[RESOLU] Infecté, mais par quoi ? [RESOLU]

[Gildas Ar Breizh]

scan en mode diagnostic option 2:

 

 

-----------------------------[ Lop S&D 4.0.2 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Jerome ] [ "C:\Lop SD" ]

[ 02/03/2008 | 16:09:20,96 ] [ PC : JEROME ]

[ MAJ : 30-02-2008 | 00:12 ]

 

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\..

[07/10/2007|19:49] C:\DOCUME~1\Administrateur\APPLIC~1\desktop.ini

[07/10/2007|17:55] C:\DOCUME~1\Administrateur\APPLIC~1\Microsoft

 

 

[08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

 

[02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\.

[02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\..

[16/02/2008|05:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\addr_file.html

[20/02/2008|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe

[11/10/2007|16:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple

[25/02/2008|05:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer

[25/02/2008|10:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg8

[19/02/2008|21:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avira

[23/02/2008|07:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro

[09/10/2007|13:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\desktop.ini

[15/02/2008|16:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Diskeeper Corporation

[25/02/2008|09:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ESET

[18/02/2008|07:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG

[23/02/2008|05:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google

[09/10/2007|12:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hpqwmi

[09/10/2007|12:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield

[02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab

[22/01/2008|18:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LauncherAccess.dt

[05/02/2008|18:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft

[17/02/2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft

[02/03/2008|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help

[26/02/2008|01:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero

[11/10/2007|16:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\751 QTSBandwidthCache

[09/10/2007|12:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime

[25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy

[25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP

[25/02/2008|17:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trend Micro

[13/02/2008|05:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TuneUp Software

[09/10/2007|20:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage

[22/02/2008|12:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller

 

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\..

[09/10/2007|13:16] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\desktop.ini

[09/10/2007|11:32] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

 

[08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\..

[07/10/2007|19:49] C:\DOCUME~1\Jerome\APPLIC~1\desktop.ini

[07/10/2007|17:55] C:\DOCUME~1\Jerome\APPLIC~1\Microsoft

 

[25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\.

[25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\..

[20/02/2008|16:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Adobe

[09/10/2007|12:03] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Apple Computer

[18/11/2007|00:15] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Azureus

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\BitTorrent

[24/02/2008|09:02] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools

[23/02/2008|07:00] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools Pro

[09/10/2007|13:16] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\desktop.ini

[25/11/2007|00:59] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DivX

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\dvdcss

[25/02/2008|09:47] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ESET

[25/02/2008|10:54] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FastStone

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FileZilla

[25/02/2008|23:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Free Download Manager

[11/10/2007|19:22] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Google

[12/10/2007|14:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Help

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Identities

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\InterVideo

[01/12/2007|01:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Lavasoft

[06/12/2007|16:30] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Leadertech

[08/12/2007|17:36] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config(2).com

[25/02/2008|22:04] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config.com

[09/10/2007|20:09] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Macromedia

[10/11/2007|16:48] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Media Player Classic

[25/02/2008|18:06] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microgaming

[21/02/2008|03:25] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microsoft

[26/02/2008|01:45] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Nero

[11/10/2007|19:35] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\OpenArena

[25/11/2007|05:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\PC Tools

[10/01/2008|18:29] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Samsung

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Shareaza

[17/02/2008|11:11] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\SmartFTP

[06/12/2007|16:31] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sonic

[10/11/2007|13:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sun

[09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TaoUSign

[25/12/2007|21:39] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\teamspeak2

[09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\temp

[09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Thunderbird

[17/11/2007|23:50] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TuneUp Software

[24/11/2007|19:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Uniblue

[02/03/2008|13:20] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\utorrent

[11/10/2007|16:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\vlc

[11/10/2007|18:10] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Winamp

[11/10/2007|16:44] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\WinRAR

 

 

[08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[07/10/2007|17:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\.

[19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\..

