amellifica
-
Compteur de contenus
11 -
Inscription
-
Dernière visite
amellifica's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
CA Y EST !!!! voilà le fameux rapport , je ne sais pas pourquoi je ne l'avais pas avant !! DiagHelp version v1.1.2 - http://www.malekal.com excute le 21/08/2007 à 16:29:06,84 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\CO_Mon.sys -->13/08/2007 19:43:47 C:\WINDOWS\System32/drivers\sp_rsdrv2.sys -->12/08/2007 18:17:10 C:\WINDOWS\System32/drivers\aswmon.sys -->28/07/2007 00:02:49 C:\WINDOWS\System32/drivers\aswmon2.sys -->28/07/2007 00:02:34 C:\WINDOWS\System32/drivers\aswRdr.sys -->28/07/2007 00:00:39 C:\WINDOWS\System32/drivers\aswTdi.sys -->27/07/2007 23:59:57 C:\WINDOWS\System32/drivers\aavmker4.sys -->27/07/2007 23:58:36 C:\WINDOWS\System32\CONFIG.NT -->21/08/2007 13:53:07 C:\WINDOWS\System32\Uninstall.ico -->16/08/2007 14:52:25 C:\WINDOWS\System32\pavas.ico -->16/08/2007 14:52:25 C:\WINDOWS\System32\Help.ico -->16/08/2007 14:52:25 C:\WINDOWS\System32\118290.54 -->12/08/2007 11:26:55 C:\WINDOWS\System32\iklog.log -->11/08/2007 20:36:12 C:\WINDOWS\System32\wpa.dbl -->09/08/2007 14:03:08 C:\WINDOWS\System32\FNTCACHE.DAT -->05/08/2007 17:35:16 C:\WINDOWS\System32\asfiles.txt -->30/07/2007 17:33:40 C:\WINDOWS\System32\aswBoot.exe -->28/07/2007 00:07:21 C:\WINDOWS\System32\AvastSS.scr -->27/07/2007 23:57:49 C:\WINDOWS\System32\swreg.exe -->22/07/2007 18:39:27 C:\WINDOWS\System32\libeay32.dll -->19/04/2007 18:13:54 C:\WINDOWS\System32\ssleay32.dll -->19/04/2007 18:10:51 C:\WINDOWS\System32\PerfStringBackup.INI -->25/03/2007 14:15:32 C:\WINDOWS\System32\perfh00C.dat -->25/03/2007 14:15:32 C:\WINDOWS\System32\perfh009.dat -->25/03/2007 14:15:32 C:\WINDOWS\System32\perfc00C.dat -->25/03/2007 14:15:32 C:\WINDOWS\System32\perfc009.dat -->25/03/2007 14:15:32 C:\WINDOWS\System32\µ -->21/03/2007 17:00:37 C:\WINDOWS\System32\Puw -->20/03/2007 15:48:44 C:\WINDOWS\System32\lvcoinst.log -->11/03/2007 14:42:25 C:\WINDOWS\System32\dýã -->11/03/2007 14:19:20 C:\WINDOWS\System32\services.exe -->11/03/2007 12:48:58 C:\WINDOWS\System32\swxcacls.exe -->01/12/2006 05:20:32 C:\WINDOWS.log -->21/08/2007 13:56:03 C:\WINDOWS\WindowsUpdate.log -->21/08/2007 13:54:40 C:\WINDOWS\wiadebug.log -->21/08/2007 13:54:39 C:\WINDOWS\wiaservc.log -->21/08/2007 13:54:35 C:\WINDOWS\bootstat.dat -->21/08/2007 13:54:14 C:\WINDOWS\SchedLgU.Txt -->21/08/2007 13:53:21 C:\WINDOWS\MEMORY.DMP -->21/08/2007 13:48:45 C:\WINDOWS\ntbtlog.txt -->20/08/2007 18:05:19 C:\WINDOWS\setupapi.log -->20/08/2007 16:09:49 C:\WINDOWS\win.ini -->19/08/2007 19:50:20 C:\WINDOWS\System.ini -->19/08/2007 19:50:20 C:\WINDOWS\pavsig.txt -->16/08/2007 14:52:31 C:\WINDOWS\setupact.log -->15/08/2007 15:49:33 C:\WINDOWS\setuperr.log -->15/08/2007 14:48:46 C:\WINDOWS\F-Bagle.log -->15/08/2007 14:26:21 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\WINDOWS\system 23/12/1997 03:23 4 672 wowpost.exe 1 fichier(s) 4 672 octets 0 Rép(s) 18 567 458 816 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\WINDOWS\system32 28/08/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 18 567 458 816 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\WINDOWS\Downloaded Program Files 19/08/2007 22:11 <REP> . 19/08/2007 22:11 <REP> .. 17/05/2006 14:32 231 072 avsniff.dll 17/05/2006 14:32 198 304 avsniffdlgs.dll 17/05/2006 14:26 537 704 AXXPEE.dll 01/08/2007 01:00 2 504 catalog.dat 11/08/2007 11:49 <REP> CONFLICT.1 30/11/2003 12:42 65 desktop.ini 01/08/2007 01:00 6 899 ecbootil.vxd 17/05/2006 14:26 42 112 ecmldr32.dll 01/08/2007 01:00 284 016 ecmsvr32.dll 15/06/2006 18:33 1 132 192 EPUWALcontrol.dll 23/03/2007 12:17 1 292 erma.inf 16/05/2007 08:22 399 gp.inf 20/01/2000 16:25 1 162 Microsoft XML Parser for Java.osd 17/05/2006 14:28 6 850 navapi.vxd 17/05/2006 14:28 201 896 navapi32.dll 01/08/2007 01:00 124 272 naveng32.dll 01/08/2007 01:00 914 800 navex32a.dll 12/08/2007 11:20 0 ppv5exc.dat 31/05/2002 10:20 117 328 PURfr-fr.dll 15/10/2004 08:59 110 592 PURfr-xx.dll 06/12/2003 17:31 9 140 950 QuickTimeInstallCache.qdat 17/05/2006 14:32 161 480 rufsi.dll 01/08/2007 01:00 97 744 scrauth.dat 01/08/2007 01:00 11 875 symaveng.cat 01/08/2007 01:00 1 061 symaveng.inf 01/08/2007 01:00 386 767 tcdefs.dat 01/08/2007 01:00 1 700 146 tcscan7.dat 01/08/2007 01:00 370 320 tcscan8.dat 01/08/2007 01:00 884 294 tcscan9.dat 01/08/2007 01:00 453 tinf.dat 01/08/2007 01:00 148 tinfidx.dat 01/08/2007 01:00 1 957 tinfl.dat 01/08/2007 01:00 67 182 tscan1.dat 01/08/2007 01:00 3 199 tscan1hd.dat 01/08/2007 01:00 4 778 v.grd 01/08/2007 01:00 2 267 v.sig 01/08/2007 01:00 106 244 virscan.inf 01/08/2007 01:00 991 889 virscan1.dat 01/08/2007 01:00 570 702 virscan2.dat 01/08/2007 01:00 149 960 virscan3.dat 01/08/2007 01:00 320 253 virscan4.dat 01/08/2007 01:00 4 270 841 virscan5.dat 01/08/2007 01:00 391 451 virscan6.dat 01/08/2007 01:00 11 214 578 virscan7.dat 01/08/2007 01:00 1 784 807 virscan8.dat 01/08/2007 01:00 4 800 955 virscan9.dat 01/08/2007 01:00 32 virscant.dat 10/08/2007 14:32 2 072 vscanmsx.dat 02/11/2005 19:01 1 777 xscan.inf 02/11/2005 19:07 435 712 xscan53.ocx 01/08/2007 01:00 224 zdone.dat 50 fichier(s) 41 789 577 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 11/08/2007 11:49 <REP> . 