Aller au contenu

plm26

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par plm26

  1. plm26
    C'est bon, aprés reinstallation de COunterSPy je n'ai plus d'alertes. Merci pour le boulot.
  2. plm26
    Désolé, je n'avais pas vu qu'un outil avait réactivé la restauration. Si tu veux le dernier rapport de OTMoveIt, le voici : D:\telecharge\outils\HideToolz.zip moved successfully. D:\telecharge\outils\Power.Video.Converter.v1.5.18.WinALL.Keygen.Only-BRD.rar moved successfully. D:\telecharge\outils\antivundo\VirtumundoBeGone.exe moved successfully. D:\telecharge\outils\nero\Extract\Toolbar.exe moved successfully. D:\telecharge\outils\lopremover.zip moved successfully. C:\WINDOWS\Tasks\B519BA2991AE2C31.job moved successfully. C:\WINDOWS\system32\ybadd.ini2 moved successfully. C:\WINDOWS\system32\ybadd.bak2 moved successfully. C:\Documents and Settings\Philippe\file1.zip moved successfully. LoadLibrary failed for C:\WINDOWS\system32\EA540F0556.dll C:\WINDOWS\system32\EA540F0556.dll NOT unregistered. C:\WINDOWS\system32\EA540F0556.dll moved successfully. C:\WINDOWS\msdownld.tmp moved successfully. File/Folder not found. Created on 12/27/2007 09:47:03
  3. plm26
    Salut, J'ai 2 rapports (mode sans echec et mode normal). Les voici : AntiVir PersonalEdition Classic Report file date: vendredi 28 décembre 2007 09:00 Scanning for 993955 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Philippe Computer name: PORTABLE-ASUS Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 07:47:00 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:47:00 ANTIVIR2.VDF : 7.0.1.157 286720 Bytes 26/12/2007 07:47:00 ANTIVIR3.VDF : 7.0.1.165 20992 Bytes 28/12/2007 07:47:00 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 28/12/2007 07:47:00 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 28/12/2007 07:47:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 28 décembre 2007 09:00 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'TSVNCache.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'SBCSSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\Program Files\Panda Security\TotalScan\pskavs.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [iNFO] The file was moved to '47dfc280.qua'! C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll [DETECTION] Is the Trojan horse TR/Agent.bux.1 [iNFO] The file was moved to '47e2c2e4.qua'! C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP26\A0003622.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [iNFO] The file was moved to '47a4c3e8.qua'! C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP26\A0003623.dll [DETECTION] Is the Trojan horse TR/Agent.bux.1 [iNFO] The file was moved to '4623f901.qua'! Begin scan in 'D:\' End of the scan: vendredi 28 décembre 2007 13:18 Used time: 4:17:39 min The scan has been done completely. 44856 Scanning directories 1310895 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 1310891 Files not concerned 13203 Archives were scanned 2 Warnings 11 Notes AntiVir PersonalEdition Classic Report file date: vendredi 28 décembre 2007 13:29 Scanning for 993955 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: PORTABLE-ASUS Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 07:47:00 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:47:00 ANTIVIR2.VDF : 7.0.1.157 286720 Bytes 26/12/2007 07:47:00 ANTIVIR3.VDF : 7.0.1.165 20992 Bytes 28/12/2007 07:47:00 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 28/12/2007 07:47:00 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 28/12/2007 07:47:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 28 décembre 2007 13:29 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'CAP2SWK.EXE' - '1' Module(s) have been scanned Scan process 'CAP2RSK.EXE' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'wwSecure.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned Scan process 'SBCSSvc.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'NOD32KRN.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'CachemanXP.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LOGONUI.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '38' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe [DETECTION] Contains detection pattern of the dropper DR/FraudTool.WinZix.A.22 [iNFO] The file was moved to '47a52500.qua'! D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000519.dll [DETECTION] Is the Trojan horse TR/Drop.Delf.czz [iNFO] The file was moved to '46256c39.qua'! End of the scan: vendredi 28 décembre 2007 18:00 Used time: 4:31:20 min The scan has been canceled! 44612 Scanning directories 1199291 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 1199289 Files not concerned 11478 Archives were scanned 2 Warnings 5 Notes
  4. plm26
    Tout à l'air OK. Juste un petit probleme de demarrage. Il m'arrive souvent d'avoir un message d'erreur d'execution de SBCSSvc.exe. Cela correspond à CounterSpy. Si je continue sans redémarrer, j'obtiens des erreurs de Scan Service. Merci pour ton aide.
