Sujet Précédent Sujet Suivant

Rootkit WIProgram Files(c4b8b788.sys)

Fermé
Dj HardRoly Messages postés 25 Date d'inscription mardi 15 janvier 2008 Statut Membre Dernière intervention 7 octobre 2008 - 28 sept. 2008 à 17:23
Dj HardRoly Messages postés 25 Date d'inscription mardi 15 janvier 2008 Statut Membre Dernière intervention 7 octobre 2008 - 4 oct. 2008 à 21:30
Amis CCM Bonjour, j'aurais besoin d'un sérieux coup de main!
Je me suis fait infecté par le rootkit wi\program files.
J'ai tout essayer, même quand je le supprime avec mon antivirus, il réapparait.
Le fichier s'appelle c4b8b788.sys et est logé dans c:\WINDOWS\system32\drivers.
J'ai plusieurs logiciels dont navilog, Malwarebytes' Anti-Malware, Tools Cleaner, HijackThis et tous en dernières versions (je vous le dis pour que vous n'allez pas chercher les liens pour moi et pour vous faire économiser du temps et du travail)!
Voici mon rapport HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:48, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Freedom Scientific\JAWS\8.0\jfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
O2 - BHO: OpenLastClosedTab.LastClosedTab - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Open Last Closed Tab - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: JFWService - Freedom Scientific BLV Group, LLC - C:\Program Files\Freedom Scientific\JAWS\8.0\jfw.exe
A voir également:

6 réponses

Réponse 1 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 301
28 sept. 2008 à 17:25
Salut,

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
-1
Réponse 2 / 6
Dj HardRoly Messages postés 25 Date d'inscription mardi 15 janvier 2008 Statut Membre Dernière intervention 7 octobre 2008 4
28 sept. 2008 à 17:56
Voilà, c'est fait. Le premier rapport avait bien commencé, mais un des programme service de mon antivirus était resté activé et a fait échoué la manip.
J'ai désactiver complètement, et j'en ai refait un autre.
PS, dans le 1er rapport, il m'a modifié l'heure, et m'a supprimé un fichier nommé inst.exe.

Voici le rapport complet:
ComboFix 08-09-27.05 - Windows 2008-09-27 17:47:01.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.98 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Windows\Mes documents\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.