[25/02/2008|10:17] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

 

 

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[07/10/2007|17:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\..

[25/02/2008|10:17] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft

 

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[02/03/2008 15:55][--ah-c---] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[29/02/2008|16:14] C:\Program Files\.

[29/02/2008|16:14] C:\Program Files\..

[07/10/2007|18:25] C:\Program Files\Adobe

[01/03/2008|22:50] C:\Program Files\AIDA32 - Personal System Information

[07/10/2007|18:35] C:\Program Files\Analog Devices

[09/10/2007|21:27] C:\Program Files\Apoint2K

[01/12/2007|17:35] C:\Program Files\CCleaner

[23/11/2007|19:52] C:\Program Files\CodeStuff

[07/10/2007|14:40] C:\Program Files\ComPlus Applications

[24/02/2008|06:24] C:\Program Files\DAEMON Tools

[15/02/2008|16:52] C:\Program Files\Diskeeper Corporation

[07/12/2007|19:40] C:\Program Files\EA SPORTS

[25/02/2008|23:33] C:\Program Files\ESET

[25/02/2008|10:51] C:\Program Files\FastStone Capture

[26/02/2008|01:39] C:\Program Files\Fichiers communs

[18/02/2008|19:03] C:\Program Files\Free Download Manager

[25/02/2008|11:05] C:\Program Files\Google

[29/02/2008|16:09] C:\Program Files\GUILD WARS

[13/02/2008|02:42] C:\Program Files\HDGraph

[09/10/2007|12:00] C:\Program Files\Hewlett-Packard

[09/10/2007|12:00] C:\Program Files\Hp

[09/10/2007|12:11] C:\Program Files\HPQ

[24/11/2007|20:09] C:\Program Files\inKline Global

[25/02/2008|21:59] C:\Program Files\InstallShield Installation Information

[08/12/2007|17:28] C:\Program Files\Intel

[23/02/2008|18:03] C:\Program Files\Internet Explorer

[09/10/2007|12:00] C:\Program Files\InterVideo

[24/12/2007|15:43] C:\Program Files\iPod

[28/02/2008|21:47] C:\Program Files\IrfanView

[24/12/2007|15:43] C:\Program Files\iTunes

[30/12/2007|18:18] C:\Program Files\IZArc

[02/03/2008|14:16] C:\Program Files\Java

[11/10/2007|18:00] C:\Program Files\K-Lite Codec Pack

[08/12/2007|14:47] C:\Program Files\Lavalys

[25/02/2008|10:41] C:\Program Files\LClock

[29/02/2008|20:16] C:\Program Files\ma-config.com

[20/02/2008|09:06] C:\Program Files\messenger

[23/11/2007|21:48] C:\Program Files\microsoft frontpage

[21/02/2008|02:14] C:\Program Files\Microsoft Office

[21/02/2008|02:14] C:\Program Files\Microsoft Visual Studio

[21/02/2008|02:09] C:\Program Files\Microsoft Visual Studio 8

[21/02/2008|02:15] C:\Program Files\Microsoft Works

[21/02/2008|02:12] C:\Program Files\Microsoft.NET

[20/02/2008|08:20] C:\Program Files\Movie Maker

[21/02/2008|02:14] C:\Program Files\MSBuild

[18/02/2008|13:32] C:\Program Files\MSECache

[09/10/2007|11:28] C:\Program Files\MSN Gaming Zone

[16/02/2008|04:02] C:\Program Files\MSN Messenger

[07/12/2007|20:26] C:\Program Files\MSXML 4.0

[10/11/2007|12:21] C:\Program Files\MSXML 6.0

[28/02/2008|02:22] C:\Program Files\Nero

[20/02/2008|08:14] C:\Program Files\NetMeeting

[24/11/2007|00:06] C:\Program Files\Notebook Hardware Control

[20/02/2008|08:14] C:\Program Files\Outlook Express

[25/02/2008|07:57] C:\Program Files\PowerQuest

