Processus "System" qui me prend presque tout mon UC avec Cou

[obusco]

J'ai eu plusieurs modifications que m'as signalé Spybot, je l'ai ai accepté, j'ai eu un virus W95/Blumblebee.1738 dans le doute j'ai delete.

 

 

ComboFix 08-04-14.2 - Alex 2008-04-15 15:00:25.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1546 [GMT 2:00]

Endroit: C:\Documents and Settings\Alex\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\msttxl16.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_poof

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-15 13:39 . 2008-04-15 13:39 12,126,674 --a------ C:\upload_moi_OBUSCO.tar.gz

2008-04-15 00:06 . 2008-04-15 00:06 <REP> d-------- C:\Program Files\Stardock

2008-04-15 00:06 . 2008-04-15 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Stardock

2008-04-15 00:06 . 2008-04-15 00:08 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-04-14 19:41 . 2008-04-14 19:41 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr

2008-04-14 19:24 . 2008-04-14 19:24 <REP> d-------- C:\Program Files\AusLogics Disk Defrag

2008-04-14 19:19 . 2008-04-14 19:20 <REP> d-------- C:\Program Files\Power Defrag

2008-04-14 18:51 . 2008-04-14 18:51 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-04-14 18:21 . 2008-04-14 18:21 <REP> d-------- C:\Program Files\HardwareDetection

2008-04-14 12:20 . 2008-04-14 12:21 <REP> d-------- C:\Program Files\Defcon

2008-04-14 03:08 . 2008-04-14 04:02 64,998,563 --a------ C:\Defcon v1.43.rar

2008-04-13 23:26 . 2008-04-13 23:26 103 --a------ C:\WINDOWS\pro.INI

2008-04-13 23:25 . 2008-04-15 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\VMware

2008-04-13 23:24 . 2006-11-13 13:23 142,128 --a------ C:\WINDOWS\system32\vmnat.exe

2008-04-13 23:24 . 2006-11-13 13:23 113,456 --a------ C:\WINDOWS\system32\vmnetdhcp.exe

2008-04-13 23:23 . 2006-11-13 13:23 391,984 --a------ C:\WINDOWS\system32\vnetlib.dll

2008-04-13 23:23 . 2006-11-13 13:23 22,576 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys

2008-04-13 23:19 . 2008-04-13 23:19 <REP> d-------- C:\Program Files\VMware

2008-04-13 23:19 . 2008-04-13 23:19 <REP> d-------- C:\Program Files\Fichiers communs\VMware

2008-04-13 23:19 . 2008-04-15 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VMware

2008-04-13 22:21 . 2008-04-13 22:21 <REP> d-------- C:\Program Files\Trend Micro

2008-04-13 22:15 . 2008-04-13 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-04-13 22:06 . 2008-04-13 22:06 <REP> d-------- C:\Program Files\Yahoo!

2008-04-11 21:00 . 2008-04-13 22:24 <REP> d-------- C:\Program Files\Google

2008-04-10 23:02 . 2008-04-10 23:02 <REP> d-------- C:\Program Files\iPod

2008-04-10 23:02 . 2008-04-15 14:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-10 23:02 . 2008-04-10 23:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-06 16:48 . 2008-04-13 23:32 <REP> d-------- C:\Program Files\Panda Security

2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-04-01 21:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-01 21:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-01 21:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-01 20:28 . 2008-04-01 20:29 <REP> d-------- C:\Program Files\StuffPlug3

2008-04-01 20:22 . 2008-04-01 20:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-01 20:22 . 2008-04-01 20:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-30 11:32 . 2008-03-30 11:35 <REP> d-------- C:\logos

2008-03-30 11:26 . 2008-03-30 11:25 5,202,560 --a------ C:\aiw1245765.mp3

2008-03-30 11:17 . 2008-04-13 22:06 <REP> d-------- C:\Program Files\Hair Pro 2008 Light

2008-03-30 11:17 . 2008-03-30 11:17 275 --a------ C:\WINDOWS\SStylerProDemo.ini

2008-03-30 01:31 . 2008-03-30 01:31 312,044 --a------ C:\WINDOWS\CSSBScript - Version Full Uninstaller.exe

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-03-23 17:52 . 2008-03-23 17:52 5,228,374 --a------ C:\test.wav

