeeting\Intell.exe [2005-06-16 397824]
S2 RPCM;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C567C3AC-E153-FCFD-D662-81F23D52F4A9}]
C:\DOCUME~1\Math\LOCALS~1\Temp\IXP001.TMP\svchost.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-e017bed5 - C:\WINDOWS\system32\tshmyayf.dll
ShellExecuteHooks-{0015383A-D7A2-456A-AE04-EB9ABF822FE4} - C:\WINDOWS\TEMP\Down(0)ow.dll
Notify-fccaArrp - fccaArrp.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 19:56:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\NetMeeting\Down(0).dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE
C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE
C:\PROGRAM FILES\APOINT2K\APNTEX.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 20:00:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 00:00:04
Pre-Run: 18,088,296,448 octets libres
Post-Run: 18,676,056,064 octets libres
293 --- E O F --- 2008-09-10 21:15:56
merci voila !!! je te fait parvenir ce que cela ma donné !
ComboFix 08-09-10.04 - Math 2008-09-11 19:51:44.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.238 [GMT -4:00]
Endroit: C:\Documents and Settings\Math\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMe3248d49.txt
C:\WINDOWS\BMe3248d49.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\budvowql.ini
C:\WINDOWS\system32\fyaymhst.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\StDKmnpo.ini
C:\WINDOWS\system32\StDKmnpo.ini2
C:\WINDOWS\system32\tshmyayf.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 19:13 . 2008-09-11 19:13 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 18:03 . 2008-09-11 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-09-11 17:58 . 2004-09-29 05:35 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-11 17:58 . 2004-09-25 06:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-11 17:58 . 2004-09-29 06:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-09-11 17:58 . 2004-09-29 06:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-11 17:58 . 2004-09-29 05:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-11 17:58 . 2008-09-11 17:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\Math\Application Data\SUPERAntiSpyware.com
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Program Files\CCleaner
2008-09-11 12:45 . 2008-09-11 12:45 <REP> d-------- C:\Program Files\Alwil Software
2008-09-11 12:45 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-11 12:45 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-11 12:45 . 2003-02-20 23:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-11 10:22 . 2008-09-11 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Documents and Settings\Math\Application Data\PC Tools
2008-09-11 10:21 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-11 10:21 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-11 10:21 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-11 10:21 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-10 21:00 . 2008-09-10 21:00 <REP> d-------- C:\Program Files\AVSMedia
2008-09-10 21:00 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-09-10 21:00 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-09-10 21:00 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-09-10 21:00 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-10 21:00 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-10 21:00 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-09-10 21:00 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-09-10 21:00 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-09-10 21:00 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\Math\Application Data\AVS4YOU
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\AVS4YOU
2008-09-10 20:37 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-09-10 20:37 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-09 13:26 . 2008-09-09 13:26 <REP> d-------- C:\Program Files\World of Warcraft
2008-09-08 22:50 . 2008-09-08 22:50 <REP> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iTunes
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iPod
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-04 18:29 . 2008-09-10 22:09 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-01 21:56 . 2008-09-01 21:56 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-08-31 18:11 . 2008-08-31 18:11 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ahead
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Nero
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-08-27 22:46 . 2008-08-27 22:46 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-23 16:15 . 2008-08-23 16:15 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-23 16:06 . 2008-08-23 16:06 <REP> d-------- C:\WINDOWS\EHome
2008-08-22 14:54 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-08-22 14:54 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-08-20 15:06 . 2008-08-20 15:06 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ventrilo
2008-08-20 15:04 . 2008-08-20 15:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 21:34 . 2008-08-18 21:34 <REP> d-------- C:\Documents and Settings\Math\Application Data\TigerPlayer
2008-08-18 21:32 . 2008-08-18 21:32 <REP> d-------- C:\Program Files\MpcStar
2008-08-17 10:47 . 2008-08-17 10:47 <REP> d-------- C:\Program Files\Alcohol Soft
2008-08-16 21:54 . 2008-08-16 21:54 <REP> d--hs---- C:\FOUND.002
2008-08-16 18:55 . 2008-08-16 18:55 0 --a------ C:\WINDOWS\TPTray.INI