  5. plm26
    Bonjour, voici Les différents rapports : ComboFix 07-12-21.4 - Philippe 2007-12-26 17:03:55.7 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.405 [GMT 1:00] Running from: D:\telecharge\outils\antivundo\ComboFix.exe Command switches used :: C:\download\oui oui\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\philippe\applic~1\acidty~1 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))))))) . 2007-12-24 18:07 . 2007-12-24 18:07 <REP> d-------- C:\Program Files\Panda Security 2007-12-23 23:42 . 2007-12-23 23:42 <REP> d-------- C:\Program Files\MSXML 6.0 2007-12-23 21:23 . 2007-12-23 21:23 <REP> d-------- C:\Program Files\LucasArts 2007-12-23 14:58 . 2007-12-23 14:58 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Mobipocket 2007-12-23 14:41 . 2007-12-23 14:41 <REP> d-------- C:\Program Files\Mobipocket.com 2007-12-23 14:41 . 2007-12-23 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Mobipocket Shared 2007-12-22 22:37 . 2007-12-22 22:37 <REP> d-------- C:\Program Files\Trend Micro 2007-12-22 21:49 . 2007-12-22 21:49 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe 2007-12-22 21:48 . 2007-04-16 11:21 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll 2007-12-22 21:48 . 2007-04-16 11:21 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll 2007-12-22 21:27 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys 2007-12-22 19:21 . 2007-12-22 19:21 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys 2007-12-22 19:20 . 2007-12-22 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2007-12-22 18:49 . 2007-12-22 18:48 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-22 18:49 . 2007-12-22 18:48 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-12-22 18:49 . 2007-12-22 18:48 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-12-22 09:20 . 2007-12-22 09:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-21 20:31 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-12-21 20:17 . 2007-12-21 20:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBRC.dat 2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBFC.dat 2007-12-20 21:38 . 2004-08-05 14:00 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-20 17:31 . 2007-12-20 17:31 <REP> d-------- C:\VundoFix Backups 2007-12-20 16:39 . 2007-12-20 16:39 <REP> d-------- C:\Program Files\ABC Amber XML Converter 2007-12-20 13:42 . 2007-12-20 13:42 <REP> d-------- C:\WINDOWS\system32\windows media 2007-12-20 13:42 . 2007-12-20 13:42 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2007-12-20 12:59 . 2007-12-20 13:51 134,217,728 --a------ C:\rptemp.tmp 2007-12-20 12:56 . 2007-12-20 12:56 <REP> d-------- C:\Program Files\Futuremark 2007-12-19 22:22 . 2007-12-23 11:03 193 --a------ C:\WINDOWS\ComicGURU.INI 2007-12-19 21:42 . 2007-12-19 21:42 <REP> d-------- C:\Program Files\Raysolutions 2007-12-19 08:28 . 2007-12-19 08:28 <REP> d-------- C:\d3temp 2007-12-17 15:18 . 2005-01-14 13:47 180,224 --a------ C:\WINDOWS\system\StillDrv.dll 2007-12-17 15:18 . 2005-08-29 11:14 73,846 --a------ C:\WINDOWS\system32\BisonRem.dll 2007-12-17 07:58 . 2007-12-17 07:58 <REP> d-------- C:\Program Files\NoviiMedia 2007-12-13 12:28 . 2007-12-13 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\AVS4YOU 2007-12-13 12:24 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-12-13 12:24 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx 2007-12-13 12:24 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm 2007-12-13 12:24 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm 2007-12-13 12:24 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-13 12:24 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm 2007-12-10 10:50 . 2007-12-10 10:50 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\vlc 2007-12-09 16:17 . 2007-12-09 16:17 <REP> d-------- C:\Program Files\Windows Live 2007-12-09 16:17 . 2007-12-09 16:17 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-09 16:16 . 2007-12-09 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-07 17:57 . 2007-12-07 17:57 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\DAEMON Tools Pro 2007-12-07 17:55 . 2007-12-07 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-12-07 17:50 . 2007-12-07 17:50 <REP> d-------- C:\Program Files\DAEMON Tools Pro 2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\UltraISO 2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems 2007-12-04 12:02 . 2007-12-04 12:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-04 11:19 . 2007-12-04 11:19 <REP> d-------- C:\Program Files\Fichiers communs\ODBC 2007-12-04 11:16 . 2007-07-09 14:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-12-04 10:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-04 10:42 . 2007-12-04 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-02 11:29 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll 2007-12-02 11:29 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll 2007-12-02 11:28 . 2007-12-02 11:27 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-12-02 11:27 . 2007-12-02 11:27 <REP> d-------- C:\Program Files\Replay Converter 2007-11-30 07:45 . 