2008-03-23 16:09 . 2008-03-23 16:09 <REP> d-------- C:\Program Files\Bome's Mouse Keyboard

2008-03-23 16:07 . 2008-03-23 16:07 673,546 --a------ C:\WINDOWS\unins001.exe

2008-03-23 16:07 . 2003-09-22 18:10 61,440 --a------ C:\WINDOWS\system32\marblaxp.dll

2008-03-23 16:07 . 2003-09-22 18:10 53,248 --a------ C:\WINDOWS\system32\drivers\maplevmd000.exe

2008-03-23 16:07 . 2003-09-22 18:09 49,152 --a------ C:\WINDOWS\system32\mapleapi.dll

2008-03-23 16:07 . 2003-09-22 18:10 31,624 --a------ C:\WINDOWS\system32\mapledxp.dll

2008-03-23 16:07 . 2004-04-05 11:44 24,720 --a------ C:\WINDOWS\system32\drivers\mapledxp.sys

2008-03-23 16:07 . 2008-03-23 16:07 7,448 --a------ C:\WINDOWS\unins001.dat

2008-03-23 15:50 . 2008-03-23 15:50 368,640 --a------ C:\WINDOWS\system32\ReWire.dll

2008-03-23 15:50 . 2008-03-23 15:50 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll

2008-03-22 21:54 . 2008-03-22 21:54 <REP> d-------- C:\Documents and Settings\Alex\1204397503

2008-03-22 21:40 . 2008-03-22 21:44 35,280,088 --a------ C:\TMP79.tmp

2008-03-22 21:40 . 2008-03-22 21:44 8,820,088 --a------ C:\TMP7D.tmp

2008-03-21 21:00 . 2008-03-21 21:00 <REP> d-------- C:\Program Files\Fractalis Software

2008-03-21 21:00 . 2008-03-21 22:35 <REP> d-------- C:\myinst

2008-03-21 21:00 . 2008-03-21 21:00 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-03-21 20:37 . 2008-03-21 20:37 <REP> d-------- C:\Program Files\Propellerhead

2008-03-20 22:47 . 2008-03-20 22:48 <REP> d-------- C:\Program Files\Safari

2008-03-19 12:41 . 2008-03-19 12:41 244 --ah----- C:\sqmnoopt02.sqm

2008-03-19 12:41 . 2008-03-19 12:41 232 --ah----- C:\sqmdata02.sqm

2008-03-19 00:29 . 2008-03-19 00:29 244 --ah----- C:\sqmnoopt01.sqm

2008-03-19 00:29 . 2008-03-19 00:29 232 --ah----- C:\sqmdata01.sqm

2008-03-16 23:38 . 2008-03-16 23:38 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Alien Skin

2008-03-16 12:01 . 2008-03-16 12:01 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData

2008-03-16 11:36 . 2008-03-16 12:01 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts

2008-03-16 11:34 . 2008-03-16 11:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI

2008-03-15 23:00 . 2008-03-15 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-15 22:51 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-03-15 22:35 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-03-15 22:35 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-03-15 22:35 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-03-15 22:35 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-15 12:45 --------- d-----w C:\Documents and Settings\Alex\Application Data\OpenOffice.org2

2008-04-14 23:21 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent

2008-04-14 22:16 --------- d-----w C:\Program Files\Steam

2008-04-14 19:19 --------- d-----w C:\Program Files\eMule

2008-04-14 17:46 --------- d-----w C:\Documents and Settings\Alex\Application Data\tor

2008-04-13 22:05 --------- d-----w C:\Program Files\Gpotato.eu

2008-04-13 21:27 --------- d-----w C:\Program Files\Mackila

2008-04-13 21:26 --------- d-----w C:\Program Files\Teleport Pro

2008-04-13 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-13 20:44 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-13 20:38 --------- d-----w C:\Documents and Settings\Alex\Application Data\Vidalia

2008-04-13 20:06 --------- d-----w C:\Program Files\Prime95

2008-04-13 20:05 --------- d-----w C:\Program Files\Eurobarre

2008-04-11 17:17 --------- d-s---w C:\Program Files\Xfire

2008-04-10 21:02 --------- d-----w C:\Program Files\iTunes

2008-04-10 21:00 --------- d-----w C:\Program Files\QuickTime

2008-04-09 17:19 --------- d-----w C:\Program Files\Ripp-it_AM

2008-04-08 21:59 --------- d-----w C:\Documents and Settings\Alex\Application Data\Skype