11/08/2007 11:49 <REP> .. 02/11/2005 18:07 435 712 xscan53.ocx 1 fichier(s) 435 712 octets Total des fichiers listés : 51 fichier(s) 42 225 289 octets 5 Rép(s) 18 567 454 720 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-21 16:29:15 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 484 - csrss.exe 512 - winlogon.exe 556 - services.exe 568 - lsass.exe 752 - svchost.exe 804 - svchost.exe 1060 - svchost.exe 1072 - ashWebSv.exe 1216 - explorer.exe 1260 - ashServ.exe 1380 - ashMaiSv.exe 1388 - SpywareTerminat 1404 - ashDisp.exe 1412 - ctfmon.exe 1768 - sp_rsser.exe 2112 - cmd.exe Total number of processes = 17 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D4000 - \WINDOWS\system32\LOGOOS.EXE 806C4000 - \WINDOWS\system32\hal.dll F899F000 - \WINDOWS\system32\KDCOM.DLL F88AF000 - \WINDOWS\system32\BOOTVID.dll F845E000 - imagesrv.sys F8432000 - ACPI.sys F89A1000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F849F000 - pci.sys F84AF000 - isapnp.sys F84BF000 - ohci1394.sys F84CF000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F8A67000 - pciide.sys F871F000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F84DF000 - MountMgr.sys F8413000 - ftdisk.sys F89A3000 - dmload.sys F83EF000 - dmio.sys F8727000 - PartMgr.sys F84EF000 - VolSnap.sys F83D9000 - atapi.sys F83C5000 - nvatabus.sys F89A5000 - imagedrv.sys F83AE000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F84FF000 - disk.sys F850F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F839D000 - sr.sys F872F000 - PxHelp20.sys F8389000 - KSecDD.sys F82FF000 - Ntfs.sys F82D6000 - NDIS.sys F8737000 - sonypvl3.sys F873F000 - nv_agp.sys F82BC000 - Mup.sys F859F000 - \SystemRoot\System32\DRIVERS\amdk7.sys F8209000 - \SystemRoot\System32\DRIVERS\usbohci.sys F7289000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F883F000 - \SystemRoot\System32\DRIVERS\usbehci.sys F7272000 - \SystemRoot\System32\DRIVERS\NVENET.sys F85AF000 - \SystemRoot\system32\drivers\nvax.sys F85BF000 - \SystemRoot\System32\DRIVERS\imapi.sys F8205000 - \SystemRoot\System32\Drivers\cdrbsdrv.SYS F8201000 - \SystemRoot\system32\drivers\pfc.sys F85CF000 - \SystemRoot\System32\DRIVERS\cdrom.sys F85DF000 - \SystemRoot\System32\DRIVERS\redbook.sys F7252000 - \SystemRoot\System32\DRIVERS\ks.sys F8847000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F70CB000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys F70B9000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F884F000 - \SystemRoot\System32\DRIVERS\fdc.sys F85EF000 - \SystemRoot\System32\DRIVERS\serial.sys F81F9000 - \SystemRoot\System32\DRIVERS\serenum.sys F70A6000 - \SystemRoot\System32\DRIVERS\parport.sys F77A7000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7797000 - \SystemRoot\System32\DRIVERS\L8042pr2.Sys F7787000 - \SystemRoot\System32\DRIVERS\LMouFlt2.Sys F8857000 - \SystemRoot\System32\DRIVERS\mouclass.sys F81F5000 - \SystemRoot\System32\DRIVERS\itchfltr.sys F885F000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F8B2D000 - \SystemRoot\System32\DRIVERS\audstub.sys F7777000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F79FA000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F7090000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F7767000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F7757000 - \SystemRoot\System32\DRIVERS\raspptp.sys F79F6000 - \SystemRoot\System32\DRIVERS\TDI.SYS F8867000 - \SystemRoot\System32\DRIVERS\ptilink.sys F886F000 - \SystemRoot\System32\DRIVERS\raspti.sys F7063000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F7747000 - \SystemRoot\System32\DRIVERS\termdd.sys F8B33000 - \SystemRoot\System32\DRIVERS\swenum.sys F72CB000 - \SystemRoot\System32\Drivers\NDProxy.SYS F72BB000 - \SystemRoot\System32\DRIVERS\usbhub.sys F89E7000 - \SystemRoot\System32\DRIVERS\USBD.SYS F111A000 - \SystemRoot\system32\drivers\nvapu.sys F10F9000 - \SystemRoot\system32\drivers\portcls.sys F23BE000 - \SystemRoot\system32\drivers\drmk.sys F100E000 - \SystemRoot\system32\drivers\nvmcp.sys F0FFD000 - \SystemRoot\system32\drivers\nvarm.sys F8787000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F23AE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8AE4000 - \SystemRoot\System32\Drivers\Null.SYS F23AC000 - \SystemRoot\System32\Drivers\Beep.SYS F8797000 - \SystemRoot\System32\drivers\vga.sys F23AA000 - \SystemRoot\System32\Drivers\mnmdd.SYS F23A8000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F879F000 - \SystemRoot\System32\Drivers\Msfs.SYS F87A7000 - \SystemRoot\System32\Drivers\Npfs.SYS EC94D000 - \SystemRoot\System32\Drivers\sonypvf3.SYS EC8E5000 - \SystemRoot\System32\Drivers\sonypvt3.SYS F5FBC000 - \SystemRoot\System32\DRIVERS\rasacd.sys F5434000 - \SystemRoot\System32\DRIVERS\ipsec.sys F5424000 - \SystemRoot\System32\DRIVERS\msgpc.sys EC893000 - \SystemRoot\System32\DRIVERS\tcpip.sys F3C41000 - \SystemRoot\System32\Drivers\aswTdi.SYS