2008-09-26 15:04 . 2008-09-26 15:04 <REP> d-------- C:\Program Files\Trend Micro
2008-09-26 15:01 . 2008-09-26 15:02 96,023,294 --a------ C:\Sauv.reg
2008-09-26 00:17 . 2008-09-26 00:17 <REP> d--hs---- C:\FOUND.007
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Documents and Settings\Windows\Application Data\Malwarebytes
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 17:57 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 17:57 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 19:57 . 2008-09-24 19:57 <REP> d-------- C:\Program Files\Lighttech Interactive
2008-09-23 17:34 . 100,336 C:\WINDOWS\system32\drivers\c4b8b788.sys
2008-09-23 17:09 . 2008-09-23 17:09 <REP> d-------- C:\Program Files\DJ Mix Pro
2008-09-22 06:20 . 2008-09-22 06:20 <REP> d--hs---- C:\FOUND.006
2008-09-20 19:19 . 2008-09-20 19:19 <REP> d--hs---- C:\FOUND.005
2008-09-20 13:07 . 2008-09-20 13:07 <REP> d-------- C:\Program Files\MIKSOFT
2008-09-20 11:34 . 2008-09-20 11:34 <REP> d-------- C:\Program Files\MSECache
2008-09-19 20:02 . 2008-09-19 20:02 <REP> d--hs---- C:\FOUND.004
2008-09-19 00:43 . 2008-09-19 00:43 <REP> d-------- C:\WINDOWS\Sun
2008-09-18 19:01 . 2008-09-18 19:01 <REP> d-------- C:\FTP
2008-09-18 18:49 . 2008-09-18 18:49 <REP> d-------- C:\Program Files\FileZilla Server
2008-09-18 18:42 . 2008-09-18 18:42 <REP> d-------- C:\Program Files\BaliDDNS
2008-09-12 19:30 . 2008-09-12 19:30 64,851 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-12 19:29 . 2008-09-12 19:29 3,888,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-12 19:25 . 2008-09-12 19:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-09-12 19:25 . 2008-09-12 19:30 6,118 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-12 16:20 . 2008-09-12 16:20 <REP> d-------- C:\Program Files\Fichiers communs\DeskShare Shared
2008-09-12 16:20 . 2008-09-12 16:20 <REP> d-------- C:\Program Files\Deskshare
2008-09-12 14:38 . 2008-09-12 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 14:38 . 2008-09-12 14:38 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-09-12 14:37 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2008-09-11 12:01 . 2008-09-11 12:01 <REP> d-------- C:\Documents and Settings\Windows\Application Data\Screaming Bee
2008-09-11 11:56 . 2008-09-11 11:56 <REP> d-------- C:\Program Files\Fichiers communs\Screaming Bee
2008-09-11 11:55 . 2008-09-11 11:55 <REP> d-------- C:\Program Files\Screaming Bee
2008-09-11 11:54 . 2008-09-11 11:54 178 --a------ C:\WINDOWS\VPersonalityPlus.INI
2008-09-11 10:47 . 2008-09-11 10:47 <REP> d-------- C:\Program Files\Eyeball
2008-09-08 20:13 . 2008-09-08 20:13 <REP> d--h----- C:\WINDOWS\PIF
2008-08-29 02:22 . 2008-08-29 02:22 783 --a------ C:\WINDOWS\NTIWVEDT.INI
2008-08-29 01:56 . 2008-08-29 01:56 <REP> d-------- C:\Program Files\Sun
2008-08-29 01:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-29 01:53 . 2008-08-29 01:53 <REP> d-------- C:\Program Files\Java
2008-08-29 01:38 . 2008-08-29 01:38 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-28 21:44 . 2008-08-28 21:44 <REP> d-------- C:\Program Files\PowerQuest
2008-08-28 17:31 . 2008-08-28 17:31 <REP> d-------- C:\downloads
2008-08-27 17:36 . 2008-08-27 17:36 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 17:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-24 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 15:43 --------- d-----w C:\Program Files\Téléchargeur de Ghost Master
2008-08-22 20:33 --------- d-----w C:\Program Files\SlySoft
2008-08-22 20:18 --------- d-----w C:\Program Files\directx
2008-08-22 19:45 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-22 19:45 --------- d-----w C:\Documents and Settings\Windows\Application Data\DAEMON Tools
2008-08-20 09:57 --------- d--h--w C:\Program Files\CanonBJ
2008-08-20 09:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-20 09:53 --------- d-----w C:\Program Files\Canon
2008-08-20 09:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-18 23:14 --------- d-----w C:\Program Files\MuvExToE
2008-08-18 22:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-17 17:55 --------- d-----w C:\Documents and Settings\Windows\Application Data\FMZilla
2008-08-17 17:51 --------- d-----w C:\Program Files\Free Music Zilla
2008-08-16 09:09 --------- d-----w C:\Documents and Settings\Windows\Application Data\.purple
2008-08-16 09:08 --------- d-----w C:\Program Files\Fichiers communs\GTK
2008-08-14 14:23 --------- d-----w C:\Program Files\lworks
2008-08-14 07:42 --------- d-----w C:\Program Files\eMule
2008-08-14 07:42 --------- d-----w C:\Documents and Settings\Windows\Application Data\eMule
2008-08-13 23:02 --------- d-----w C:\Documents and Settings\Windows\Application Data\Todae
2008-08-13 16:55 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-12 19:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-12 14:01 --------- d-----w C:\Program Files\Lavalys
2008-08-12 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-08-11 19:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-11 19:30 47,360 ----a-w C:\Documents and Settings\Windows\Application Data\pcouffin.sys
2008-08-11 19:30 --------- d-----w C:\Program Files\VSO
2008-08-11 19:30 --------- d-----w C:\Documents and Settings\Windows\Application Data\Vso
2008-08-11 15:54 --------- d-----w C:\Documents and Settings\Windows\Application Data\Miranda
2008-08-11 14:58 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-08-11 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-08-10 08:35 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-08-10 08:35 --------- d-----w C:\Program Files\Ahead
2008-08-09 23:35 155,995 ----a-w C:\WINDOWS\java\Packages\N1ZNBR9N.ZIP
2008-08-08 11:15 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-07 23:56 --------- d-----w C:\Documents and Settings\Windows\Application Data\AdobeUM
2008-08-06 18:46 --------- d-----w C:\Program Files\Blaze Audio
2008-08-06 18:32 --------- d-----w C:\Program Files\Audacity
2008-08-06 09:55 --------- d-----w C:\Program Files\jfw-skr550
2008-08-06 02:01 --------- d-----w C:\Program Files\NCH Software
2008-08-06 00:37 --------- d-----w C:\Program Files\NCH Swift Sound
2008-08-06 00:37 --------- d-----w C:\Documents and Settings\Windows\Application Data\NCH Swift Sound
2008-08-06 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-05 23:05 --------- d-----w C:\Program Files\Winamp
2008-08-05 23:05 --------- d-----w C:\Documents and Settings\Windows\Application Data\Winamp
2008-08-05 20:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-05 19:42 --------- d-----w C:\Documents and Settings\Windows\Application Data\skypePM
2008-08-05 19:41 --------- d-----w C:\Documents and Settings\Windows\Application Data\Skype
2008-08-05 19:39 --------- d-----w C:\Program Files\Skype
2008-08-05 19:39 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-05 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-05 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-05 18:44 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Freedom Scientific
2008-08-05 18:43 --------- d-----w C:\Program Files\Alwil Software
2008-08-05 18:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-05 18:29 --------- d-----w C:\Program Files\CCleaner
2008-08-05 18:05 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-05 18:05 --------- d-----w C:\Program Files\Windows Live
2008-08-05 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 17:17 694,800 ----a-w C:\WINDOWS\unins000.exe
2008-08-05 17:14 --------- d-----w C:\Documents and Settings\Windows\Application Data\Freedom Scientific
2008-08-05 17:11 --------- d-----w C:\Program Files\ssce
2008-08-05 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Freedom Scientific
2008-08-05 17:09 --------- d--h--w C:\Program Files\Freedom Scientific Installation Information
2008-08-05 17:09 --------- d-----w C:\Program Files\Rainbow Technologies
2008-08-05 17:09 --------- d-----w C:\Program Files\Freedom Scientific
2008-08-04 16:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-04 15:53 --------- d-----w C:\Documents and Settings\Windows\Application Data\Acer
2008-08-04 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acer
2008-08-04 15:43 --------- d-----w C:\Program Files\Launch Manager
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
.