[24/12/2007|15:40] C:\Program Files\QuickTime

[09/10/2007|21:38] C:\Program Files\Reference Assemblies

[09/10/2007|11:30] C:\Program Files\Services en ligne

[09/10/2007|12:09] C:\Program Files\Sonic

[10/12/2007|19:39] C:\Program Files\SystemRequirementsLab

[25/02/2008|10:41] C:\Program Files\Taskix

[29/02/2008|16:14] C:\Program Files\Teamspeak2_RC2

[25/02/2008|10:41] C:\Program Files\TransBar

[25/02/2008|16:55] C:\Program Files\Trend Micro

[15/02/2008|15:44] C:\Program Files\TuneUp Utilities 2008

[07/01/2008|04:00] C:\Program Files\UltraStar

[09/10/2007|11:39] C:\Program Files\Uninstall Information

[11/10/2007|18:11] C:\Program Files\uTorrent

[08/12/2007|19:14] C:\Program Files\VIA

[11/10/2007|16:06] C:\Program Files\VideoLAN

[25/02/2008|10:51] C:\Program Files\Virtual CDRom

[21/11/2007|17:52] C:\Program Files\Virtualis

[25/02/2008|10:48] C:\Program Files\VistaDriveStatus

[25/02/2008|10:41] C:\Program Files\VisualTaskTips

[07/10/2007|18:38] C:\Program Files\WIDCOMM

[25/02/2008|20:03] C:\Program Files\WinamaxPoker

[07/01/2008|01:13] C:\Program Files\Winamp

[22/02/2008|12:54] C:\Program Files\Windows Live

[28/02/2008|17:19] C:\Program Files\Windows Live Safety Center

[25/02/2008|10:48] C:\Program Files\Windows Media Connect 2

[28/02/2008|02:54] C:\Program Files\Windows Media Player

[20/02/2008|08:14] C:\Program Files\Windows NT

[09/10/2007|11:30] C:\Program Files\WindowsUpdate

[25/02/2008|10:41] C:\Program Files\WinRoll

[25/02/2008|10:41] C:\Program Files\WTInstaller

[09/10/2007|11:33] C:\Program Files\xerox

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[26/02/2008|01:39] C:\Program Files\Fichiers communs\.

[26/02/2008|01:39] C:\Program Files\Fichiers communs\..

[12/10/2007|14:20] C:\Program Files\Fichiers communs\Adobe

[21/02/2008|02:14] C:\Program Files\Fichiers communs\DESIGNER

[09/10/2007|12:09] C:\Program Files\Fichiers communs\InstallShield

[07/10/2007|18:45] C:\Program Files\Fichiers communs\Java

[02/03/2008|00:10] C:\Program Files\Fichiers communs\Microsoft Shared

[07/10/2007|16:42] C:\Program Files\Fichiers communs\MSSoap

[26/02/2008|01:43] C:\Program Files\Fichiers communs\Nero

[01/12/2007|05:23] C:\Program Files\Fichiers communs\NSV

[07/10/2007|16:14] C:\Program Files\Fichiers communs\ODBC

[09/10/2007|11:30] C:\Program Files\Fichiers communs\Services

[09/10/2007|12:06] C:\Program Files\Fichiers communs\Sonic Shared

[07/10/2007|16:14] C:\Program Files\Fichiers communs\SpeechEngines

[09/10/2007|12:09] C:\Program Files\Fichiers communs\SureThing Shared

[23/02/2008|03:51] C:\Program Files\Fichiers communs\Symantec Shared

[21/02/2008|02:08] C:\Program Files\Fichiers communs\System

[09/10/2007|12:07] C:\Program Files\Fichiers communs\TiVo Shared

[22/02/2008|12:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[25/02/2008|11:12] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

Aucun fichier / dossier Lop trouvé !

 

----------------------[ Verification du Registre ]----------------------

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 16:09:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

Aucune autre infection trouvée !