F3C31000 - \SystemRoot\System32\DRIVERS\wanarp.sys EC86E000 - \SystemRoot\System32\DRIVERS\netbt.sys F3C21000 - \SystemRoot\System32\DRIVERS\netbios.sys EC84C000 - \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys EC824000 - \SystemRoot\System32\DRIVERS\rdbss.sys EC7C4000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F3C01000 - \SystemRoot\System32\Drivers\Fips.SYS F87BF000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F3BF1000 - \SystemRoot\System32\Drivers\Cdfs.SYS F87C7000 - \SystemRoot\System32\DRIVERS\usbccgp.sys EC750000 - \SystemRoot\System32\DRIVERS\LVCM.sys F3BE1000 - \SystemRoot\System32\DRIVERS\STREAM.SYS F3BD1000 - \SystemRoot\system32\drivers\usbaudio.sys F87CF000 - \SystemRoot\System32\DRIVERS\usbprint.sys EC73C000 - \SystemRoot\System32\Drivers\dump_nvatabus.sys F23A4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys EEC41000 - \SystemRoot\System32\watchdog.sys EEC3D000 - \SystemRoot\System32\drivers\Dxapi.sys BFF80000 - \SystemRoot\System32\drivers\dxg.sys EF1B2000 - \SystemRoot\System32\drivers\dxgthk.sys BF9B7000 - \SystemRoot\System32\ati2dvag.dll BF9FA000 - \SystemRoot\System32\ati2cqag.dll BFA3F000 - \SystemRoot\System32\atikvmag.dll BFA75000 - \SystemRoot\System32\ati3duag.dll BFD07000 - \SystemRoot\System32\ativvaxx.dll EC71B000 - \SystemRoot\System32\drivers\afd.sys EC706000 - \SystemRoot\System32\DRIVERS\nwlnkipx.sys F865F000 - \SystemRoot\System32\DRIVERS\nwlnknb.sys EC678000 - \SystemRoot\System32\Drivers\aswMon2.SYS F854F000 - \SystemRoot\System32\DRIVERS\nwlnkspx.sys F89CF000 - \SystemRoot\System32\Drivers\ParVdm.SYS EC5A8000 - \SystemRoot\System32\drivers\aspi32.sys EC578000 - \SystemRoot\System32\DRIVERS\secdrv.sys EC4FD000 - \SystemRoot\system32\drivers\wdmaud.sys F5494000 - \SystemRoot\system32\drivers\sysaudio.sys EC464000 - \SystemRoot\System32\DRIVERS\srv.sys EC298000 - \SystemRoot\System32\Drivers\aswRdr.SYS BFFA0000 - \SystemRoot\System32\ATMFD.DLL F8BE3000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 134 Liste des programmes installes a-squared HiJackFree 3.0 Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 1.0 Adobe Photoshop 7.0 Adobe Photoshop CS2 Adobe Photoshop CS2 Adobe Reader 8.1.0 - Français Adobe Stock Photos 1.0 Adobe® Photoshop® Album Edition Découverte 3.2 Adobe® Photoshop® Album Edition Découverte 3.2 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AusLogics Disk Defrag avast! Antivirus Canon S200 CCleaner (remove only) CopyRightLeft 0.4 Beta Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] Correctif Windows XP (SP2) Q322011 Correctif Windows XP (SP2) Q327979 Correctif Windows XP (SP2) q329623 Correctif Windows XP (SP2) Q810032 Correctif Windows XP (SP2) Q814995 DVD Decoder Pak for Windows XP EasyCleaner FlashFXP FLV Player 1.3.3 Google Earth Google Toolbar for Internet Explorer HD Tune 2.10 HijackThis 2.0.0 ImageMixer VCD/DVD2 for OLYMPUS iPod for Windows 2005-03-23 iPod for Windows 2005-03-23 iPod for Windows 2006-03-23 iPod for Windows 2006-03-23 IsoBuster 1.9 iTunes J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment Standard Edition v1.3.1_01 Java 2 Runtime Environment, SE v1.4.2_05 K-Lite Codec Pack 2.27 Full Language pack for Ad-Aware SE Lecteur Windows Media 10 livebox Livre Album Fuji Photo Logiciel iTouch de Logitech Logitech Desktop Messenger Logitech IM Video Companion Logitech ImageStudio Logitech MouseWare 9.79.1 Logitech Print Service Macromedia Flash Player Macromedia Shockwave Player Messenger Plus! 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Data Access Components KB870669 Microsoft Office 2000 CD-ROM 2 Microsoft Office 2000 Premium Microsoft XML Parser Mozilla Firefox (2.0.0.1) MSN Messenger 7.5 Musetools NT Nero 6 Ultra Edition NvMixer OLYMPUS Master OLYMPUS Master Outlook Express Q823353 Package du correctif Windows XP [voir Q327696 pour plus de détails] Package du correctif Windows XP [voir q329256 pour plus de détails] Package du correctif Windows XP [voir Q329604 pour plus de détails] Package du correctif Windows XP [voir Q329692 pour plus de détails] Package du correctif Windows XP [voir Q331958 pour plus de détails] Panda ActiveScan Pdf995 PHOTOfunSTUDIO -viewer- PowerDVD QuickTime RealPlayer RSS Xpress 2.6.186 Samsung PC Studio 2.1 Samsung PC Studio 2.1 Shockwave SILKYPIX Developer Studio 2.0 SE SILKYPIX Developer Studio 2.0 SE Sony DVD Handycam USB Driver 2 Spybot - Search & Destroy 1.4 Spyware Terminator WebFldrs XP Winamp (remove only) Windows Live OneCare safety scanner Windows Media Format Runtime WinRAR archiver WinZip Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\Program Files 21/08/2007 13:48 <REP> . 21/08/2007 13:48 <REP> .. 