------- Sigcheck -------

2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2004-08-05 05:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-26 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-14 2462208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2008-07-30 942080]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-26 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Windows^Menu Démarrer^Programmes^Démarrage^yesmessenger.lnk]
path=C:\Documents and Settings\Windows\Menu Démarrer\Programmes\Démarrage\yesmessenger.lnk
backup=C:\WINDOWS\pss\yesmessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2005-07-26 11:36 69632 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-08-16 09:56 368640 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-08-10 12:28 593920 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-08-31 19:59 147456 C:\Program Files\Acer\Acer Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\transbar]
--a------ 2005-06-01 21:41 65536 C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Boonty Games"=3 (0x3)
"RichVideo"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Program Files\\PeerGuardian2\\pg2.exe"=
"C:\\Program Files\\PeerGuardian2\\pgfix.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 JFWService;JFWService;C:\Program Files\Freedom Scientific\JAWS\8.0\jfw.exe [2008-03-30 3880728]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [ ]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 480512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-08-11 69120]

*Newly Created Service* - int15.sys
*Newly Created Service* - pgfilter
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{e05e75e9-a653-42a3-8d05-f2f7e309bdca} - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\zcviobtt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 17:48:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\c4b8b788]
"ImagePath"="\SystemRoot\System32\drivers\c4b8b788.sys"
.
Heure de fin: 2008-09-27 17:50:00
ComboFix-quarantined-files.txt 2008-09-27 15:49:54
ComboFix2.txt 2008-09-27 15:42:10

Avant-CF: 15.890.907.136 octets libres
Après-CF: 15,872,524,288 octets libres

298 --- E O F --- 2008-09-09 16:47:14
-1
Réponse 3 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 301
28 sept. 2008 à 18:04
/!\ Seul Dj HardRoly peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
C:\WINDOWS\system32\drivers\c4b8b788.sys

Driver::
Boonty Games

Folder::
C:\Program Files\Fichiers communs\BOONTY Shared

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=-
"MSPY2002"=-
"PHIME2002ASync"=-
"PHIME2002A"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\c4b8b788]






---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
-1
Réponse 4 / 6
Dj HardRoly Messages postés 25 Date d'inscription mardi 15 janvier 2008 Statut Membre Dernière intervention 7 octobre 2008 4
28 sept. 2008 à 18:37
Je suis tiré à moitié d'affaire, mais pas encore débarassé de ce fichier .SYS!
Voi par toi-même, j'ai suivi ta manip puis il m'a fait une nouvelle analyse.