 

/!\ [Fich:8][Doss:0] C:\DOCUME~1\JEROME~1.JER\Cookies

/!\ [Fich:86][Doss:4] C:\DOCUME~1\JEROME~1.JER\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 16:10:06,10 ]----------------------

[Gildas Ar Breizh]

Pas sur qu'il est fonctionné car planté 2 fois a cause de la chauffe

 

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 16:47:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:41,84,3f,a3,d9,93,21,81,9d,ca,66,72,d5,ac,f0,54,c6,80,9a,7b,3c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001]

"a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a3,fa,31,45,d8,89,11,..

"khjeh"=hex:ce,12,28,34,24,1e,3a,50,5f,44,61,cf,e9,cd,97,e9,30,5a,22,cd,ab,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40]

"khjeh"=hex:07,1b,cc,37,a0,ea,ea,89,98,3c,c5,a5,66,cc,56,b4,5a,51,f2,b2,9b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000001

"hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,99,43,e9,9a,5f,e6,8e,13,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001]

"a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a6,34,44,d1,1f,75,c6,..

"hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,97,20,4c,b9,0c,e9,bd,23,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0]

"hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,05,cd,03,68,f7,8f,fe,15,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,05,1f,89,90,43,dd,df,44,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001]

"khjeh"=hex:a6,94,ea,0f,ec,c5,a5,cf,2f,8e,1c,cf,09,3d,80,d8,b4,e9,b8,d7,1a,..

"a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,53,d5,90,cf,da,3c,82,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40]

"khjeh"=hex:03,1a,b1,99,1c,51,36,85,9f,77,b2,5a,2a,53,44,59,30,98,27,75,f2,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000001

"hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,99,43,e9,9a,5f,e6,8e,13,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001]

"a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a6,34,44,d1,1f,75,c6,..

"hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,97,20,4c,b9,0c,e9,bd,23,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0]

"hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,05,cd,03,68,f7,8f,fe,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,05,1f,89,90,43,dd,df,44,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001]

"khjeh"=hex:a6,94,ea,0f,ec,c5,a5,cf,2f,8e,1c,cf,09,3d,80,d8,b4,e9,b8,d7,1a,..

"a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,53,d5,90,cf,da,3c,82,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40]

"khjeh"=hex:03,1a,b1,99,1c,51,36,85,9f,77,b2,5a,2a,53,44,59,30,98,27,75,f2,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:f7,8d,3d,56,c7,37,f4,47,be,34,54,37,d9,4f,6c,a9,1a,fa,fe,76,a6,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001]

"a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a3,fa,31,45,d8,89,11,..

"khjeh"=hex:80,b5,65,1f,e2,03,d0,4d,9c,9e,60,a2,7f,1a,41,3a,9b,8a,ae,ba,18,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40]

"khjeh"=hex:4e,c1,4c,f4,34,74,0d,49,b6,c0,b8,b7,6b,de,c1,d1,7e,72,33,6e,8c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"

Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

Thu 19 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"

Fri 3 Nov 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"

Mon 24 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"

Fri 5 Oct 2007 348,160 A.SH. --- "C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\clef usb\msvcr71.dll"

Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITA.tmp"

Wed 20 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT1.tmp"

 

Finished!

[Gildas Ar Breizh]

ok l'entrée a disparu

 

CFScript effectuer en mode diagnostique (le fichier txt a disparu de mon bureau lorsque je l'ai glisser sur ComboFix)

 

ComboFix 08-03-01.3 - Jerome 2008-03-02 17:17:48.3 - NTFSx86

 

Endroit: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\CFScript.txt

 

FILE ::

C:\WINDOWS0001_.tmp

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-02 16:21 . 2008-03-02 16:21 <REP> d-------- C:\WINDOWS\ERUNT