2008-04-08 17:04 --------- d-----w C:\Documents and Settings\Alex\Application Data\Xfire

2008-04-02 17:34 --------- d-----w C:\Program Files\Symantec

2008-04-02 17:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-04-01 18:26 --------- d-----w C:\Program Files\MSN Messenger

2008-04-01 18:22 --------- d-----w C:\Program Files\Windows Live

2008-03-30 12:43 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-24 15:35 --------- d-----w C:\Documents and Settings\Alex\Application Data\Apple Computer

2008-03-15 21:03 --------- d-----w C:\Program Files\Mlehrer

2008-03-15 21:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-13 20:07 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-13 20:07 --------- d-----w C:\Program Files\SigmaTel

2008-03-12 23:30 --------- d-----w C:\Program Files\dBpowerAMP

2008-03-12 22:33 --------- d-----w C:\Program Files\THOMSON mp3PRO Audio Player

2008-03-12 22:33 --------- d-----w C:\Program Files\CDex_170b2

2008-03-12 22:25 --------- d-----w C:\Program Files\Free Audio Pack

2008-03-09 11:18 --------- d-----w C:\Program Files\Game Cam V2

2008-03-04 21:27 --------- d-----w C:\Program Files\IntelliTamper

2008-03-04 21:18 --------- d-----w C:\Program Files\i-Media

2008-03-04 21:18 --------- d-----w C:\Program Files\Goto

2008-03-01 20:21 --------- d-----w C:\Program Files\StatnPerf

2008-03-01 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI

2008-03-01 20:07 --------- d-----w C:\Program Files\NetLimiter 2 Pro

2008-03-01 17:55 --------- d-----w C:\Program Files\ATI Technologies

2008-03-01 17:40 --------- d-----w C:\Program Files\BitComet

2008-03-01 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime

2008-03-01 15:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\LockTime

2008-02-29 19:53 --------- d-----w C:\Program Files\Act-3D

2008-02-29 18:03 --------- d-----w C:\Program Files\Fichiers communs\Thraex Software

2008-02-28 00:24 --------- d-----w C:\Program Files\WowCartographe

2008-02-25 21:14 --------- d-----w C:\Program Files\World Of Warcraft

2008-02-25 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Earthsim

2008-02-25 20:23 --------- d-----w C:\Documents and Settings\Alex\Application Data\Earthsim

2008-02-25 19:48 --------- d-----w C:\Program Files\IDoser v4

2008-02-25 19:47 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-02-25 19:41 --------- d-----w C:\Program Files\Opera

2008-02-25 19:21 --------- d-----w C:\Documents and Settings\Alex\Application Data\InstallShield

2008-02-25 19:20 --------- d-----w C:\Program Files\ProcessGuard

2008-02-25 16:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-24 14:02 --------- d-----w C:\Program Files\uTorrent

2008-02-23 02:49 --------- d-----w C:\Program Files\KiddiesBarre

2008-02-20 13:14 --------- d-----w C:\Program Files\CamStudio

2007-08-02 12:53 1 ----a-w C:\Documents and Settings\Alex\SI.bin

2007-07-10 21:51 1,435 ----a-w C:\Documents and Settings\Alex\Application Data\SAS7_000.DAT

2007-04-15 16:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44 815104]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07 1289000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]

"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 11:25 591360]

"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 21:57 249896]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-04 19:24 185784]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-11-19 12:01 1970176]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"stisvc"=3 (0x3)

"RemoteRegistry"=2 (0x2)

"COMSysApp"=3 (0x3)

"helpsvc"=2 (0x2)

"Dnscache"=2 (0x2)

"WmiApSrv"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"seclogon"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

"Odebit Multimedia V3"=C:\Program Files\Odebit Multimédia\V3\Odebit.exe

"Odebit Multimedia V3 - Services"=C:\Program Files\Odebit Multimédia\V3\Odebit.exe /info

"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe

"Steam"="c:\program files\steam\steam.exe" -silent

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

"<NO NAME>"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\World Of Warcraft\\Repair.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"C:\\Documents and Settings\\Alex\\Bureau\\pfull_361\\final\\SpyGestion.exe"=

"C:\\Program Files\\FileZilla\\FileZilla.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Steam\\Steam.exe"=