ComboFix 08-09-27.05 - Windows 2008-09-27 18:26:45.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.106 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Windows\Mes documents\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Windows\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\drivers\c4b8b788.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\system32\drivers\c4b8b788.sys . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Service_c4b8b788


((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.

2008-09-26 15:04 . 2008-09-26 15:04 <REP> d-------- C:\Program Files\Trend Micro
2008-09-26 00:17 . 2008-09-26 00:17 <REP> d--hs---- C:\FOUND.007
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Documents and Settings\Windows\Application Data\Malwarebytes
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 17:57 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 17:57 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 19:57 . 2008-09-24 19:57 <REP> d-------- C:\Program Files\Lighttech Interactive
2008-09-23 17:34 . 100,336 C:\WINDOWS\system32\drivers\c4b8b788.sys
2008-09-23 17:09 . 2008-09-23 17:09 <REP> d-------- C:\Program Files\DJ Mix Pro
2008-09-22 06:20 . 2008-09-22 06:20 <REP> d--hs---- C:\FOUND.006
2008-09-20 19:19 . 2008-09-20 19:19 <REP> d--hs---- C:\FOUND.005
2008-09-20 13:07 . 2008-09-20 13:07 <REP> d-------- C:\Program Files\MIKSOFT
2008-09-20 11:34 . 2008-09-20 11:34 <REP> d-------- C:\Program Files\MSECache
2008-09-19 20:02 . 2008-09-19 20:02 <REP> d--hs---- C:\FOUND.004
2008-09-19 00:43 . 2008-09-19 00:43 <REP> d-------- C:\WINDOWS\Sun
2008-09-18 19:01 . 2008-09-18 19:01 <REP> d-------- C:\FTP
2008-09-18 18:49 . 2008-09-18 18:49 <REP> d-------- C:\Program Files\FileZilla Server
2008-09-18 18:42 . 2008-09-18 18:42 <REP> d-------- C:\Program Files\BaliDDNS
2008-09-12 19:30 . 2008-09-12 19:30 64,851 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-12 19:29 . 2008-09-12 19:29 3,888,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-12 19:25 . 2008-09-12 19:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-09-12 19:25 . 2008-09-12 19:30 6,118 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-12 16:20 . 2008-09-12 16:20 <REP> d-------- C:\Program Files\Fichiers communs\DeskShare Shared
2008-09-12 16:20 . 2008-09-12 16:20 <REP> d-------- C:\Program Files\Deskshare
2008-09-12 14:38 . 2008-09-12 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 14:38 . 2008-09-12 14:38 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-09-12 14:37 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2008-09-11 12:01 . 2008-09-11 12:01 <REP> d-------- C:\Documents and Settings\Windows\Application Data\Screaming Bee
2008-09-11 11:56 . 2008-09-11 11:56 <REP> d-------- C:\Program Files\Fichiers communs\Screaming Bee
2008-09-11 11:55 . 2008-09-11 11:55 <REP> d-------- C:\Program Files\Screaming Bee
2008-09-11 11:54 . 2008-09-11 11:54 178 --a------ C:\WINDOWS\VPersonalityPlus.INI
2008-09-11 10:47 . 2008-09-11 10:47 <REP> d-------- C:\Program Files\Eyeball
2008-09-08 20:13 . 2008-09-08 20:13 <REP> d--h----- C:\WINDOWS\PIF
2008-08-29 02:22 . 2008-08-29 02:22 783 --a------ C:\WINDOWS\NTIWVEDT.INI
2008-08-29 01:56 . 2008-08-29 01:56 <REP> d-------- C:\Program Files\Sun
2008-08-29 01:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-29 01:53 . 2008-08-29 01:53 <REP> d-------- C:\Program Files\Java
2008-08-29 01:38 . 2008-08-29 01:38 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-28 21:44 . 2008-08-28 21:44 <REP> d-------- C:\Program Files\PowerQuest
2008-08-28 17:31 . 2008-08-28 17:31 <REP> d-------- C:\downloads
2008-08-27 17:36 . 2008-08-27 17:36 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 17:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-24 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 15:43 --------- d-----w C:\Program Files\Téléchargeur de Ghost Master
2008-08-22 20:33 --------- d-----w C:\Program Files\SlySoft
2008-08-22 20:18 --------- d-----w C:\Program Files\directx
2008-08-22 19:45 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-22 19:45 --------- d-----w C:\Documents and Settings\Windows\Application Data\DAEMON Tools
2008-08-20 09:57 --------- d--h--w C:\Program Files\CanonBJ
2008-08-20 09:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-20 09:53 --------- d-----w C:\Program Files\Canon