02/10/1998 20:15 297 989 _INST32I.EX_ 30/08/2000 18:15 27 648 _ISDel.exe 02/10/1998 20:06 27 648 _ISDel_old.exe 29/09/1998 18:34 34 816 _Setup.dll 29/09/2000 11:00 181 565 _sys1.cab 29/09/2000 11:00 6 492 _sys1.hdr 29/09/2000 11:00 2 389 166 _user1.cab 29/09/2000 11:00 8 812 _user1.hdr 09/05/2004 14:45 4 632 0x0409.ini 02/12/2000 21:38 2 857 Abcpy.ini 30/11/2003 13:05 <REP> AD-AWARE 05/08/2007 16:59 <REP> Adobe 01/10/2004 16:49 <REP> Ahead 21/08/2007 13:52 <REP> Alwil Software 30/11/2003 12:43 <REP> Aspi 17/08/2007 18:15 <REP> a-squared Free 11/08/2007 17:58 <REP> a-squared HiJackFree 29/12/2006 19:41 <REP> ATI Technologies 26/04/2007 16:05 <REP> AusLogics Disk Defrag 11/03/2007 16:55 <REP> CCleaner 06/01/2004 23:05 <REP> Common Files 14/05/2007 11:33 <REP> CopyRightLeft 11/12/2003 23:57 <REP> Creative 29/06/2004 22:48 <REP> CyberLink 29/09/2000 11:00 101 DATA.TAG 29/09/2000 11:01 107 119 545 data1.cab 29/09/2000 11:01 204 890 data1.hdr 30/11/2003 15:54 <REP> directx 03/06/2004 12:23 <REP> DivX 12/04/2006 19:54 <REP> DrWeb 03/01/2007 17:40 <REP> eoRezo 30/06/2004 13:04 <REP> Epson 21/11/2006 18:59 <REP> Executive Software 18/03/2004 23:12 <REP> EZFace 01/06/2006 17:25 <REP> Fichiers communs 07/10/2004 20:36 <REP> FlashFXP 07/03/2007 16:35 <REP> FLV Player 07/03/2007 16:39 <REP> FLVPlayer 16/08/2007 15:09 <REP> Google 06/12/2004 16:04 <REP> HD Tune 30/06/2004 13:05 <REP> InterActual 16/08/2007 15:10 <REP> Internet Explorer 01/12/2006 17:10 <REP> iPod 02/05/2007 16:46 <REP> ISL 01/12/2006 17:10 <REP> iTunes 17/08/2007 18:06 <REP> JAP 17/04/2006 14:38 <REP> Java 06/01/2004 23:06 <REP> JavaSoft 14/07/2004 00:43 <REP> K-Lite Codec Pack 04/11/2005 21:07 <REP> LameFE 18/09/1998 16:12 4 679 lang.dat 20/11/2005 11:39 <REP> Lavasoft 29/09/2000 11:01 652 layout.bin 19/03/2007 21:33 <REP> Livre Album Fuji Photo 27/11/2004 16:19 <REP> Logitech 02/05/2007 18:42 <REP> Macromedia 01/08/2007 19:48 <REP> Messenger Plus! 3 30/11/2003 16:13 <REP> microsoft frontpage 13/09/2004 15:15 <REP> Microsoft Office 30/11/2003 16:11 <REP> Microsoft Visual Studio 30/11/2003 12:42 <REP> Movie Maker 19/08/2007 20:49 <REP> Mozilla Firefox 30/11/2003 13:10 <REP> msn gaming zone 20/06/2006 18:10 <REP> MSN Messenger 12/11/2004 19:14 <REP> Musetools 23/07/2004 13:27 <REP> NetMeeting 21/09/2004 12:32 <REP> Nival Interactive 16/09/2005 14:11 <REP> NVIDIA Corporation 28/12/2005 18:31 <REP> OLYMPUS 27/07/1998 19:41 450 os.dat 17/09/2004 10:00 <REP> Outlook Express 02/05/2007 16:35 <REP> Panasonic 14/09/2000 09:22 27 551 Photoshop 6.0 Readme.wri 05/06/2006 19:00 <REP> Pinnacle 05/06/2006 19:54 <REP> PIXELA 18/04/2001 06:01 6 758 912 ps601up.exe 31/12/2006 13:50 <REP> QuickTime 11/07/2004 20:59 <REP> QuinqSoft 30/11/2003 15:52 <REP> Real 15/08/2007 16:04 <REP> RegCleaner 24/02/2007 12:42 <REP> RSS Xpress 29/11/2006 17:24 <REP> SAGEM 15/10/2006 16:57 <REP> Samsung 07/11/2006 12:17 <REP> Securitoo 23/10/2000 03:26 42 serial.txt 30/11/2003 12:42 <REP> Services en ligne 16/06/2000 18:21 415 574 Setup.bmp 04/01/2000 19:34 250 SETUP.INI 29/09/2000 11:00 198 033 setup.ins 29/09/2000 11:00 49 setup.lid 25/06/2006 11:36 <REP> Smart Projects 30/11/2003 16:13 <REP> Snapshot Viewer 24/05/2006 18:26 <REP> Sony Corporation 16/08/2007 15:15 <REP> Spybot - Search & Destroy 20/08/2007 14:57 <REP> Spyware Terminator 14/08/2007 00:08 <REP> SpywareGuard 20/11/2006 16:28 <REP> TextoWeb_F6 20/04/2004 20:49 <REP> The All-Seeing Eye 12/10/2004 11:21 <REP> ToniArts 15/08/2004 23:28 <REP> Video Manager 26/07/2007 16:50 <REP> VideoLAN 29/11/2006 17:27 <REP> Wanadoo 27/08/2004 07:57 <REP> Winamp 12/08/2007 15:30 <REP> WinClamAVShield 15/08/2007 14:48 <REP> Windows Live Safety Center 30/11/2003 15:51 <REP> Windows Media Components 05/06/2006 20:42 <REP> Windows Media Player 30/11/2003 12:40 <REP> Windows NT 07/10/2004 20:36 <REP> WinRAR 30/11/2003 13:03 <REP> WinZip 20/03/2007 00:16 <REP> WistitiSoft 30/11/2003 12:44 <REP> xerox 24/11/2006 17:51 <REP> Yahoo! 23 fichier(s) 117 712 353 octets 92 Rép(s) 18 567 741 440 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\Program Files\fichiers communs 01/06/2006 17:25 <REP> . 01/06/2006 17:25 <REP> .. 11/12/2006 17:58 <REP> Adobe 28/02/2006 19:19 <REP> Adobe Systems Shared 30/11/2003 13:05 <REP> Ahead 30/11/2003 16:11 <REP> Designer 27/03/2004 22:11 <REP> FotoWire 18/09/2004 13:37 <REP> InstallShield 11/12/2003 23:57 <REP> InterVideo 29/09/2004 14:19 <REP> Java 27/11/2004 16:19 <REP> Logitech 02/05/2007 18:41 <REP> Macromedia 01/12/2003 18:07 <REP> Macromedia Shared 01/06/2006 17:25 <REP> MAGIX Shared 06/12/2004 13:07 <REP> Microsoft Shared 30/11/2003 12:41 <REP> MSSoap 11/07/2004 14:33 <REP> NSV 18/09/2004 13:39 <REP> NVIDIA Shared 30/11/2003 12:36 <REP> ODBC 24/04/2006 16:49 <REP> Real 30/11/2003 12:41 <REP> Services 30/11/2003 12:36 <REP> SpeechEngines 22/11/2004 21:36 <REP> Symantec Shared 17/09/2004 10:00 <REP> System 12/11/2004 19:12 <REP> Wise Installation Wizard 24/04/2006 16:49 <REP> xing shared 0 fichier(s) 0 octets 26 Rép(s) 18 567 741 440 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 20/11/2006 16:08 <REP> . 20/11/2006 16:08 <REP> .. 18/05/2001 18:57 561 209 MSONSEXT.DLL 03/06/1999 15:09 122 937 MSOWS409.DLL 07/03/2001 10:00 127 033 MSOWS40c.DLL 05/01/2001 08:48 8 014 PUBPLACE.HTT 18/03/1999 14:37 593 977 RAGENT.DLL 5 fichier(s) 1 413 170 octets 2 Rép(s) 18 567 737 344 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\Program Files\common files 06/01/2004 23:05 <REP> . 