2008-08-16 17:29 . 2008-08-16 17:29 <REP> d-------- C:\Program Files\AMX Mod X
2008-08-16 17:07 . 2008-08-16 17:07 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d-------- C:\WINDOWS\Logs
2008-08-16 15:28 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-13 23:07 . 2008-04-11 15:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 21:52 --------- d-----w C:\Documents and Settings\Math\Application Data\vlc
2008-08-02 21:48 --------- d-----w C:\Program Files\VideoLAN
2008-08-02 21:39 --------- d-----w C:\Program Files\Xvid
2008-08-02 21:33 --------- d-----w C:\Documents and Settings\Math\Application Data\DivX
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-27 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-27 21:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-26 01:48 --------- d-----w C:\Program Files\Veoh Networks
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 01:13 --------- d-----w C:\Program Files\StepMania
2008-07-16 00:42 --------- d-----w C:\Documents and Settings\Math\Application Data\fretsonfire
2008-07-16 00:01 --------- d-----w C:\Program Files\Frets on Fire
2008-07-12 21:16 --------- d-----w C:\Program Files\directx
2008-07-12 12:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 12:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 12:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-28 17:51 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 17:38 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 01:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-27 184320]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248]
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-09-17 28672]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Steam\\steamapps\\MAT_BOYS\\counter-strike\\hl.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\dedicated server\\hlds.exe"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 RPCH;Remote Procedure Call (HPM);C:\Program Files\NetMeeting\Intell.exe [2005-06-16 397824]
S2 RPCM;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C567C3AC-E153-FCFD-D662-81F23D52F4A9}]
C:\DOCUME~1\Math\LOCALS~1\Temp\IXP001.TMP\svchost.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-e017bed5 - C:\WINDOWS\system32\tshmyayf.dll
ShellExecuteHooks-{0015383A-D7A2-456A-AE04-EB9ABF822FE4} - C:\WINDOWS\TEMP\Down(0)ow.dll
Notify-fccaArrp - fccaArrp.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 19:56:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\NetMeeting\Down(0).dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE
C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE
C:\PROGRAM FILES\APOINT2K\APNTEX.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 20:00:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 00:00:04
Pre-Run: 18,088,296,448 octets libres
Post-Run: 18,676,056,064 octets libres
293 --- E O F --- 2008-09-10 21:15:56
ComboFix 08-09-10.04 - Math 2008-09-11 19:51:44.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.238 [GMT -4:00]
Endroit: C:\Documents and Settings\Math\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMe3248d49.txt
C:\WINDOWS\BMe3248d49.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\budvowql.ini
C:\WINDOWS\system32\fyaymhst.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\StDKmnpo.ini
C:\WINDOWS\system32\StDKmnpo.ini2
C:\WINDOWS\system32\tshmyayf.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 19:13 . 2008-09-11 19:13 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 18:03 . 2008-09-11 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-09-11 17:58 . 2004-09-29 05:35 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-11 17:58 . 2004-09-25 06:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-11 17:58 . 2004-09-25 06:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-11 17:58 . 2004-09-25 06:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-11 17:58 . 2004-09-29 06:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-09-11 17:58 . 2004-09-29 06:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-11 17:58 . 2004-09-29 05:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-11 17:58 . 2008-09-11 17:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\Math\Application Data\SUPERAntiSpyware.com
2008-09-11 17:52 . 2008-09-11 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Program Files\CCleaner
2008-09-11 12:45 . 2008-09-11 12:45 <REP> d-------- C:\Program Files\Alwil Software
2008-09-11 12:45 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-11 12:45 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-11 12:45 . 2003-02-20 23:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-11 10:22 . 2008-09-11 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-11 10:21 . 2008-09-11 10:21 <REP> d-------- C:\Documents and Settings\Math\Application Data\PC Tools
2008-09-11 10:21 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-11 10:21 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-11 10:21 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-11 10:21 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-10 21:00 . 2008-09-10 21:00 <REP> d-------- C:\Program Files\AVSMedia
2008-09-10 21:00 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-09-10 21:00 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-09-10 21:00 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-09-10 21:00 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-10 21:00 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-10 21:00 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-09-10 21:00 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-09-10 21:00 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-09-10 21:00 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\Math\Application Data\AVS4YOU