2008-08-20 09:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-18 23:14 --------- d-----w C:\Program Files\MuvExToE
2008-08-18 22:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-17 17:55 --------- d-----w C:\Documents and Settings\Windows\Application Data\FMZilla
2008-08-17 17:51 --------- d-----w C:\Program Files\Free Music Zilla
2008-08-16 09:09 --------- d-----w C:\Documents and Settings\Windows\Application Data\.purple
2008-08-16 09:08 --------- d-----w C:\Program Files\Fichiers communs\GTK
2008-08-14 14:23 --------- d-----w C:\Program Files\lworks
2008-08-14 07:42 --------- d-----w C:\Program Files\eMule
2008-08-14 07:42 --------- d-----w C:\Documents and Settings\Windows\Application Data\eMule
2008-08-13 23:02 --------- d-----w C:\Documents and Settings\Windows\Application Data\Todae
2008-08-13 16:55 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-12 19:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-12 14:01 --------- d-----w C:\Program Files\Lavalys
2008-08-12 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-08-11 19:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-11 19:30 47,360 ----a-w C:\Documents and Settings\Windows\Application Data\pcouffin.sys
2008-08-11 19:30 --------- d-----w C:\Program Files\VSO
2008-08-11 19:30 --------- d-----w C:\Documents and Settings\Windows\Application Data\Vso
2008-08-11 15:54 --------- d-----w C:\Documents and Settings\Windows\Application Data\Miranda
2008-08-11 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-08-10 08:35 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-08-10 08:35 --------- d-----w C:\Program Files\Ahead
2008-08-09 23:35 155,995 ----a-w C:\WINDOWS\java\Packages\N1ZNBR9N.ZIP
2008-08-08 11:15 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-07 23:56 --------- d-----w C:\Documents and Settings\Windows\Application Data\AdobeUM
2008-08-06 18:46 --------- d-----w C:\Program Files\Blaze Audio
2008-08-06 18:32 --------- d-----w C:\Program Files\Audacity
2008-08-06 09:55 --------- d-----w C:\Program Files\jfw-skr550
2008-08-06 02:01 --------- d-----w C:\Program Files\NCH Software
2008-08-06 00:37 --------- d-----w C:\Program Files\NCH Swift Sound
2008-08-06 00:37 --------- d-----w C:\Documents and Settings\Windows\Application Data\NCH Swift Sound
2008-08-06 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-05 23:05 --------- d-----w C:\Program Files\Winamp
2008-08-05 23:05 --------- d-----w C:\Documents and Settings\Windows\Application Data\Winamp
2008-08-05 20:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-05 19:42 --------- d-----w C:\Documents and Settings\Windows\Application Data\skypePM
2008-08-05 19:41 --------- d-----w C:\Documents and Settings\Windows\Application Data\Skype
2008-08-05 19:39 --------- d-----w C:\Program Files\Skype
2008-08-05 19:39 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-05 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-05 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-05 18:44 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Freedom Scientific
2008-08-05 18:43 --------- d-----w C:\Program Files\Alwil Software
2008-08-05 18:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-05 18:29 --------- d-----w C:\Program Files\CCleaner
2008-08-05 18:05 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-05 18:05 --------- d-----w C:\Program Files\Windows Live
2008-08-05 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 17:17 694,800 ----a-w C:\WINDOWS\unins000.exe
2008-08-05 17:14 --------- d-----w C:\Documents and Settings\Windows\Application Data\Freedom Scientific
2008-08-05 17:11 --------- d-----w C:\Program Files\ssce
2008-08-05 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Freedom Scientific
2008-08-05 17:09 --------- d--h--w C:\Program Files\Freedom Scientific Installation Information
2008-08-05 17:09 --------- d-----w C:\Program Files\Rainbow Technologies
2008-08-05 17:09 --------- d-----w C:\Program Files\Freedom Scientific
2008-08-04 16:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-04 15:53 --------- d-----w C:\Documents and Settings\Windows\Application Data\Acer
2008-08-04 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acer
2008-08-04 15:43 --------- d-----w C:\Program Files\Launch Manager
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
.