06/01/2004 23:05 <REP> .. 30/06/2004 13:07 <REP> Click2learn 17/09/2004 09:59 <REP> System 0 fichier(s) 0 octets 4 Rép(s) 18 567 737 344 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7421-8C12 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 30/10/2005 16:15 1 310 070 LameFE_2.2.3.exe 3 fichier(s) 1 481 590 octets 0 Rép(s) 18 567 737 344 octets libres c:\Documents and Settings\Administrateur\.housecall\getMac.exe c:\Documents and Settings\Administrateur\.housecall\patch.exe c:\Documents and Settings\Administrateur\.housecall\tsc.exe c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe c:\Documents and Settings\Administrateur\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\#SharedObjects\ZN8LSZXM\localhost\Program Files\FLVPlayer\flvplayer.exe c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_DESKTOP\gdssetup.exe c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_TOOLBAR\googletoolbarinstaller.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\diag help new\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Mes documents\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Administrateur\Mes documents\Fixwareout.exe c:\Documents and Settings\Administrateur\Mes documents\FLVplayer_v0.0.5.exe c:\Documents and Settings\Administrateur\Mes documents\fsbl.exe c:\Documents and Settings\Administrateur\Mes documents\FxDumaru.exe c:\Documents and Settings\Administrateur\Mes documents\HiJackThis_v2.exe c:\Documents and Settings\Administrateur\Mes documents\iPodSetup.exe c:\Documents and Settings\Administrateur\Mes documents\iTunesSetup.exe c:\Documents and Settings\Administrateur\Mes documents\Patch_Window_A_0_14.exe c:\Documents and Settings\Administrateur\Mes documents\pilote_ati_catalyst_6.5_avec_control_center_6.5_3220.exe c:\Documents and Settings\Administrateur\Mes documents\RSS Xpress setup.exe c:\Documents and Settings\Administrateur\Mes documents\setupfre.exe c:\Documents and Settings\Administrateur\Mes documents\TCPOptimizer.exe c:\Documents and Settings\Administrateur\Mes documents\Wistitisoft.exe c:\Documents and Settings\Administrateur\Mes documents\Fichiers Importants\DivX511.exe c:\Documents and Settings\Administrateur\Mes documents\Fichiers Importants\klcodec225f.exe c:\Documents and Settings\Administrateur\Mes documents\Fichiers Importants\klcodec227f.exe c:\Documents and Settings\Administrateur\Mes documents\hijack dez\HijackThis.exe c:\Documents and Settings\Administrateur\Mes documents\reparatio\DG834 Recovery Utility\RmDrv.exe c:\Documents and Settings\Administrateur\Mes documents\reparatio\DG834 Recovery Utility\UpgradeWizard.exe c:\Documents and Settings\Administrateur\Mes documents\tcpview\tcpvcon.exe c:\Documents and Settings\Administrateur\Mes documents\tcpview\Tcpview.exe c:\Documents and Settings\Administrateur\Mes documents\video essai\WINXP\DMCPL.EXE c:\Documents and Settings\Administrateur\Mes documents\video essai\WINXP\NVSVC32.EXE c:\Documents and Settings\Administrateur\Mes documents\video essai\WINXP\NWIZ.EXE c:\Documents and Settings\Administrateur\Mes documents\video essai\WINXP\SETUP.EXE c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe c:\Documents and Settings\All Users\Documents\aawsepersonal-1.05.exe c:\Documents and Settings\All Users\Documents\EClea2_0.exe c:\Documents and Settings\All Users\Documents\eMule0.44b_Installer.exe c:\Documents and Settings\All Users\Documents\it222fra.exe c:\Documents and Settings\All Users\Documents\Musetools211.exe c:\Documents and Settings\All Users\Documents\mw9791fra.exe c:\Documents and Settings\All Users\Documents\mwav.exe c:\Documents and Settings\All Users\Documents\Patch_Window_A_0_14.exe c:\Documents and Settings\All Users\Documents\tarif_carbox_word.exe c:\Documents and Settings\All Users\Documents\TCPOptimizer.exe c:\Documents and Settings\All Users\Documents\VSH8026FR.exe c:\Documents and Settings\All Users\Documents\Fichiers Importants\DivX511.exe c:\Documents and Settings\All Users\Documents\Fichiers Importants\klcodec225f.exe c:\Documents and Settings\All Users\Documents\Fichiers Importants\klcodec227f.exe c:\Documents and Settings\All Users\Documents\MPC2wave\MPC2WAV.exe c:\Documents and Settings\All Users\Documents\MPC2wave\mppdec.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_DESKTOP\barcontrol.dll c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_DESKTOP\gdsapi.dll c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_DESKTOP\spcping.dll c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_TOOLBAR\barcontrol.dll c:\Documents and Settings\Administrateur\Application Data\Real\GOOGLE_TOOLBAR\spcping.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp
-
je viens de recommencer la procèdure , tout se passe normalement , je n'ai pas plus de rapport ... amellifica
-
le rapport est complet , je viens d'en relancer un c'est la même chose ! amellifica catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-21 12:41:12 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0
-