"C:\\Program Files\\World Of Warcraft\\WoW-2.2.0-frFR-downloader.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"C:\\Program Files\\Steam\\steamapps\\xav9595\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\steamapps\\xav9595\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\World Of Warcraft\\Wow.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Defcon\\defcon.exe"=

"C:\\Program Files\\Steam\\steamapps\\spritx\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\steamapps\\spritx\\condition zero\\hl.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8116:TCP"= 8116:TCP:BitComet 8116 TCP

"8116:UDP"= 8116:UDP:BitComet 8116 UDP

"8553:TCP"= 8553:TCP:BitComet 8553 TCP

"8553:UDP"= 8553:UDP:BitComet 8553 UDP

"13381:TCP"= 13381:TCP:BitComet 13381 TCP

"13381:UDP"= 13381:UDP:BitComet 13381 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"7313:TCP"= 7313:TCP:BitComet 7313 TCP

"7313:UDP"= 7313:UDP:BitComet 7313 UDP

 

R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 11:44]

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]

R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 15:13]

R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-09 11:26]

S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []

S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e02e1945-eb8e-11db-83ec-806d6172696f}]

\Shell\AutoRun\command - D:\ASUSACPI.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-10 19:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 15:05:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 347

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\TheTurtle\rkmt.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\TheTurtle\rkmt.dll

 

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Program Files\TheTurtle\rkmt.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-15 15:19:16 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-15 13:19:11

 

Pre-Run: 25,598,431,232 octets libres

Post-Run: 26,235,445,248 octets libres

.

2008-04-12 18:11:23 --- E O F ---

[obusco]

Le problème n'est pas réglé :s

[pear]

Bonsoir,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

 

File::

C:\aiw1245765.mp3

C:\TMP79.tmp

C:\TMP7D.tmp

c:\Documents and Settings\Alex\Local Settings\Temp\ubi1A.tmp.exe

c:\Documents and Settings\Alex\Local Settings\Temp\ubiB4.tmp.exe

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

Télécharger AtfCleaner

et lancez le en tant qu'Administrateur

Clic droit ->Exécuter en tant que Administrateur.

http://www.atribune.org/index.php?option=c...5&Itemid=25

[obusco]

Je n'ai encore rien fait, mais tu me demande de supprimer C:\aiw1245765.mp3 non ?

Car c'est un mp3 qui est en fait de la musique ' Mezzanine-Massive attack '

[pear]

Bonsoir,

 

Si vous y tenez, ne le mettez dans le script.

 

Il sera toujours temps d'y revenir , si nécessaire.

[obusco]

ComboFix 08-04-14.2 - Alex 2008-04-15 21:23:20.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1505 [GMT 2:00]

Endroit: C:\Documents and Settings\Alex\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Alex\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

c:\Documents and Settings\Alex\Local Settings\Temp\ubi1A.tmp.exe

c:\Documents and Settings\Alex\Local Settings\Temp\ubiB4.tmp.exe

C:\TMP79.tmp

C:\TMP7D.tmp

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\TMP79.tmp

C:\TMP7D.tmp

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-15 21:08 . 2008-04-15 21:08 101,928 --a------ C:\Projet sans titre.aep

2008-04-15 20:03 . 2008-04-15 20:03 91,661,540 --a------ C:\a_4.avi

2008-04-15 20:03 . 2008-04-15 20:03 1,874,840 --a------ C:\VIDEO_083_PC.avi

2008-04-15 19:30 . 2008-04-15 19:37 545,584 --a------ C:\a_3_1.avi

2008-04-15 18:57 . 2008-04-15 18:57 307,230,644 --a------ C:\a_3.avi

2008-04-15 18:56 . 2008-04-15 18:56 4,064,470 --a------ C:\VIDEO_080_PC.avi

2008-04-15 18:14 . 2008-04-15 18:14 172,153,052 --a------ C:\A_2.avi

2008-04-15 18:14 . 2008-04-15 18:14 2,528,208 --a------ C:\VIDEO_078_PC.avi

2008-04-15 17:56 . 2008-04-15 17:56 11,680,706 --a------ C:\A_1.avi

2008-04-15 17:50 . 2008-04-15 17:50 553,384 --a------ C:\VIDEO_077_PC.avi

2008-04-15 16:38 . 2008-04-15 16:38 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM

2008-04-15 13:39 . 2008-04-15 13:39 12,126,674 --a------ C:\upload_moi_OBUSCO.tar.gz

2008-04-15 00:06 . 2008-04-15 00:06 <REP> d-------- C:\Program Files\Stardock

2008-04-15 00:06 . 2008-04-15 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Stardock

2008-04-15 00:06 . 2008-04-15 00:08 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-04-14 19:59 . 2008-04-14 19:59 1,701,220 --a------ C:\VIDEO_083.mp4

2008-04-14 19:41 . 2008-04-14 19:41 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr

2008-04-14 19:24 . 2008-04-14 19:24 <REP> d-------- C:\Program Files\AusLogics Disk Defrag

2008-04-14 19:19 . 2008-04-14 19:20 <REP> d-------- C:\Program Files\Power Defrag

2008-04-14 18:51 . 2008-04-14 18:51 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-04-14 18:51 . 2008-04-14 18:51 4,286,990 --a------ C:\VIDEO_080.mp4

2008-04-14 18:21 . 2008-04-14 18:21 <REP> d-------- C:\Program Files\HardwareDetection

2008-04-14 18:12 . 2008-04-14 18:12 2,017,950 --a------ C:\VIDEO_078.mp4

2008-04-14 17:47 . 2008-04-14 17:47 267,688 --a------ C:\VIDEO_077.mp4

2008-04-14 12:20 . 2008-04-14 12:21 <REP> d-------- C:\Program Files\Defcon

2008-04-14 03:08 . 2008-04-14 04:02 64,998,563 --a------ C:\Defcon v1.43.rar

2008-04-13 23:26 . 2008-04-13 23:26 103 --a------ C:\WINDOWS\pro.INI

2008-04-13 23:25 . 2008-04-15 21:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\VMware

2008-04-13 23:24 . 2006-11-13 13:23 142,128 --a------ C:\WINDOWS\system32\vmnat.exe

2008-04-13 23:24 . 2006-11-13 13:23 113,456 --a------ C:\WINDOWS\system32\vmnetdhcp.exe

2008-04-13 23:23 . 2006-11-13 13:23 391,984 --a------ C:\WINDOWS\system32\vnetlib.dll

2008-04-13 23:23 . 2006-11-13 13:23 22,576 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys

2008-04-13 23:19 . 2008-04-13 23:19 <REP> d-------- C:\Program Files\VMware

2008-04-13 23:19 . 2008-04-13 23:19 <REP> d-------- C:\Program Files\Fichiers communs\VMware

2008-04-13 23:19 . 2008-04-15 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VMware

2008-04-13 22:21 . 2008-04-13 22:21 <REP> d-------- C:\Program Files\Trend Micro

2008-04-13 22:15 . 2008-04-13 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-04-13 22:06 . 2008-04-13 22:06 <REP> d-------- C:\Program Files\Yahoo!

2008-04-11 21:00 . 2008-04-13 22:24 <REP> d-------- C:\Program Files\Google

2008-04-10 23:02 . 2008-04-10 23:02 <REP> d-------- C:\Program Files\iPod

2008-04-10 23:02 . 2008-04-15 17:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-10 23:02 . 2008-04-10 23:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-06 16:48 . 2008-04-13 23:32 <REP> d-------- C:\Program Files\Panda Security

2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-04-01 21:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-01 21:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-01 21:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-01 20:28 . 2008-04-01 20:29 <REP> d-------- C:\Program Files\StuffPlug3

2008-04-01 20:22 . 2008-04-01 20:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-01 20:22 . 2008-04-01 20:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-30 11:32 . 2008-03-30 11:35 <REP> d-------- C:\logos

2008-03-30 11:26 . 2008-03-30 11:25 5,202,560 --a------ C:\aiw1245765.mp3

2008-03-30 11:17 . 2008-04-13 22:06 <REP> d-------- C:\Program Files\Hair Pro 2008 Light

2008-03-30 11:17 . 2008-03-30 11:17 275 --a------ C:\WINDOWS\SStylerProDemo.ini

2008-03-30 01:31 . 2008-03-30 01:31 312,044 --a------ C:\WINDOWS\CSSBScript - Version Full Uninstaller.exe

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-03-23 17:52 . 2008-03-23 17:52 5,228,374 --a------ C:\test.wav

2008-03-23 16:09 . 2008-03-23 16:09 <REP> d-------- C:\Program Files\Bome's Mouse Keyboard