------- Sigcheck -------

2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2004-08-05 05:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-27_17.41.35.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-09-27 12:23:10 2,000,000 ----a-w C:\WINDOWS\system32\HJSMEM.DAT
+ 2008-09-27 16:32:08 2,000,000 ----a-w C:\WINDOWS\system32\HJSMEM.DAT
+ 2008-09-27 16:31:42 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-26 53248]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-14 2462208]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2008-07-30 942080]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-26 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2005-07-26 11:36 69632 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-08-16 09:56 368640 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-08-10 12:28 593920 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-08-31 19:59 147456 C:\Program Files\Acer\Acer Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\transbar]
--a------ 2005-06-01 21:41 65536 C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Boonty Games"=3 (0x3)
"RichVideo"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Program Files\\PeerGuardian2\\pg2.exe"=
"C:\\Program Files\\PeerGuardian2\\pgfix.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 JFWService;JFWService;C:\Program Files\Freedom Scientific\JAWS\8.0\jfw.exe [2008-03-30 3880728]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [ ]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 480512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{e05e75e9-a653-42a3-8d05-f2f7e309bdca} - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 18:34:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c4b8b788]
"ImagePath"="\SystemRoot\System32\drivers\c4b8b788.sys"
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\Program Files\Freedom Scientific\JAWS\8.0\JHOOKLDR.EXE
.
**************************************************************************
.
Heure de fin: 2008-09-27 18:37:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-27 16:36:54
ComboFix3.txt 2008-09-27 15:42:10
ComboFix2.txt 2008-09-27 15:50:04

Avant-CF: 15.812.345.856 octets libres
Après-CF: 15,730,442,240 octets libres

312 --- E O F --- 2008-09-09 16:47:14
-1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 301
28 sept. 2008 à 18:39
Fais la manip' en mode sans échec.
-1
Réponse 6 / 6
Dj HardRoly Messages postés 25 Date d'inscription mardi 15 janvier 2008 Statut Membre Dernière intervention 7 octobre 2008 4
4 oct. 2008 à 21:30
Excuse moi de la longue attente, mais j'ai eu des empêchements, j'en suis désolé.
Il me l'a supprimé, mais au prochain démarrage, j'ai été voir dans c:\WINDOWS\system32\drivers pour vérifié, et il est...encore revenu même en mode sans échecs!
Là, je ne sais plus quoi faire du tout, snif!
Voici le rapport:
ComboFix 08-10-04.01 - Windows 2008-10-03 21:15:11.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.111 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Windows\Mes documents\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Windows\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\WINDOWS\system32\drivers\c4b8b788.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_c4b8b788


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 ))))))))))))))))))))))))))))))))))))
.