bonjour merci pour ton aide si précieuse AntiVir PersonalEdition Classic Report file date: lundi 20 août 2007 17:32 Scanning for 1029439 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: Administrateur Computer name: MARGOT Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 14:29:53 ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 17/08/2007 14:29:53 ANTIVIR3.VDF : 6.39.1.24 37376 Bytes 20/08/2007 14:29:53 AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 20/08/2007 14:29:53 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 20/08/2007 14:29:53 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi 20 août 2007 17:32 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 10 processes with 10 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '4' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UR19ITZI\fluxlc.orange[1] [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '473eb4e6.qua'! Begin scan in 'D:\' End of the scan: lundi 20 août 2007 18:03 Used time: 30:59 min The scan has been done completely. 7150 Scanning directories 212177 Files were scanned 1 viruses and/or unwanted programs were found 1 classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 212175 Files not concerned 1505 Archives were scanned 1 Warnings 0 Notes 0 Hidden objects were found atchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-20 15:45:11 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 c'est clean d'après toi ?
-
voilà x 07-08-14.4 - "Administrateur" 2007-08-19 22:15:02.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.231 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 ))))))))))))))))))))))))))))))) 2007-08-19 22:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 21:14 <REP> d-------- C:\WINDOWS\ERUNT 2007-08-19 19:52 9,552 --a------ C:\dnsbak.reg 2007-08-17 17:21 <REP> d-------- C:\Program Files\JAP 2007-08-17 14:32 <REP> d-------- C:\WINDOWS\system32\tenarchlib 2007-08-17 14:32 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Tenebril 2007-08-15 16:01 <REP> d-------- C:\Program Files\RegCleaner 2007-08-15 14:44 <REP> d-------- C:\Program Files\Windows Live Safety Center 2007-08-12 18:17 138,624 --------- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-08-12 15:29 <REP> d-------- C:\Program Files\WinClamAVShield 2007-08-12 13:19 <REP> d-------- C:\Program Files\Spyware Terminator 2007-08-12 13:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator 2007-08-12 13:19 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Spyware Terminator 2007-08-12 11:26 5,632 --------- C:\WINDOWS\system32\Machnm64.sys 2007-08-12 11:26 2,304 --------- C:\WINDOWS\system32\Machnm32.sys 2007-08-12 11:26 15,840 --------- C:\WINDOWS\system32\Machnm1.exe 2007-08-11 20:28 626,688 --------- C:\WINDOWS\system32\msvcr80.dll 2007-08-11 20:23 <REP> d-------- C:\WINDOWS\BDOSCAN8 2007-08-11 11:57 <REP> d-------- C:\WINDOWS\AU_Temp 2007-08-11 11:32 <REP> d-------- C:\Program Files\NoAdware5.0 2007-08-11 11:21 <REP> d-------- C:\Program Files\SPYWAREfighter 2007-08-11 10:03 <REP> d-------- C:\WINDOWS\AU_Temp(3) 2007-08-10 16:25 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-10 16:15 237,568 --------- C:\DOCUME~1\NETWOR~1\ntuser.dat 2007-08-10 16:15 237,568 --------- C:\DOCUME~1\LOCALS~1\ntuser.dat 2007-08-02 15:17 <REP> d-------- C:\Program Files\a-squared HiJackFree 2007-08-01 19:54 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue 2007-08-01 18:06 <REP> d-------- C:\Program Files\Agnitum 2007-07-30 17:34 8,576 --------- C:\WINDOWS\system32\drivers\weqtdmglmpvo.sys 2007-07-26 16:41 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc 2007-07-26 16:38 <REP> d-------- C:\Program Files\VideoLAN (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-19 20:49 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo 2007-08-17 18:15 --------- d-------- C:\Program Files\a-squared Free 2007-08-16 15:09 --------- d-------- C:\Program Files\Google 2007-08-14 00:10 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-14 00:08 --------- d-------- C:\Program Files\SpywareGuard 2007-08-13 19:43 28672 --------- C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-08-11 11:57 86094 --------- C:\WINDOWS\BPMNT.dll 2007-08-11 11:57 1163344 --------- C:\WINDOWS\vsapi32.dll 2007-08-11 11:50 71749 --------- C:\WINDOWS\HCExtOutput.dll 2007-08-11 11:50 267845 --------- C:\WINDOWS\tsc.exe 2007-08-11 11:49 69689 --------- C:\WINDOWS\UNZIP.DLL 2007-08-11 11:49 507904 --------- C:\WINDOWS\TMUPDATE.DLL 2007-08-11 11:49 286720 --------- C:\WINDOWS\PATCH.EXE 2007-08-01 19:48 --------- d-------- C:\Program Files\Messenger Plus! 3 2007-07-28 00:07 783224 --------- C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --------- C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --------- C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --------- C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --------- C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --------- C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --------- C:\WINDOWS\system32\AVASTSS.scr 2004-05-09 14:45 4632 --------- C:\Program Filesx0409.ini 