2008-03-23 16:07 . 2008-03-23 16:07 673,546 --a------ C:\WINDOWS\unins001.exe

2008-03-23 16:07 . 2003-09-22 18:10 61,440 --a------ C:\WINDOWS\system32\marblaxp.dll

2008-03-23 16:07 . 2003-09-22 18:10 53,248 --a------ C:\WINDOWS\system32\drivers\maplevmd000.exe

2008-03-23 16:07 . 2003-09-22 18:09 49,152 --a------ C:\WINDOWS\system32\mapleapi.dll

2008-03-23 16:07 . 2003-09-22 18:10 31,624 --a------ C:\WINDOWS\system32\mapledxp.dll

2008-03-23 16:07 . 2004-04-05 11:44 24,720 --a------ C:\WINDOWS\system32\drivers\mapledxp.sys

2008-03-23 16:07 . 2008-03-23 16:07 7,448 --a------ C:\WINDOWS\unins001.dat

2008-03-23 15:50 . 2008-03-23 15:50 368,640 --a------ C:\WINDOWS\system32\ReWire.dll

2008-03-23 15:50 . 2008-03-23 15:50 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll

2008-03-22 21:54 . 2008-03-22 21:54 <REP> d-------- C:\Documents and Settings\Alex\1204397503

2008-03-21 21:00 . 2008-03-21 21:00 <REP> d-------- C:\Program Files\Fractalis Software

2008-03-21 21:00 . 2008-03-21 22:35 <REP> d-------- C:\myinst

2008-03-21 21:00 . 2008-03-21 21:00 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-03-21 20:37 . 2008-03-21 20:37 <REP> d-------- C:\Program Files\Propellerhead

2008-03-20 22:47 . 2008-03-20 22:48 <REP> d-------- C:\Program Files\Safari

2008-03-19 12:41 . 2008-03-19 12:41 244 --ah----- C:\sqmnoopt02.sqm

2008-03-19 12:41 . 2008-03-19 12:41 232 --ah----- C:\sqmdata02.sqm

2008-03-19 00:29 . 2008-03-19 00:29 244 --ah----- C:\sqmnoopt01.sqm

2008-03-19 00:29 . 2008-03-19 00:29 232 --ah----- C:\sqmdata01.sqm

2008-03-16 23:38 . 2008-03-16 23:38 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Alien Skin

2008-03-16 12:01 . 2008-03-16 12:01 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData

2008-03-16 11:36 . 2008-03-16 12:01 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts

2008-03-16 11:34 . 2008-03-16 11:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI

2008-03-15 23:00 . 2008-03-15 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-15 22:51 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-03-15 22:35 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-03-15 22:35 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-03-15 22:35 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-03-15 22:35 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-15 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-15 15:39 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-04-15 14:44 --------- d-----w C:\Program Files\Steam

2008-04-15 12:45 --------- d-----w C:\Documents and Settings\Alex\Application Data\OpenOffice.org2

2008-04-14 23:21 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent

2008-04-14 19:19 --------- d-----w C:\Program Files\eMule

2008-04-14 17:46 --------- d-----w C:\Documents and Settings\Alex\Application Data\tor

2008-04-13 22:05 --------- d-----w C:\Program Files\Gpotato.eu

2008-04-13 21:27 --------- d-----w C:\Program Files\Mackila

2008-04-13 21:26 --------- d-----w C:\Program Files\Teleport Pro

2008-04-13 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-13 20:44 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-13 20:38 --------- d-----w C:\Documents and Settings\Alex\Application Data\Vidalia

2008-04-13 20:06 --------- d-----w C:\Program Files\Prime95

2008-04-13 20:05 --------- d-----w C:\Program Files\Eurobarre

2008-04-11 17:17 --------- d-s---w C:\Program Files\Xfire

2008-04-10 21:02 --------- d-----w C:\Program Files\iTunes

2008-04-10 21:00 --------- d-----w C:\Program Files\QuickTime

2008-04-09 17:19 --------- d-----w C:\Program Files\Ripp-it_AM

2008-04-08 21:59 --------- d-----w C:\Documents and Settings\Alex\Application Data\Skype

2008-04-08 17:04 --------- d-----w C:\Documents and Settings\Alex\Application Data\Xfire