2008-10-02 23:26 . 2008-10-02 23:26 <REP> d--hs---- C:\FOUND.008
2008-10-02 21:36 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Program Files\Panda Security
2008-10-01 15:09 . 2008-10-01 15:09 <REP> d-------- C:\Program Files\Alien Solo
2008-09-26 15:04 . 2008-09-26 15:04 <REP> d-------- C:\Program Files\Trend Micro
2008-09-26 00:17 . 2008-09-26 00:17 <REP> d--hs---- C:\FOUND.007
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Documents and Settings\Windows\Application Data\Malwarebytes
2008-09-25 17:57 . 2008-09-25 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 17:57 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 17:57 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 19:57 . 2008-09-24 19:57 <REP> d-------- C:\Program Files\Lighttech Interactive
2008-09-23 17:34 . 100,336 C:\WINDOWS\system32\drivers\c4b8b788.sys
2008-09-23 17:09 . 2008-09-23 17:09 <REP> d-------- C:\Program Files\DJ Mix Pro
2008-09-22 06:20 . 2008-09-22 06:20 <REP> d--hs---- C:\FOUND.006
2008-09-20 19:19 . 2008-09-20 19:19 <REP> d--hs---- C:\FOUND.005
2008-09-20 13:07 . 2008-09-20 13:07 <REP> d-------- C:\Program Files\MIKSOFT
2008-09-20 11:34 . 2008-09-20 11:34 <REP> d-------- C:\Program Files\MSECache
2008-09-19 20:02 . 2008-09-19 20:02 <REP> d--hs---- C:\FOUND.004
2008-09-19 00:43 . 2008-09-19 00:43 <REP> d-------- C:\WINDOWS\Sun
2008-09-18 19:01 . 2008-09-18 19:01 <REP> d-------- C:\FTP
2008-09-18 18:49 . 2008-09-18 18:49 <REP> d-------- C:\Program Files\FileZilla Server
2008-09-18 18:42 . 2008-09-18 18:42 <REP> d-------- C:\Program Files\BaliDDNS
2008-09-12 19:30 . 2008-09-12 19:30 64,851 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-12 19:29 . 2008-09-12 19:29 3,888,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-12 19:25 . 2008-09-12 19:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-09-12 19:25 . 2008-09-12 19:30 6,118 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-12 16:20 . 2008-09-12 16:20 <REP> d-------- C:\Program Files\Fichiers communs\DeskShare Shared
2008-09-12 16:20 . 2008-09-12 16:20 <REP> d-------- C:\Program Files\Deskshare
2008-09-12 14:38 . 2008-09-12 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 14:38 . 2008-09-12 14:38 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-09-12 14:37 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2008-09-11 12:01 . 2008-09-11 12:01 <REP> d-------- C:\Documents and Settings\Windows\Application Data\Screaming Bee
2008-09-11 11:56 . 2008-09-11 11:56 <REP> d-------- C:\Program Files\Fichiers communs\Screaming Bee
2008-09-11 11:54 . 2008-09-11 11:54 178 --a------ C:\WINDOWS\VPersonalityPlus.INI
2008-09-11 10:47 . 2008-09-11 10:47 <REP> d-------- C:\Program Files\Eyeball
2008-09-08 20:13 . 2008-09-08 20:13 <REP> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 17:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-28 23:56 --------- d-----w C:\Program Files\Sun
2008-08-28 23:53 --------- d-----w C:\Program Files\Java
2008-08-28 23:38 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-28 19:44 --------- d-----w C:\Program Files\PowerQuest
2008-08-24 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 15:43 --------- d-----w C:\Program Files\Téléchargeur de Ghost Master
2008-08-22 20:33 --------- d-----w C:\Program Files\SlySoft
2008-08-22 20:18 --------- d-----w C:\Program Files\directx
2008-08-22 19:45 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-22 19:45 --------- d-----w C:\Documents and Settings\Windows\Application Data\DAEMON Tools
2008-08-20 09:57 --------- d--h--w C:\Program Files\CanonBJ
2008-08-20 09:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-20 09:53 --------- d-----w C:\Program Files\Canon
2008-08-20 09:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-18 23:14 --------- d-----w C:\Program Files\MuvExToE
2008-08-18 22:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-17 17:55 --------- d-----w C:\Documents and Settings\Windows\Application Data\FMZilla
2008-08-17 17:51 --------- d-----w C:\Program Files\Free Music Zilla
2008-08-16 09:09 --------- d-----w C:\Documents and Settings\Windows\Application Data\.purple
2008-08-16 09:08 --------- d-----w C:\Program Files\Fichiers communs\GTK
2008-08-14 14:23 --------- d-----w C:\Program Files\lworks
2008-08-14 07:42 --------- d-----w C:\Program Files\eMule
2008-08-14 07:42 --------- d-----w C:\Documents and Settings\Windows\Application Data\eMule
2008-08-13 23:02 --------- d-----w C:\Documents and Settings\Windows\Application Data\Todae
2008-08-13 16:55 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-12 19:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-12 14:01 --------- d-----w C:\Program Files\Lavalys
2008-08-12 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-08-11 19:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-11 19:30 47,360 ----a-w C:\Documents and Settings\Windows\Application Data\pcouffin.sys
2008-08-11 19:30 --------- d-----w C:\Program Files\VSO
2008-08-11 19:30 --------- d-----w C:\Documents and Settings\Windows\Application Data\Vso
2008-08-11 15:54 --------- d-----w C:\Documents and Settings\Windows\Application Data\Miranda
2008-08-11 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-08-10 08:35 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-08-10 08:35 --------- d-----w C:\Program Files\Ahead
2008-08-09 23:35 155,995 ----a-w C:\WINDOWS\java\Packages\N1ZNBR9N.ZIP
2008-08-08 11:15 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-07 23:56 --------- d-----w C:\Documents and Settings\Windows\Application Data\AdobeUM
2008-08-06 18:46 --------- d-----w C:\Program Files\Blaze Audio
2008-08-06 18:32 --------- d-----w C:\Program Files\Audacity
2008-08-06 02:01 --------- d-----w C:\Program Files\NCH Software
2008-08-06 00:37 --------- d-----w C:\Program Files\NCH Swift Sound
2008-08-06 00:37 --------- d-----w C:\Documents and Settings\Windows\Application Data\NCH Swift Sound
2008-08-06 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-05 23:05 --------- d-----w C:\Program Files\Winamp
2008-08-05 23:05 --------- d-----w C:\Documents and Settings\Windows\Application Data\Winamp
2008-08-05 20:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-05 19:42 --------- d-----w C:\Documents and Settings\Windows\Application Data\skypePM
2008-08-05 19:41 --------- d-----w C:\Documents and Settings\Windows\Application Data\Skype
2008-08-05 19:39 --------- d-----w C:\Program Files\Skype
2008-08-05 19:39 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-05 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-05 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-05 18:44 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Freedom Scientific
2008-08-05 18:43 --------- d-----w C:\Program Files\Alwil Software
2008-08-05 18:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-05 18:29 --------- d-----w C:\Program Files\CCleaner
2008-08-05 18:05 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-05 18:05 --------- d-----w C:\Program Files\Windows Live
2008-08-05 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 17:17 694,800 ----a-w C:\WINDOWS\unins000.exe
2008-08-05 17:14 --------- d-----w C:\Documents and Settings\Windows\Application Data\Freedom Scientific
2008-08-05 17:11 --------- d-----w C:\Program Files\ssce
2008-08-05 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Freedom Scientific
2008-08-05 17:09 --------- d--h--w C:\Program Files\Freedom Scientific Installation Information
2008-08-05 17:09 --------- d-----w C:\Program Files\Rainbow Technologies
2008-08-05 17:09 --------- d-----w C:\Program Files\Freedom Scientific
2008-08-04 16:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-04 15:53 --------- d-----w C:\Documents and Settings\Windows\Application Data\Acer
2008-08-04 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acer
2008-08-04 15:43 --------- d-----w C:\Program Files\Launch Manager
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
.