2001-04-18 06:01 6758912 --------- C:\Program Files\ps601up.exe 2000-12-02 21:38 2857 --------- C:\Program Files\Abcpy.ini 2000-10-23 03:26 42 --------- C:\Program Files\serial.txt 2000-09-29 11:01 652 --------- C:\Program Files\layout.bin 2000-09-29 11:01 204890 --------- C:\Program Files\data1.hdr 2000-09-29 11:01 107119545 --------- C:\Program Files\data1.cab 2000-09-29 11:00 8812 --------- C:\Program Files\_user1.hdr 2000-09-29 11:00 6492 --------- C:\Program Files\_sys1.hdr 2000-09-29 11:00 49 --------- C:\Program Files\setup.lid 2000-09-29 11:00 2389166 --------- C:\Program Files\_user1.cab 2000-09-29 11:00 198033 --------- C:\Program Files\setup.ins 2000-09-29 11:00 181565 --------- C:\Program Files\_sys1.cab 2000-09-29 11:00 101 --------- C:\Program Files\DATA.TAG 2000-09-14 09:22 27551 --------- C:\Program Files\Photoshop 6.0 Readme.wri 2000-08-30 18:15 27648 --------- C:\Program Files\_ISDel.exe 2000-06-16 18:21 415574 --------- C:\Program Files\Setup.bmp 2000-01-04 19:34 250 --------- C:\Program Files\SETUP.INI 1998-10-02 20:15 297989 --------- C:\Program Files\_INST32I.EX_ 1998-10-02 20:06 27648 --------- C:\Program Files\_ISDel_old.exe 1998-09-29 18:34 34816 --------- C:\Program Files\_Setup.dll 1998-09-18 16:12 4679 --------- C:\Program Files\lang.dat 1998-07-27 19:41 450 --------- C:\Program Files\os.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-13 19:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 15:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=NVDESK32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^desktop.ini] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\desktop.ini backup=C:\WINDOWS\pss\desktop.iniStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^SpywareGuard.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop.ini] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini backup=C:\WINDOWS\pss\desktop.iniCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dflnl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverLoad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverLoad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yaemu.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "MsaSvc"=2 (0x2) "Macromedia Licensing Service"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "FirebirdServerMAGIXInstance"=3 (0x3) "dnlsvc"=2 (0x2) "IDriverT"=3 (0x3) "Adobe LM Service"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" R0 sonypvl3;sonypvl3;C:\WINDOWS\System32\drivers\sonypvl3.sys R1 sonypvf3;sonypvf3;C:\WINDOWS\System32\drivers\sonypvf3.sys R1 sonypvt3;sonypvt3;C:\WINDOWS\System32\drivers\sonypvt3.sys R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\System32\DRIVERS\sonypvd3.sys S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\System32\DRIVERS\sscdmdm.sys Contents of the 'Scheduled Tasks' folder 2004-11-22 19:30:24 C:\WINDOWS\Tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-19 22:16:18 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-19 22:16:59 C:\ComboFix-quarantined-files.txt ... 2007-08-19 22:16 --- E O F ---
-
voilà le nouveau rapport , ma live box , que je viens de rebrancher , ne clignote plus comme un sapin de noël et avast n'analyse plus de message sortants ... En tout cas , chapeau bas , merci beaucoup !! amellifica SDFix: Version 1.99 Run by Administrateur on 19/08/2007 at 21:15 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: dnlsvc MsaSvc msdirect ImagePath: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dnlsvc.exe" C:\WINDOWS\System32\msasvc.exe \??\C:\WINDOWS\system32\msdirect.sys dnlsvc - Deleted MsaSvc - Deleted msdirect - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Service pe386 - Deleted after Reboot Normal Mode: Checking Files: Trojan Files Found: C:\Program Files\Setup.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 :lzx32.sys 55004 Total size: 55004 bytes. system32: deleted 55004 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Registry Backups: - C:\SDFix\backups\backupreg.zip Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE Files with Hidden Attributes: Finished
-
et antivir , apparement c'est pas un virus ? AntiVir PersonalEdition Classic Report file date: dimanche 19 août 2007 18:43 Scanning for 1027995 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: Administrateur Computer name: MARGOT Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 16:11:09 ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 17/08/2007 16:11:09 ANTIVIR3.VDF : 6.39.1.18 16896 Bytes 19/08/2007 16:11:09 AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 19/08/2007 16:11:10 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 19/08/2007 16:11:10 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 19 août 2007 18:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 10 processes with 10 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '6' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was deleted! Begin scan in 'D:\' Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: dimanche 19 août 2007 19:38 Used time: 55:30 min The scan has been done completely. 7158 Scanning directories 219505 Files were scanned 1 viruses and/or unwanted programs were found 0 classified as suspicious: 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 219504 Files not concerned 1567 Archives were scanned 1 Warnings 0 Notes 0 Hidden objects were found
