ComboFix 08-01-03.4 - Papa 2008-01-03 16:49:49.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.749 [GMT 1:00] Running from: C:\Documents and Settings\Papa\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Papa\Application Data\setup_fr[1].exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))))))) . 2008-01-03 16:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 13:11 . 2008-01-03 13:11 d-------- C:\Documents and Settings\Papa\Application Data\PCF-VLC 2008-01-02 18:49 . 2008-01-02 18:49 d-------- C:\Program Files\DivX 2008-01-02 14:17 . 2008-01-02 14:17 250 --a------ C:\WINDOWS\gmer.ini 2008-01-02 14:14 . 2008-01-02 17:40 4,030 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-28 01:48 . 2007-12-28 01:48 244 --ah----- C:\sqmnoopt16.sqm 2007-12-28 01:48 . 2007-12-28 01:48 232 --ah----- C:\sqmdata16.sqm 2007-12-26 04:55 . 2007-12-26 04:55 244 --ah----- C:\sqmnoopt15.sqm 2007-12-26 04:55 . 2007-12-26 04:55 232 --ah----- C:\sqmdata15.sqm 2007-12-25 22:48 . 2007-12-25 22:48 244 --ah----- C:\sqmnoopt14.sqm 2007-12-25 22:48 . 2007-12-25 22:48 232 --ah----- C:\sqmdata14.sqm 2007-12-25 22:47 . 2007-12-25 22:47 244 --ah----- C:\sqmnoopt13.sqm 2007-12-25 22:47 . 2007-12-25 22:47 232 --ah----- C:\sqmdata13.sqm 2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\Stéphanie\Application Data\Yahoo! 2007-12-22 18:40 . 2007-12-23 09:26 d-------- C:\Program Files\MalwareBurn 7.3 2007-12-20 18:55 . 2007-12-20 18:55 d-------- C:\Documents and Settings\Papa\Application Data\Yahoo! 2007-12-20 18:55 . 2007-12-20 18:55 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-20 18:50 . 2007-12-20 18:50 d-------- C:\Program Files\Yahoo! 2007-12-20 03:30 . 2007-12-20 03:30 244 --ah----- C:\sqmnoopt12.sqm 2007-12-20 03:30 . 2007-12-20 03:30 232 --ah----- C:\sqmdata12.sqm 2007-12-19 21:32 . 2007-12-19 22:44 d-------- C:\Documents and Settings\Céline\Shared 2007-12-19 21:32 . 2007-12-19 22:44 d-------- C:\Documents and Settings\Céline\Shared 2007-12-19 21:32 . 2007-12-19 22:44 d-------- C:\Documents and Settings\Céline\Incomplete 2007-12-19 21:32 . 2007-12-19 22:44 d-------- C:\Documents and Settings\Céline\Incomplete 2007-12-19 21:32 . 2007-12-19 21:40 d-------- C:\Documents and Settings\Céline\Application Data\LimeWire 2007-12-19 21:16 . 2007-12-19 21:16 d-------- C:\Documents and Settings\Céline\Application Data\Apple Computer 2007-12-19 16:27 . 2007-12-20 00:28 d-------- C:\Documents and Settings\Céline\Contacts 2007-12-19 16:27 . 2007-12-20 00:28 d-------- C:\Documents and Settings\Céline\Contacts 2007-12-19 14:15 . 2007-12-19 14:15 244 --ah----- C:\sqmnoopt11.sqm 2007-12-19 14:15 . 2007-12-19 14:15 232 --ah----- C:\sqmdata11.sqm 2007-12-12 22:50 . 2007-12-12 22:50 244 --ah----- C:\sqmnoopt10.sqm 2007-12-12 22:50 . 2007-12-12 22:50 232 --ah----- C:\sqmdata10.sqm 2007-12-10 19:54 . 2007-12-10 19:54 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-10 19:50 . 2007-12-13 22:11 d-------- C:\Program Files\GameSpy Arcade 2007-12-10 19:40 . 2007-12-10 19:40 d-------- C:\Program Files\Sierra 2007-12-10 01:40 . 2007-12-10 01:40 244 --ah----- C:\sqmnoopt09.sqm 2007-12-10 01:40 . 2007-12-10 01:40 232 --ah----- C:\sqmdata09.sqm 2007-12-04 00:13 . 2007-12-04 00:13 40,144,654 --a------ C:\iTunes7.4.2.dmg . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 15:55 814,368 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-03 15:55 53,804,832 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-03 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-03 12:12 79,124 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-03 12:12 721,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-02 17:25 --------- d-----w C:\Documents and Settings\Papa\Application Data\LimeWire 2007-12-30 20:29 --------- d-----w C:\Program Files\eMule 2007-12-23 08:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-20 18:45 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-12-14 10:17 --------- d-----w C:\Program Files\Google 2007-12-12 21:41 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-12-10 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 22:51 --------- d-----w C:\Documents and Settings\Papa\Application Data\Canon 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-24 14:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-24 14:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-24 14:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-23 23:28 --------- d-----w C:\Documents and Settings\Papa\Application Data\dvdcss 2007-11-22 22:48 22,328 ----a-w C:\Documents