------- Sigcheck -------

2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2004-08-05 05:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-26 53248]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-14 2462208]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2008-07-30 942080]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-26 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2005-07-26 11:36 69632 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-08-16 09:56 368640 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-08-10 12:28 593920 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-08-31 19:59 147456 C:\Program Files\Acer\Acer Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\transbar]
--a------ 2005-06-01 21:41 65536 C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Boonty Games"=3 (0x3)
"RichVideo"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Program Files\\PeerGuardian2\\pg2.exe"=
"C:\\Program Files\\PeerGuardian2\\pgfix.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 JFWService;JFWService;C:\Program Files\Freedom Scientific\JAWS\8.0\jfw.exe [2008-03-30 3880728]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [ ]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 480512]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 21:22:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c4b8b788]
"ImagePath"="\SystemRoot\System32\drivers\c4b8b788.sys"
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\Program Files\Freedom Scientific\JAWS\8.0\JHOOKLDR.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-04 21:25:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-04 19:25:02

Avant-CF: 13.929.218.048 octets libres
Après-CF: 14,183,677,952 octets libres

295 --- E O F --- 2008-09-09 16:47:14
-1

Discussions similaires

Pilote incompatible
bandy87 -
kaneagle -

25 réponses
Common files ?
Capucine -
Alex -

9 réponses
Ventilateur connexion SYS FAN ou Alimentation
barale61 -
barale61 -

2 réponses
ou se trouve le program files
elecktrom gta san -
sirus -

9 réponses
Dossier Bonjour
Shippuden51 -
MattV -

6 réponses