2008-04-02 17:34 --------- d-----w C:\Program Files\Symantec

2008-04-02 17:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-04-01 18:26 --------- d-----w C:\Program Files\MSN Messenger

2008-04-01 18:22 --------- d-----w C:\Program Files\Windows Live

2008-03-30 12:43 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-24 15:35 --------- d-----w C:\Documents and Settings\Alex\Application Data\Apple Computer

2008-03-15 21:03 --------- d-----w C:\Program Files\Mlehrer

2008-03-15 21:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-13 20:07 --------- d-----w C:\Program Files\SigmaTel

2008-03-12 23:30 --------- d-----w C:\Program Files\dBpowerAMP

2008-03-12 22:33 --------- d-----w C:\Program Files\THOMSON mp3PRO Audio Player

2008-03-12 22:33 --------- d-----w C:\Program Files\CDex_170b2

2008-03-12 22:25 --------- d-----w C:\Program Files\Free Audio Pack

2008-03-09 11:18 --------- d-----w C:\Program Files\Game Cam V2

2008-03-04 21:27 --------- d-----w C:\Program Files\IntelliTamper

2008-03-04 21:18 --------- d-----w C:\Program Files\i-Media

2008-03-04 21:18 --------- d-----w C:\Program Files\Goto

2008-03-01 20:21 --------- d-----w C:\Program Files\StatnPerf

2008-03-01 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI

2008-03-01 20:07 --------- d-----w C:\Program Files\NetLimiter 2 Pro

2008-03-01 17:55 --------- d-----w C:\Program Files\ATI Technologies

2008-03-01 17:40 --------- d-----w C:\Program Files\BitComet

2008-03-01 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime

2008-03-01 15:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\LockTime

2008-02-29 19:53 --------- d-----w C:\Program Files\Act-3D

2008-02-29 18:03 --------- d-----w C:\Program Files\Fichiers communs\Thraex Software

2008-02-28 00:24 --------- d-----w C:\Program Files\WowCartographe

2008-02-25 21:14 --------- d-----w C:\Program Files\World Of Warcraft

2008-02-25 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Earthsim

2008-02-25 20:23 --------- d-----w C:\Documents and Settings\Alex\Application Data\Earthsim

2008-02-25 19:48 --------- d-----w C:\Program Files\IDoser v4

2008-02-25 19:47 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-02-25 19:41 --------- d-----w C:\Program Files\Opera

2008-02-25 19:21 --------- d-----w C:\Documents and Settings\Alex\Application Data\InstallShield

2008-02-25 19:20 --------- d-----w C:\Program Files\ProcessGuard

2008-02-25 16:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-24 14:02 --------- d-----w C:\Program Files\uTorrent

2008-02-23 02:49 --------- d-----w C:\Program Files\KiddiesBarre

2008-02-20 13:14 --------- d-----w C:\Program Files\CamStudio

2007-08-02 12:53 1 ----a-w C:\Documents and Settings\Alex\SI.bin

2007-07-10 21:51 1,435 ----a-w C:\Documents and Settings\Alex\Application Data\SAS7_000.DAT

2007-04-15 16:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-15_15.18.59.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-15 13:02:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-15 19:28:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2007-09-27 16:51:11 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-0000-0000-0000-EDED00000102}\ESLaunchShortcut_B669579F4AB8402BB6E7E4F073A6E215.exe

+ 2008-04-15 15:40:58 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-0000-0000-0000-EDED00000102}\ESLaunchShortcut_B669579F4AB8402BB6E7E4F073A6E215.exe

- 2007-09-27 16:51:11 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-0000-0000-0000-EDED00000102}\NewShortcut2_B669579F4AB8402BB6E7E4F073A6E215.exe

+ 2008-04-15 15:40:58 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-0000-0000-0000-EDED00000102}\NewShortcut2_B669579F4AB8402BB6E7E4F073A6E215.exe

- 2007-09-27 16:43:23 23,558 ----a-r C:\WINDOWS\Installer\{DD362256-A7A2-4524-9457-213DDC2AFC2A}\ARPPRODUCTICON.exe

+ 2008-04-15 15:40:16 23,558 ----a-r C:\WINDOWS\Installer\{DD362256-A7A2-4524-9457-213DDC2AFC2A}\ARPPRODUCTICON.exe