2007-11-30 07:46 <REP> d-------- C:\Program Files\SuperCopier2 2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Program Files\FastStone Image Viewer 2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\FastStone 2007-11-27 17:09 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg 2007-11-27 14:51 . 2007-11-27 14:51 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\PokerAcademyPro2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 15:59 1,192,377 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-12-22 20:50 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-19 07:28 44,239 ----a-w C:\sound32.dll 2007-12-07 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-18 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SimCity Societies 2007-11-18 07:00 --------- d-----w C:\Program Files\Electronic Arts 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-10-07 08:30 286,720 ----a-w C:\WINDOWS\iun506.exe 2007-09-26 09:50 24,575 ----a-w C:\WINDOWS\system32\gwinapppiobas66.dll 2007-05-16 15:54 83 ----a-w C:\Documents and Settings\Philippe\Application Data\hexplorer.dat 2007-05-16 15:54 4 ----a-w C:\Documents and Settings\Philippe\Application Data\mclip.dat 2007-05-13 23:17 21,888 ----a-w C:\WINDOWS\inf\hopperp.sys 2007-05-04 10:15 7 ---h--r C:\Program Files\~etzero~.aic 2007-01-24 14:06 142,328 ----a-w C:\Documents and Settings\Philippe\file1.zip 2006-07-17 19:27 278 ----a-w C:\Documents and Settings\Philippe\Application Data\config.dat 1999-07-24 05:30 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1999-07-24 05:30 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1999-07-24 05:30 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1999-07-24 05:30 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1999-07-24 05:30 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1999-07-24 05:30 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL 2006-07-02 10:19 611,659 --sh--w C:\WINDOWS\system32\ybadd.ini2 2006-07-01 07:40 858,451 --sh--w C:\WINDOWS\system32\ybadd.bak2 2007-09-25 11:47 80 --sh--r C:\WINDOWS\system32\EA540F0556.dll . ((((((((((((((((((((((((((((( snapshot_2007-12-22_22.52.49.34 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-29 21:47:34 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2007-12-23 20:54:24 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2007-07-29 21:47:34 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2007-12-23 20:54:24 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2007-07-29 21:47:34 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2007-12-23 20:54:24 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2007-07-29 21:47:34 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2007-12-23 20:54:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2007-07-29 21:47:34 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2007-12-23 20:54:26 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2007-07-29 21:47:34 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2007-12-23 20:54:26 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2007-07-29 21:47:34 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2007-12-23 20:54:26 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2007-07-29 21:47:36 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2007-12-23 20:54:26 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2007-07-29 21:47:34 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2007-12-23 20:54:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll + 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll + 2007-08-20 09:59:30 124,928 ------w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll + 2007-08-20 09:59:30 214,528 ------w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll + 2007-08-20 09:59:30 132,608 ------w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll + 2007-08-20 09:59:30 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll + 2007-08-17 10:22:12 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe + 2007-08-20 09:59:30 153,088 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll + 2007-08-20 09:59:30 230,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll + 2007-08-17 07:34:26 161,792 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll + 2007-08-20 09:59:30 383,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll + 2007-08-20 09:59:30 384,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll + 2007-08-20 09:59:30 6,058,496 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll + 2007-08-20 09:59:30 44,544 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll + 2007-08-20 09:59:30 267,776 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll + 2007-08-17 10:22:12 13,824 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe + 2007-08-17 10:22:32 625,152 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe + 2007-08-20 09:59:30 27,648 ------w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll + 2007-08-20 09:59:30 459,264 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll + 2007-08-20 09:59:30 52,224 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll + 2007-08-20 09:59:30 3,584,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll + 2007-08-20 09:59:30 477,696 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll + 2007-08-20 09:59:30 193,024 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll + 2007-08-20 09:59:30 671,232 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll + 2007-08-20 09:59:32 102,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll + 2007-03-06 01:34:38 216,800 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll + 2007-08-20 09:59:32 105,984 ------w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll + 2007-08-20 09:59:32 1,152,000 ------w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll + 2007-08-20 09:59:32 232,960 ------w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll + 2007-08-20 09:59:32 824,832 ------w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll + 2007-12-23 13:58:18 50,008 ----a-r C:\WINDOWS\Installer\{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}\_6FEFF9B68218417F98F549.exe - 2007-12-04 10:30:40 34,304 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\misc.exe + 2007-12-23 22:42:46 34,304 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\misc.exe - 2007-12-04 10:30:40 8,192 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2007-12-23 22:42:46 8,192 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2007-12-04 10:30:40 3,584 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2007-12-23 22:42:46 3,584 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2007-12-04 10:30:40 114,688 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2007-12-23 22:42:46 114,688 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\outicon.exe - 2007-12-04 10:30:40 16,384 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2007-12-23 22:42:46 16,384 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2007-05-11 20:03:24 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe + 2007-12-23 10:41:26 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe - 2007-05-11 20:03:24 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe + 2007-12-23 10:41:26 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe + 2007-12-23 08:29:12 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-5676-5A64-7E8A45000001}\ARPPRODUCTICON.exe + 2007-12-23 13:50:36 22,486 ----a-r C:\WINDOWS\Installer\{E06EC520-78B1-49D6-9B86-3786E8E04C16}\_12db153c.exe + 2007-12-23 13:50:36 22,486 ----a-r C:\WINDOWS\Installer\{E06EC520-78B1-49D6-9B86-3786E8E04C16}\_7e87390c.exe + 2007-12-23 13:50:36 22,486 ----a-r C:\WINDOWS\Installer\{E06EC520-78B1-49D6-9B86-3786E8E04C16}\_f3e99.exe - 2007-08-20 09:59:30 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2001-01-22 02:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL + 2004-01-29 14:08:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL - 2007-08-20 09:59:30 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-20 09:59:30 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll - 2007-08-20 09:59:30 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-08-17 10:22:12 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-10-10 11:00:42 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-08-20 09:59:30 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-08-20 09:59:30 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-08-17 07:34:26 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-10-10 05:46:56 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-08-20 09:59:30 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-08-20 09:59:30 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-08-20 09:59:30 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll + 2007-10-10 23:49:44 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-08-20 09:59:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-10-10 23:49:44 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2007-10-10 23:49:44 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-08-17 10:22:12 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-08-20 09:59:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2007-11-01 23:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-08-20 09:59:30 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-20 09:59:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-08-20 09:59:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-08-20 09:59:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-10-10 23:49:46 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2005-09-29 00:13:36 1,303,752 ----a-w C:\WINDOWS\system32\msxml6.dll + 2007-05-15 14:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll - 2007-08-20 09:59:32 102,400 ----a-w C:\WINDOWS\system32\occache.dll + 2007-10-10 23:49:46 102,400 ----a-w C:\WINDOWS\system32\occache.dll - 2007-12-22 20:48:38 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-23 14:03:26 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-22 20:48:38 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2007-12-23 14:03:26 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2007-12-22 20:48:38 