ComboFix 08-07-21.2 - TurboCarotte 2008-07-22 20:44:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1425 [GMT 2:00]
Endroit: C:\Documents and Settings\TurboCarotte\Bureau\ComboFix.exe
- Création d’un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.
2008-07-22 15:10 . 2008-07-22 15:10 d-------- C:\Documents and Settings\TurboCarotte\Application Data\Malwarebytes
2008-07-22 15:10 . 2008-07-22 15:10 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 15:10 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 15:10 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 01:34 . 2008-07-22 01:36 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 21:08 . 2008-07-21 21:08 d-------- C:\Program Files\xupmzrd
2008-07-21 21:08 . 2008-07-21 21:08 d-------- C:\Documents and Settings\All Users\Application Data\lehmrihg
2008-07-21 21:08 . 2008-07-21 21:08 81,920 --a------ C:\WINDOWS\system32\furkjojs.exe
2008-07-11 19:39 . 2008-07-13 17:19 d-------- C:\Documents and Settings\TurboCarotte\Application Data\OpenOffice.org2
2008-07-08 15:17 . 2008-07-08 15:17 d-------- C:\Program Files\Fichiers communs\Skype
2008-07-08 15:17 . 2008-07-08 15:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-06 15:01 . 2008-07-06 15:01 1,176 --a------ C:\WINDOWS\ImpTableL.bin
2008-07-03 04:33 . 2008-07-03 04:33 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-30 23:36 . 2008-06-30 23:43 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-30 23:36 . 2008-07-17 22:18 106,935 --a------ C:\WINDOWS\War3Unin.dat
2008-06-30 23:36 . 2008-06-30 23:43 2,829 --a------ C:\WINDOWS\War3Unin.pif
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 18:46 --------- d-----w C:\Documents and Settings\TurboCarotte\Application Data\Skype
2008-07-22 16:33 --------- d-----w C:\Documents and Settings\TurboCarotte\Application Data\skypePM
2008-07-21 23:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-15 14:26 --------- d-----w C:\Documents and Settings\TurboCarotte\Application Data\LimeWire
2008-07-13 15:30 --------- d-----w C:\Program Files\Java
2008-07-08 13:17 --------- d-----w C:\Program Files\Skype
2008-06-24 23:22 --------- d-----w C:\Program Files\DivX
2008-06-01 18:03 --------- d-----w C:\Program Files\iPod
2008-06-01 18:03 --------- d-----w C:\Program Files\Bonjour
2008-06-01 18:03 --------- d-----w C:\Documents and Settings\TurboCarotte\Application Data\Apple Computer
2008-06-01 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-01 18:02 --------- d-----w C:\Program Files\Apple Software Update
2008-06-01 18:01 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-06-01 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 -c–a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 -c–a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 -c–a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:07 --------- d-----w C:\Documents and Settings\TurboCarotte\Application Data\vlc
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 -c–a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 -c–a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-03 21:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-27 18:08 22,328 -c–a-w C:\Documents and Settings\TurboCarotte\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-05-30 15:54 21718312]
“Steam”=“e:\program files\steam\steam.exe” [2008-03-28 00:48 1271032]
“DAEMON Tools”=“E:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 13:24 167368]
“CmdAplAct”=“C:\WINDOWS\system32\furkjojs.exe” [2008-07-21 21:08 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-11-12 07:51 8523776]
“avast!”=“E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“HP Software Update”=“E:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12 49152]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-11-12 07:51 81920]
“Raccourci vers la page des propriétés de High Definition Audio”=“HDAudPropShortcut.exe” [2004-03-17 17:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
“nwiz”=“nwiz.exe” [2007-11-12 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
“cN7jxMmVxd”=“C:\Documents and Settings\All Users\Application Data\lehmrihg\rkfmxujq.exe” [2008-07-21 21:08 65536]
C:\Documents and Settings\TurboCarotte\Menu D?marrer\Programmes\D?marrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
C:\Documents and Settings\All Users\Menu D?marrer\Programmes\D?marrage
D-Link AirPlus.lnk - E:\Program Files\D-Link AirPlus\AirPlus.exe [2007-11-09 22:57:12 262144]
Lancement rapide d’Adobe Reader.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“InfoMsg”= {41FC4C4F-5641-5AD7-BB32-0487EA6506F9} - C:\Program Files\xupmzrd\InfoMsg.dll [2008-07-21 21:08 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.FFDS”= ffdshow.ax
“msacm.ac3filter”= ac3filter.acm
[HKLM~\startupfolder\C:^Documents and Settings^TurboCarotte^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\TurboCarotte\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a------ 2008-03-30 10:36 267048 E:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
–a------ 2008-04-01 18:35 3587120 E:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“usnjsvc”=3 (0x3)
“PnkBstrA”=2 (0x2)
“iPod Service”=3 (0x3)
“Bonjour Service”=2 (0x2)
“Apple Mobile Device”=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
“E:\Program Files\LimeWire\LimeWire.exe”=
“E:\Program Files\Unreal Tournament 3\Binaries\UT3.exe”=
“E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=
“E:\Program Files\Sierra\FEAR\FEAR.exe”=
“E:\Program Files\Sierra\FEAR\FEARMP.exe”=
“E:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe”=
“C:\Program Files\Bonjour\mDNSResponder.exe”=
“E:\Program Files\iTunes\iTunes.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 12:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ff197fb8-51c5-11dd-8114-0013461385ed}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
Newly Created Service - CATCHME
Newly Created Service - PROCEXP90
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’
“2008-07-17 09:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
-
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O16 -: DirectAnimation Java Classes - [C:\WINDOWS\Java\classes\dajava.cab…](file://C:\WINDOWS\Java\classes\dajava.cab)
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - [C:\WINDOWS\Java\classes\xmldso.cab…](file://C:\WINDOWS\Java\classes\xmldso.cab)
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-22 20:46:29
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés …
Balayage caché autostart entries …
Balayage des fichiers cachés …
Scan terminé avec succès
Les fichiers cachés: 0
.
Temps d’accomplissement: 2008-07-22 20:47:17
ComboFix-quarantined-files.txt 2008-07-22 18:47:11
Pre-Run: 508,170,240 octets libres
Post-Run: 1,724,321,792 octets libres
165