- 2008-04-13 21:25:00 64,680 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-15 18:01:38 64,680 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-04-13 21:25:00 78,678 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-04-15 18:01:38 78,678 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-04-13 21:25:00 408,572 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-15 18:01:38 408,572 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-04-13 21:25:00 476,548 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-04-15 18:01:38 476,548 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-04-15 19:29:10 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_598.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 19:44 815104]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07 1289000]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]

"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 11:25 591360]

"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 21:57 249896]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-04 19:24 185784]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-11-19 12:01 1970176]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"stisvc"=3 (0x3)

"RemoteRegistry"=2 (0x2)

"COMSysApp"=3 (0x3)

"helpsvc"=2 (0x2)

"Dnscache"=2 (0x2)

"WmiApSrv"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"seclogon"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

"Odebit Multimedia V3"=C:\Program Files\Odebit Multimédia\V3\Odebit.exe

"Odebit Multimedia V3 - Services"=C:\Program Files\Odebit Multimédia\V3\Odebit.exe /info

"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe

"Steam"="c:\program files\steam\steam.exe" -silent

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

"<NO NAME>"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\World Of Warcraft\\Repair.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"C:\\Documents and Settings\\Alex\\Bureau\\pfull_361\\final\\SpyGestion.exe"=

"C:\\Program Files\\FileZilla\\FileZilla.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Steam\\Steam.exe"=

"C:\\Program Files\\World Of Warcraft\\WoW-2.2.0-frFR-downloader.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"C:\\Program Files\\Steam\\steamapps\\xav9595\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\steamapps\\xav9595\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\World Of Warcraft\\Wow.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Defcon\\defcon.exe"=

"C:\\Program Files\\Steam\\steamapps\\spritx\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\steamapps\\spritx\\condition zero\\hl.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8116:TCP"= 8116:TCP:BitComet 8116 TCP

"8116:UDP"= 8116:UDP:BitComet 8116 UDP

"8553:TCP"= 8553:TCP:BitComet 8553 TCP

"8553:UDP"= 8553:UDP:BitComet 8553 UDP

"13381:TCP"= 13381:TCP:BitComet 13381 TCP

"13381:UDP"= 13381:UDP:BitComet 13381 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"7313:TCP"= 7313:TCP:BitComet 7313 TCP

"7313:UDP"= 7313:UDP:BitComet 7313 UDP

 

R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 11:44]

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]

R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 15:13]

S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-09 11:26]

S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []

S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e02e1945-eb8e-11db-83ec-806d6172696f}]

\Shell\AutoRun\command - D:\ASUSACPI.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-10 19:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 21:28:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 347

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\TheTurtle\rkmt.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\TheTurtle\rkmt.dll

 

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Program Files\TheTurtle\rkmt.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Last.fm\LastFMHelper.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-15 21:43:45 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-15 19:43:40

ComboFix2.txt 2008-04-15 15:08:12

ComboFix3.txt 2008-04-15 13:19:17

 

Pre-Run: 25,701,920,768 octets libres

Post-Run: 25,706,819,584 octets libres

.

2008-04-12 18:11:23 --- E O F ---

 

 

 

J'ai vérifier si :

- c:\Documents and Settings\Alex\Local Settings\Temp\ubi1A.tmp.exe

c:\Documents and Settings\Alex\Local Settings\Temp\ubiB4.tmp.exe

 

Sont encore la, je ne les voit pas ( manuellement ).

 

Pour ATF quel sont les catégorie a nettoyer ?

[pear]

Bonjour,

Pour ATF quel sont les catégorie a nettoyer

 

Cochez tout , sauf prefetch si vous l'utilisez.

 

Attention, ATF ne nettoie que la session en cours, pas les autres comptes qui pourrait exister sur votre système.

Si vous avez plusieurs comptes, il suffit juste de l'exécuter pour chaque compte.

 

Concernant C:\aiw1245765.mp3

Rendez vous à cette addresse:

http://www.virustotal.com/fr/

 

Cliquez sur parcourir pour trouver ce fichier:

C:\aiw1245765.mp3

et cliquez sur "envoyer le fichier"

 

Suivant la réponse,si c'est saint vous le gardez.

 

Avez vous toujours des disfonctionnements ?

[obusco]

Oui ,

 

Toujours le même, pour mon fichier mp3 rien n'as été détecté ( Un mp3 peut il etre contaminé ? )

[Invité Obusco]

Personne n'as une idée ?