2008-09-10 20:38 . 2008-09-10 20:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-09-10 20:37 . 2008-09-10 20:37 <REP> d-------- C:\Program Files\AVS4YOU
2008-09-10 20:37 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-09-10 20:37 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-09 13:26 . 2008-09-09 13:26 <REP> d-------- C:\Program Files\World of Warcraft
2008-09-08 22:50 . 2008-09-08 22:50 <REP> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iTunes
2008-09-08 15:57 . 2008-09-08 15:57 <REP> d-------- C:\Program Files\iPod
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-05 18:32 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-05 18:32 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-04 18:29 . 2008-09-10 22:09 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-01 21:56 . 2008-09-01 21:56 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-08-31 18:11 . 2008-08-31 18:11 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ahead
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Nero
2008-08-31 18:10 . 2008-08-31 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-08-27 22:46 . 2008-08-27 22:46 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-23 16:18 . 2008-08-23 16:18 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-23 16:15 . 2008-08-23 16:15 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-23 16:06 . 2008-08-23 16:06 <REP> d-------- C:\WINDOWS\EHome
2008-08-22 14:54 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-08-22 14:54 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-08-22 14:54 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-08-20 15:06 . 2008-08-20 15:06 <REP> d-------- C:\Documents and Settings\Math\Application Data\Ventrilo
2008-08-20 15:04 . 2008-08-20 15:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 21:34 . 2008-08-18 21:34 <REP> d-------- C:\Documents and Settings\Math\Application Data\TigerPlayer
2008-08-18 21:32 . 2008-08-18 21:32 <REP> d-------- C:\Program Files\MpcStar
2008-08-17 10:47 . 2008-08-17 10:47 <REP> d-------- C:\Program Files\Alcohol Soft
2008-08-16 21:54 . 2008-08-16 21:54 <REP> d--hs---- C:\FOUND.002
2008-08-16 18:55 . 2008-08-16 18:55 0 --a------ C:\WINDOWS\TPTray.INI
2008-08-16 17:29 . 2008-08-16 17:29 <REP> d-------- C:\Program Files\AMX Mod X
2008-08-16 17:07 . 2008-08-16 17:07 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-16 15:28 . 2008-08-16 15:28 <REP> d-------- C:\WINDOWS\Logs
2008-08-16 15:28 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-13 23:07 . 2008-04-11 15:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 21:52 --------- d-----w C:\Documents and Settings\Math\Application Data\vlc
2008-08-02 21:48 --------- d-----w C:\Program Files\VideoLAN
2008-08-02 21:39 --------- d-----w C:\Program Files\Xvid
2008-08-02 21:33 --------- d-----w C:\Documents and Settings\Math\Application Data\DivX
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-27 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-27 21:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-26 01:48 --------- d-----w C:\Program Files\Veoh Networks
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 01:13 --------- d-----w C:\Program Files\StepMania
2008-07-16 00:42 --------- d-----w C:\Documents and Settings\Math\Application Data\fretsonfire
2008-07-16 00:01 --------- d-----w C:\Program Files\Frets on Fire
2008-07-12 21:16 --------- d-----w C:\Program Files\directx
2008-07-12 12:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 12:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 12:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-28 17:51 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 17:38 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 01:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-27 184320]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248]
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-09-17 28672]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Steam\\steamapps\\MAT_BOYS\\counter-strike\\hl.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\mat_boys\\dedicated server\\hlds.exe"=
"C:\\Program Files\\Steam\\steamapps\\zarhov\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 RPCH;Remote Procedure Call (HPM);C:\Program Files\NetMeeting\Intell.exe [2005-06-16 397824]
S2 RPCM;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C567C3AC-E153-FCFD-D662-81F23D52F4A9}]
C:\DOCUME~1\Math\LOCALS~1\Temp\IXP001.TMP\svchost.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-e017bed5 - C:\WINDOWS\system32\tshmyayf.dll
ShellExecuteHooks-{0015383A-D7A2-456A-AE04-EB9ABF822FE4} - C:\WINDOWS\TEMP\Down(0)ow.dll
Notify-fccaArrp - fccaArrp.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 19:56:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\NetMeeting\Down(0).dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE
C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE
C:\PROGRAM FILES\APOINT2K\APNTEX.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 20:00:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 00:00:04
Pre-Run: 18,088,296,448 octets libres
Post-Run: 18,676,056,064 octets libres
293 --- E O F --- 2008-09-10 21:15:56