-
le voilà : Process]:0 TCP Margot:12080 localhost:1223 TIME_WAIT [system Process]:0 TCP Margot:12080 localhost:1348 TIME_WAIT [system Process]:0 TCP Margot:12080 localhost:1352 TIME_WAIT [system Process]:0 TCP Margot:12080 localhost:1357 TIME_WAIT [system Process]:0 TCP Margot:12080 localhost:1360 TIME_WAIT [system Process]:0 TCP Margot:12080 localhost:1362 TIME_WAIT [system Process]:0 TCP margot:1294 lm-in-f164.google.com:http TIME_WAIT [system Process]:0 TCP margot:1300 80.15.236.142:http TIME_WAIT [system Process]:0 TCP margot:1304 80.15.236.159:http TIME_WAIT ashMaiSv.exe:696 TCP Margot:12025 Margot:0 LISTENING ashMaiSv.exe:696 TCP Margot:12110 Margot:0 LISTENING ashMaiSv.exe:696 TCP Margot:12119 Margot:0 LISTENING ashMaiSv.exe:696 TCP Margot:12143 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1238 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1242 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1243 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1244 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1246 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1258 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1270 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1272 Margot:0 LISTENING ashWebSv.exe:484 TCP Margot:1358 Margot:0 LISTENING ashWebSv.exe:484 TCP margot:1238 vip9-junon-vlan32.x-echo.com:http LAST_ACK ashWebSv.exe:484 TCP margot:1242 vip9-junon-vlan32.x-echo.com:http LAST_ACK ashWebSv.exe:484 TCP margot:1243 vip9-junon-vlan32.x-echo.com:http LAST_ACK ashWebSv.exe:484 TCP margot:1244 vip9-junon-vlan32.x-echo.com:http LAST_ACK ashWebSv.exe:484 TCP margot:1246 vip9-junon-vlan32.x-echo.com:http LAST_ACK ashWebSv.exe:484 TCP margot:1258 ns635.ovh.net:http LAST_ACK ashWebSv.exe:484 TCP margot:1270 ns635.ovh.net:http LAST_ACK ashWebSv.exe:484 TCP margot:1272 ns635.ovh.net:http LAST_ACK ashWebSv.exe:484 TCP margot:1358 213.251.139.21:http LAST_ACK lsass.exe:580 UDP Margot:isakmp *:* svchost.exe:1004 UDP Margot:1025 *:* svchost.exe:1004 UDP Margot:1132 *:* svchost.exe:1004 UDP Margot:1133 *:* svchost.exe:1060 TCP Margot:5000 Margot:0 LISTENING svchost.exe:1060 UDP Margot:1900 *:* svchost.exe:1060 UDP margot:1900 *:* svchost.exe:764 TCP Margot:epmap Margot:0 LISTENING svchost.exe:816 TCP Margot:1026 Margot:0 LISTENING svchost.exe:816 UDP Margot:ntp *:* svchost.exe:816 UDP margot:ntp *:* System:4 TCP Margot:microsoft-ds Margot:0 LISTENING System:4 UDP Margot:microsoft-ds *:*
-
après passage antivir un virus détecté (??) w95 /blumblebee.1738 : deleted ...après fixwarout voilà le rapport hijackthis , on dirait que c'est bon , non ? En tout cas , merci beaucoup pour les explications , c'est très sympa , d'autant plus que je suis pluôt une brêle en informatique ... amellifica Pendant que j'y suis qu'elle est la fonction de fixwarout ? il delete les lignes fixées par hijackthis ? Scan saved at 20:01:52, on 19/08/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Administrateur\Mes documents\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.be O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe -- End of file - 5512 bytes
-
stp , quand est ce que j'utilise LSPfix ?? amellifica
-
bonjour je reçois des mails d'abuse@orange.fr qui me dit que mon IP est relevée dans l'envoi de courrier non sollicités . En effet , j'ai avast antivirus depuis des années et celui ci m'analyse des courriers sortants ...j'ai passé ma bécane aux scans online de panda , trend micro , norton , F secure , bit defender , ainsi que de nombreux antispyware : RIEN DE RIEN ... J'ai la live box( wanadoo débit max ) , du coup je viens de remettre en service mon vieux netgear DG 834 G , qui me fait des décos , mais qui ne permet apparement pas les courriers sortants à mon insu ... j'ai utilisé aussi process explorer qui ne détecte pas de processus ennemi , ainsi que a squarred hijack free . Est ce que quelqu'un peut examiner mon rapport d'hijackthis et me le commenter SVP ? merci d'avance A) Scan saved at 16:08:46, on 19/08/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Administrateur\Mes documents\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriverLoad] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [FDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ADriver] c:\DriverLoad\windrv.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\DriverLoad\windrv.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.be O17 - HKLM\System\CCS\Services\Tcpip\..\{AB82812D-E8A7-4612-A4E3-0A3727CFB424}: NameServer = 85.255.116.146,85.255.112.225 O17 - HKLM\System\CCS\Services\Tcpip\..\{E0519B2A-BE7B-41DA-8303-92F4983CE783}: NameServer = 85.255.116.146,85.255.112.225 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe -- End of file - 6335 bytes