ComboFix 09-05-31.06 - Fred 2009-06-02 11:42.2 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.2046.1550 [GMT -4:00]
Lancé depuis: c:\documents and settings\Fred\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Fred\Bureau\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"c:\windows\system32\x.x"
"c:\windows\Temp\835661.tmp"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x.x
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-02 au 2009-06-02 ))))))))))))))))))))))))))))))))))))
.
2009-06-02 14:13 . 2009-06-02 14:13 -------- d-sh--w- C:\FOUND.000
2009-06-01 01:58 . 2009-06-01 01:58 -------- d-----w- C:\_OTM
2009-06-01 01:56 . 2009-06-01 01:56 -------- d-----w- c:\program files\ERUNT
2009-05-26 00:54 . 2009-05-26 00:54 -------- d-----w- C:\rsit
2009-05-25 23:29 . 2009-05-25 23:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-16 00:21 . 2009-05-16 00:21 -------- d-----w- c:\program files\Autorun Eater
2009-05-13 06:21 . 2009-05-13 06:21 -------- d-----w- c:\program files\Burn4Free
2009-05-13 03:26 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-05-13 03:26 . 2009-05-13 03:26 -------- d-----w- c:\program files\Panda Security
2009-05-13 02:36 . 1999-09-10 16:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2009-05-13 02:36 . 1999-09-10 16:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2009-05-13 02:36 . 1999-09-10 16:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-05-13 02:36 . 1999-09-10 16:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-05-13 02:14 . 2009-05-13 02:14 -------- d-----w- c:\program files\Instant CD & DVD Burner
2009-05-13 00:51 . 2009-05-13 00:51 -------- d-----w- C:\fixwareout
2009-05-10 20:31 . 2009-05-10 20:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-09 20:20 . 2008-08-25 15:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-05-09 20:20 . 2008-08-25 15:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-05-09 20:20 . 2008-08-25 15:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-05-09 20:20 . 2008-06-02 19:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-05-09 18:27 . 2009-05-09 18:27 -------- d-----w- c:\program files\Spyware Doctor
2009-05-09 02:53 . 2009-05-09 02:53 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\ESET
2009-05-09 01:38 . 2003-03-19 15:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2009-05-09 01:38 . 2006-09-16 23:44 314368 ----a-w- c:\windows\system32\avisynth.dll
2009-05-09 01:38 . 2004-05-27 01:37 719872 ----a-w- c:\windows\system32\devil.dll
2009-05-09 01:37 . 2009-05-09 01:38 -------- d-----w- c:\program files\Magic Video Converter
2009-05-09 01:00 . 2009-05-09 01:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-09 00:57 . 2009-05-09 00:57 81920 ----a-w- c:\documents and settings\Fred\Application Data\ezpinst.exe
2009-05-09 00:57 . 2009-05-09 00:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-09 00:57 . 2009-05-09 00:57 47360 ----a-w- c:\documents and settings\Fred\Application Data\pcouffin.sys
2009-05-09 00:57 . 2009-05-09 00:57 -------- d-----w- C:\PcSetup
2009-05-09 00:57 . 2009-05-09 00:57 -------- d-----w- c:\documents and settings\Fred\Application Data\Vso
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 01:21 . 2007-01-04 22:49 90112 ----a-w- c:\windows\DUMP6f04.tmp
2009-05-10 19:21 . 2007-01-04 22:49 90112 ----a-w- c:\windows\DUMP6f2c.tmp
2009-05-10 19:15 . 2007-01-04 22:49 90112 ----a-w- c:\windows\DUMP1de3.tmp
2009-05-10 19:13 . 2007-01-04 22:49 90112 ----a-w- c:\windows\DUMP6ec8.tmp
2009-05-09 20:21 . 2001-08-28 16:00 64640 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-09 20:21 . 2001-08-28 16:00 448150 ----a-w- c:\windows\system32\perfh00C.dat
2009-03-06 14:46 . 2001-08-28 16:00 286208 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\program files\MétéoMédia\MétéoIMédia\WeatherEye.exe" [2009-01-16 4519832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"Delphi 32009-06-02 04:00utostart"="c:\wdisplay\WeatherD.exe" [2007-07-01 22583296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 1410304]
"PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2003-01-07 176128]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Fred\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Catalyst System Tray.lnk]
backup=c:\windows\pss\Catalyst System Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-05-12 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-11-14 30728]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-14 455936]
R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2004-11-06 26488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-05-09 356920]
.
Contenu du dossier 'Tâches planifiées'
2009-06-01 c:\windows\Tasks\cleanprefetch.job
- c:\windows\cleanprefetch.bat [2008-03-05 18:34]
2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 21:57]
2009-06-02 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 12:43]
2009-06-02 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 12:43]
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://news.google.ca/nwshp?hl=fr&tab=wnuSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/iemWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} -
hxxp://www.registrefoncier.gouv.qc.ca/S ... ViewAX.cabDPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} -
hxxps://owa.ec.gc.ca/exchweb/controls/DAX.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-02 11:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-06-02 11:48
ComboFix-quarantined-files.txt 2009-06-02 15:48
ComboFix2.txt 2009-06-02 14:22
Avant-CF: 18 952 110 080 octets libres
Après-CF: 18 944 278 528 octets libres
154 --- E O F --- 2009-05-13 01:20