and Settings\Papa\Application Data\PnkBstrK.sys 2007-11-22 22:38 --------- d-----w C:\Program Files\Activision 2007-11-20 21:38 --------- d-----w C:\Documents and Settings\Papa\Application Data\Skype 2007-11-20 19:24 --------- d-----w C:\Documents and Settings\Stéphanie\Application Data\vlc 2007-11-20 18:59 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-11-20 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-20 15:08 --------- d-----w C:\Program Files\Skype 2007-11-20 15:08 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-11-20 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-11-19 22:49 --------- d-----w C:\Documents and Settings\Papa\Application Data\AdobeUM 2007-11-16 22:15 --------- d-----w C:\Program Files\Gpotato.eu 2007-11-14 16:21 17,837,056 ----a-w C:\Program Files\VeohSetup-3.7.0.1020.exe 2007-11-14 16:21 --------- d-----w C:\Program Files\Veoh Networks 2007-11-14 14:27 --------- d-----w C:\Program Files\Java 2007-11-14 14:08 --------- d-----w C:\Documents and Settings\Papa\Application Data\Participatory Culture Foundation 2007-11-14 14:04 --------- d-----w C:\Program Files\Participatory Culture Foundation 2007-11-14 11:40 --------- d-----w C:\Documents and Settings\Admin\Application Data\Ahead 2007-11-13 21:07 --------- d-----w C:\Program Files\Fichiers communs\LightScribe 2007-11-13 21:07 --------- d-----w C:\Documents and Settings\Papa\Application Data\Ahead 2007-11-10 22:14 --------- d-----w C:\Program Files\iTunes 2007-11-10 22:14 --------- d-----w C:\Program Files\iPod 2007-11-10 22:13 --------- d-----w C:\Program Files\QuickTime 2007-11-10 22:06 --------- d-----w C:\Documents and Settings\Papa\Application Data\Apple Computer 2007-11-10 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-10 22:05 --------- d-----w C:\Program Files\Fichiers communs\Apple 2007-11-10 22:05 --------- d-----w C:\Program Files\Apple Software Update 2007-11-10 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-11-10 22:04 51,422,520 ----a-w C:\Program Files\iTunes743Setup.exe 2007-11-10 22:01 --------- d-----w C:\Program Files\LimeWire 2007-11-10 21:58 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-11-09 00:16 --------- d-----w C:\Documents and Settings\Papa\Application Data\Microsoft Web Folders 2007-11-07 17:45 --------- d-----w C:\Program Files\AIDA32 - Enterprise System Information 2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys 2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys 2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 21:09 15360] "LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120] "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28 790528] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42 585728] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 05:26 7700480] "nwiz"="nwiz.exe" [2007-04-19 05:26 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 05:26 86016] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112] "Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672] "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 00:00 28672] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 02:48 275800] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-06 00:38 707360] "shicoxp"="C:\WINDOWS\shicoxp.exe" [2004-04-15 14:45 45056] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:09 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "LSD_III"="C:\WINDOWS\LSD\end.cmd" [2007-08-07 14:46 2336] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 20:52 44544] "nltide_3"="advpack.dll" [2006-10-27 01:44 123904 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-11-08 15:23] R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-11-20 19:59] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 23:13] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad79e67-82ee-11dc-a38b-0050bf7bf120}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-10 22:05:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-10 22:05:38 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job" - C:\Program Files\Microsoft LifeCam\LifeExp.exe "2007-11-10 22:05:38 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job" - C:\WINDOWS\vVX3000.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 16:55:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&3?????\??? ??? ???\???\???????????E?9~u?9~\???\???????P?_??????C@?\???\??????s????\??????s\????&3?A??s?&3??C@?x???`|?w\?????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-03 16:56:31 ComboFix-quarantined-files.txt 2008-01-03 15:56:28