2008-03-02 16:12 . 2008-03-02 16:50 <REP> d-------- C:\SDFix

2008-03-02 16:05 . 2008-03-02 16:10 <REP> d-------- C:\Lop SD

2008-03-02 14:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-02 13:44 . 2008-03-02 13:44 9,191,818 --a------ C:\upload_moi_JEROME.tar.gz

2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-02-29 16:14 . 2008-02-29 16:14 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2008-02-29 16:09 . 2008-02-29 16:09 <REP> d-------- C:\Program Files\GUILD WARS

2008-02-29 15:51 . 2008-03-01 22:50 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-02-28 17:18 . 2008-02-28 17:19 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-02-28 02:20 . 2008-02-28 02:20 161 --a------ C:\WINDOWS\MyDrivers.ini

2008-02-26 01:45 . 2008-02-26 01:45 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Nero

2008-02-26 01:39 . 2008-02-28 02:22 <REP> d-------- C:\Program Files\Nero

2008-02-26 01:39 . 2008-02-26 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero

2008-02-26 01:39 . 2008-02-26 01:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2008-02-25 23:33 . 2008-02-25 23:33 <REP> d-------- C:\Program Files\ESET

2008-02-25 22:46 . 2008-02-25 23:02 125 --a------ C:\ioSpecial.ini

2008-02-25 22:03 . 2008-02-29 20:16 <REP> d-------- C:\Program Files\ma-config.com

2008-02-25 22:01 . 2008-02-25 22:01 <REP> d--h----- C:\WINDOWS\PIF

2008-02-25 17:18 . 2008-02-25 17:18 51 --a------ C:\WINDOWS\pccillin.ini

2008-02-25 14:38 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-02-25 12:04 . 2008-02-25 15:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-02-25 11:36 . 2008-02-25 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro

2008-02-25 10:54 . 2008-02-25 10:54 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\FastStone

2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\Virtual CDRom

2008-02-25 10:51 . 2008-02-28 21:47 <REP> d-------- C:\Program Files\IrfanView

2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\FastStone Capture

2008-02-25 10:51 . 2008-02-25 10:51 39,859 --a------ C:\WINDOWS\system32\UnIfs.exe

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WinRoll

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\VisualTaskTips

2008-02-25 10:41 . 2008-02-25 10:48 <REP> d-------- C:\Program Files\VistaDriveStatus

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\TransBar

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\Taskix

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\LClock

2008-02-25 09:47 . 2008-02-25 09:47 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ESET

2008-02-25 09:39 . 2008-02-25 09:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET

2008-02-25 07:57 . 2008-02-25 07:57 <REP> d-------- C:\Program Files\PowerQuest

2008-02-24 09:02 . 2008-02-24 09:02 36 --a------ C:\WINDOWS\DaemonPlugin.INI

2008-02-24 08:46 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WTInstaller

2008-02-24 06:24 . 2008-02-24 06:24 <REP> d-------- C:\Program Files\DAEMON Tools

2008-02-24 06:20 . 2008-02-24 09:02 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools

2008-02-24 06:14 . 2008-02-24 06:14 <REP> d-------- C:\WINDOWS\system32\dumps

2008-02-24 03:52 . 2008-02-24 03:52 3,934 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-02-24 03:51 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2008-02-23 17:24 . 2008-02-24 02:55 249,856 --------- C:\WINDOWS\Setup1.exe

2008-02-23 17:24 . 2008-02-24 02:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-02-23 09:26 . 2008-02-25 22:45 <REP> d-------- C:\Downloads

2008-02-23 08:55 . 2008-02-23 08:55 32 --a------ C:\WINDOWS\go

2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools Pro

2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro

2008-02-23 05:50 . 2008-02-23 05:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2008-02-23 05:50 . 2008-02-25 11:05 <REP> d-------- C:\Program Files\Google

2008-02-22 12:55 . 2008-02-22 12:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-02-22 12:54 . 2008-02-22 12:54 <REP> d-------- C:\Program Files\Windows Live

2008-02-22 12:53 . 2008-02-22 12:53 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-02-21 02:15 . 2008-02-21 02:15 <REP> d-------- C:\Program Files\Microsoft Works

2008-02-21 02:12 . 2008-02-21 02:12 <REP> d-------- C:\Program Files\Microsoft.NET

2008-02-21 02:09 . 2008-02-21 02:09 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-02-21 02:07 . 2008-02-21 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-02-21 02:04 . 2008-03-02 00:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-02-21 02:03 . 2008-02-21 02:03 <REP> dr-h----- C:\MSOCache

2008-02-20 08:14 . 2008-02-20 08:14 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-02-20 08:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp

2008-02-20 06:41 . 2008-02-25 13:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-02-20 03:52 . 2008-02-20 03:52 268 --ah----- C:\sqmdata08.sqm

2008-02-20 03:52 . 2008-02-20 03:52 244 --ah----- C:\sqmnoopt08.sqm

2008-02-20 02:54 . 2008-02-20 02:54 268 --ah----- C:\sqmdata07.sqm

2008-02-20 02:54 . 2008-02-20 02:54 244 --ah----- C:\sqmnoopt07.sqm

2008-02-19 23:16 . 2008-02-19 23:16 268 --ah----- C:\sqmdata06.sqm

2008-02-19 23:16 . 2008-02-19 23:16 244 --ah----- C:\sqmnoopt06.sqm

2008-02-19 21:39 . 2008-02-25 10:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-02-18 13:25 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-18 13:25 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-18 08:08 . 2008-02-18 08:08 44 --a------ C:\WINDOWS\SMWizard.INI

2008-02-18 07:36 . 2008-02-18 19:03 <REP> d-------- C:\Program Files\Free Download Manager

2008-02-18 07:36 . 2008-02-25 23:23 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Free Download Manager

2008-02-18 07:36 . 2008-02-18 07:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG

2008-02-17 11:11 . 2008-02-17 11:11 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\SmartFTP

2008-02-16 14:04 . 2008-02-16 14:04 754 --a------ C:\WINDOWS\WORDPAD.INI

2008-02-16 09:16 . 2008-02-25 15:41 121 --a------ C:\WINDOWS\bdagent.INI

2008-02-16 08:14 . 2008-02-16 08:14 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer

2008-02-16 06:56 . 2008-02-16 06:56 <REP> d--hs---- C:\Diskeeper

2008-02-16 06:01 . 2008-03-01 18:51 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-16 01:29 . 2008-02-19 21:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation

2008-02-14 20:37 . 2008-02-25 16:55 <REP> d-------- C:\Program Files\Trend Micro

2008-02-14 02:28 . 2008-02-14 02:31 679 --a------ C:\WINDOWS\wininit.ini

2008-02-13 20:40 . 2008-02-16 08:46 <REP> d-------- C:\MFT 2503

2008-02-13 07:50 . 2008-02-13 07:50 <REP> d-------- C:\Documents and Settings\Administrateur.JEROME\Application Data\TuneUp Software

2008-02-13 05:31 . 2008-02-13 05:31 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-02-13 05:31 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-02-13 05:30 . 2008-02-15 15:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-02-13 03:10 . 2008-02-13 03:10 <REP> d-------- C:\WINDOWS\IconsInUse

2008-02-13 02:38 . 2008-02-13 02:42 <REP> d-------- C:\Program Files\HDGraph

2008-02-08 17:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-08 17:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-05 18:54 . 2008-02-05 18:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-02-05 18:25 . 2008-02-25 11:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-02 15:56 22,528 -c--a-w C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-03-02 13:16 --------- d-----w C:\Program Files\Java

2008-03-02 12:20 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\utorrent

2008-02-25 21:04 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ma-config.com

2008-02-25 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-25 19:03 --------- d-----w C:\Program Files\WinamaxPoker

2008-02-25 17:06 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Microgaming

2008-02-25 09:48 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-02-25 04:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-02-25 00:22 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-02-25 00:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-02-24 05:12 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-23 02:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-02-21 01:14 --------- d-----w C:\Program Files\MSBuild

2008-02-18 12:32 --------- d-----w C:\Program Files\MSECache

2008-02-16 03:02 --------- d-----w C:\Program Files\MSN Messenger

2008-02-13 04:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software

2008-02-01 08:50 245,760 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.exe

2008-02-01 08:50 110,592 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.scr

2008-01-30 11:38 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2008-01-30 11:38 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-01-30 11:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2008-01-30 11:35 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-01-30 11:35 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-01-15 19:47 --------- d-----w C:\Documents and Settings\Administrateur.JEROME\Application Data\Lavasoft

2008-01-10 17:29 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Samsung

2008-01-07 03:00 --------- d-----w C:\Program Files\UltraStar

2008-01-07 00:13 --------- d-----w C:\Program Files\Winamp

2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-06 13:05 108,144 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2006-12-02 14:25 853 -c--a-w C:\Documents and Settings\Jerome.JEROME-69F6ED99\reboot.cmd

2007-11-25 00:00 80 -csh--r C:\WINDOWS\system32\F29DB264E0.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-19 16:10 160768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a--c--- 2005-02-08 17:38 159744 C:\Program Files\Apoint2K\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

--a------ 2008-01-30 12:37 1443072 C:\Program Files\ESET\ESET Smart Security\egui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2005-04-11 15:21 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]

--a------ 2007-05-04 01:33 2629632 C:\Program Files\Notebook Hardware Control\nhc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a--c--- 2004-10-14 08:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]

--a------ 2007-01-25 21:33 65536 C:\Program Files\Taskix\Taskix32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]

--a------ 2005-06-01 20:41 65536 C:\Program Files\TransBar\TransBar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

--a------ 2006-07-30 02:37 121089 C:\Program Files\VistaDriveStatus\vsdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]

--a------ 2007-09-05 18:20 36352 C:\Program Files\VisualTaskTips\VisualTaskTips.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"UxTuneUp"=2 (0x2)

"usnjsvc"=3 (0x3)

"UPS"=3 (0x3)

"TuneUp.Defrag"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"srservice"=2 (0x2)

"SoundMAX Agent Service (default)"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"PlugPlay"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"lanmanworkstation"=2 (0x2)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"HTTPFilter"=3 (0x3)

"hpqwmi"=3 (0x3)

"helpsvc"=2 (0x2)

"gusvc"=3 (0x3)

"FontCache3.0.0.0"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Diskeeper"=2 (0x2)

"Dhcp"=2 (0x2)

"CryptSvc"=3 (0x3)

"clr_optimization_v2.0.50727_32"=2 (0x2)

"ClipSrv"=3 (0x3)

"CiSvc"=3 (0x3)

"Browser"=3 (0x3)

"BITS"=2 (0x2)

"AudioSrv"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"ALG"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe338e7-7653-11dc-a2d1-000ae4d4acb8}]

\Shell\AutoRun\command - E:\TOTALCMD\TOTALCMD.EXE

\Shell\read\command - notepad.exe autorun.inf

\Shell\start\command - E:\TOTALCMD\TOTALCMD.EXE

\Shell\start1\command - siw\siw.exe

\Shell\start2\command - PowerMenu_150_FR\PowerMenu.exe

\Shell\start3\command - E:\_Divers\procexp.exe

\Shell\start4\command - hijackthis\HijackThis.exe

\Shell\start5\command - CCTASK\CCTASK.EXE

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 17:20:07

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-03-02 17:21:25

ComboFix-quarantined-files.txt 2008-03-02 16:21:08

ComboFix2.txt 2008-03-02 15:02:09

ComboFix3.txt 2008-03-02 14:29:52

.

2008-03-01 23:18:17 --- E O F ---

[Gildas Ar Breizh]

Mon lecteur "C:\" commence a etre envi, que faut il enlever ?

 

http://img504.imageshack.us/my.php?image=2...02181745ts1.jpg

[pear]

Bonsoir,

Mon lecteur "C:\" commence a etre envi, que faut il enlever ?

je n'avais pas vu votre dernier message:

J' ai pensé que vous vouliez écrire "envahi"

 

Les fichiers sqm***** sont des fichiers SERVICE QUALITY MONITORING en gros, des fichiers espions pour aider a l'amélioration des programmes.

Pour les désactiver, il faut lancer MSN, aller dans l'aide, choisir 'Programme d'amélioration des services' et dire 'Je ne veux pas participer'.

Il n'y aura plus de nouveaux fichiers sqm.

Il suffit juste d'effacer ceux qui sont présents.

 

Pour désinstaller les outils utilisés:

 

Télécharger ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Vous pourrez aussi supprimer les rapports comme vundo.txt etc...

 

Comment va la machine ?

[Gildas Ar Breizh]

MERCI

 

Effectivement je voulais dire "envahi"

 

Ca marche correctement,

Si ce n'est que je suis ralenti, vu que les manipulations effectuées ont fragmenté mon DD, mais cela reviendra

 

J'ai omis de copier le rapport et ai fait "supprimé" directement

Il y avait ~7 lignes dont 3 pour HJT

 

6 mois, quand meme, que je cherche sur la toile qu'elle etait cette entrée sans resultat

Je ne serai jamais d'ou elle venait

Maintenant quelle est effacé je peux demarrer en (msonfig) mode normal sans etre envahi de pub et d'alertes tentatives d'intrutions

 

Pourquoi ai-je tout le temps cette ligne dans CCleaner ?

"C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp 70,03KB"

Est-ce normal ?

Elle est toujours de la meme taille

 

OK pour msn

J'ignorai qu'il fallait le faire pour chaque compte en etant connecté

 

Que dois-je faire au sujet de la console de recuperation que j'ai desormais au demarage

(je l'ai créer suvant le modele du tuto de "ComboFix"

3. Après la fin du téléchargement du fichier Microsoft, vous devez faire glisser ce fichier sur l'icône de ComboFix et le déposer en relâchant le bouton de la souris.

4. ComboFix va maintenant installer automatiquement la Console de Récupération Windows sur votre ordinateur, et celle-ci s'affichera en tant que nouvelle option au démarrage de votre ordinateur. Ne choisissez pas l'option Console de Récupération Windows lorsque vous faites démarrer votre ordinateur, sauf si cela vous est demandé par un conseiller.

Une fois que vous avez fini d'installer la Console de Récupération Windows, vous pouvez continuer avec la suite de ce guide.

 

Et encore MERCI

[pear]

Bonsoir,

 

Que dois-je faire au sujet de la console de recuperation que j'ai desormais au demarage

 

Gardez la surtout.Elle vous sauvera peut-être un jour.

Beaucoup de manipulations en ont besoin et on n'a pas toujours un cd sous la main.

 

Dr Watson"drwtsn32.exe "..

C'est absolument inutile.

Pour le désactiver :

 

1) clic droit sur le poste de travail>Propriété>Rapport d'erreur Désactivé et décocher me prévenir...

 

2) démarrer->Exécuter->regedit :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

Double clic sur auto dans le fenêtre de doite et remplacer la valeur 1 par 0.

 

Pour le supprimer, supprimez la clé AeDebug.

[Gildas Ar Breizh]

MERCI

 

1) clic droit sur le poste de travail>Propriété>Rapport d'erreur Désactivé et décocher me prévenir...

C'était deja fait

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

Effacé, mais toujours present dans CCleaner

 

"C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp 70,03KB"

"user.dmp 70,03KB" Effacé avec Shredder ; ok

 

La ligne n'est plus

 

MERCI pour tout