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-23 14:03:26 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-22 20:48:38 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2007-12-23 14:03:26 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe - 2007-08-20 09:59:32 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2007-10-10 23:49:46 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-20 09:59:32 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-10-10 23:49:46 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-08-20 09:59:32 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-10-10 23:49:46 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-08-20 09:59:32 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-10-10 23:49:46 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-12-26 16:12:56 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_7e8.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [] "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 C:\WINDOWS\RTHDCPL.EXE] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [] "CAP2ON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [] "eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [] "SMSERIAL"="sm56hlpr.exe" [2005-05-27 07:12 C:\WINDOWS\sm56hlpr.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [] "ISUSScheduler"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" [] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 11:22] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-22 18:48] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-13 11:31] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-07-28 22:04] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 setuid R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-12-22 19:21] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2006-04-14 17:24] R2 Asystcom;Asystcom;C:\WINDOWS\system32\drivers\Asystcom.sys [2004-01-16 00:44] R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2007-06-02 11:11] R2 drpkiont;drpkiont;C:\WINDOWS\system32\drpkiont.sys [2004-02-24 18:41] R2 sdiont;sdiont;C:\WINDOWS\system32\drivers\sdiont.sys [1999-05-24 19:25] R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21] R2 xdsfast1;XDSFast1 ISA Bus Driver;C:\WINDOWS\system32\xdsfast1.sys [2004-02-24 18:41] S2 RapidPort2;RapidPort2;C:\WINDOWS\system32\Drivers\CAP2LPT.SYS [2002-04-11 16:00] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10] S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] S3 sdusb2em;SD USB2 Emulator (sdusb2em.sys);C:\WINDOWS\system32\Drivers\sdusb2em.sys [2004-05-17 17:19] S3 SVNService;SVNService;C:\Program Files\Subversion\bin\SVNService.exe [2004-03-31 18:13] S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2002-02-19 12:06] S3 XDS560;Texas Instruments XDS560 Device Driver;C:\WINDOWS\system32\DRIVERS\xds560.sys [2004-02-24 18:41] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-08-11 21:48] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-26 16:00:02 C:\WINDOWS\Tasks\B519BA2991AE2C31.job" - c:\docume~1\philippe\applic~1\acidty~1\Vc jump second.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 17:19:18 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 17:20:59 - machine was rebooted C:\ComboFix3.txt ... 2007-12-22 09:16 C:\ComboFix2.txt ... 2007-12-22 22:54 Virus TOTAL : Fichier Asystcom.sys reçu le 2007.12.26 18:06:43 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2007.12.27.10 2007.12.26 - AntiVir 7.6.0.46 2007.12.26 - Authentium 4.93.8 2007.12.26 - Avast 4.7.1098.0 2007.12.26 - AVG 7.5.0.516 2007.12.25 - BitDefender 7.2 2007.12.26 - CAT-QuickHeal 9.00 2007.12.25 - ClamAV 0.91.2 2007.12.26 - DrWeb 4.44.0.09170 2007.12.26 - eSafe 7.0.15.0 2007.12.26 - eTrust-Vet 31.3.5400 2007.12.24 - Ewido 4.0 2007.12.26 - FileAdvisor 1 2007.12.26 - Fortinet 3.14.0.0 2007.12.26 - F-Prot 4.4.2.54 2007.12.25 - F-Secure 6.70.13030.0 2007.12.26 - Ikarus T3.1.1.15 2007.12.26 - Kaspersky 7.0.0.125 2007.12.26 - McAfee 5192 2007.12.24 - Microsoft 1.3109 2007.12.26 - NOD32v2 2747 2007.12.25 - Norman 5.80.02 2007.12.26 - Panda 9.0.0.4 2007.12.25 - Prevx1 V2 2007.12.26 - Rising 20.24.21.00 2007.12.26 - Sophos 4.24.0 2007.12.26 - Sunbelt 2.2.907.0 2007.12.21 - Symantec 10 2007.12.26 - TheHacker 6.2.9.168 2007.12.22 - VBA32 3.12.2.5 2007.12.26 - VirusBuster 4.3.26:9 2007.12.26 - Webwasher-Gateway 6.6.2 2007.12.26 - Information additionnelle File size: 20912 bytes MD5: 11779a2dc30ae3c3381b84641a36dc1f SHA1: 5aa0fb930ddb759ac6cbab5fe97ea73ce1d93cb9 PEiD: - File sbhr.sys received on 12.23.2007 05:31:06 (CET)Antivirus Version Last Update Result AhnLab-V3 2007.12.22.10 2007.12.21 - AntiVir 7.6.0.46 2007.12.22 - Authentium 4.93.8 2007.12.23 - Avast 4.7.1098.0 2007.12.22 - AVG 7.5.0.516 2007.12.22 - BitDefender 7.2 2007.12.23 - CAT-QuickHeal 9.00 2007.12.22 - ClamAV 0.91.2 2007.12.23 - DrWeb 4.44.0.09170 2007.12.22 - eSafe 7.0.15.0 2007.12.20 - eTrust-Vet 31.3.5395 2007.12.21 - Ewido 4.0 2007.12.22 - FileAdvisor 1 2007.12.23 - Fortinet 3.14.0.0 2007.12.23 - F-Prot 4.4.2.54 2007.12.22 - F-Secure 6.70.13030.0 2007.12.21 - Ikarus T3.1.1.15 2007.12.23 - Kaspersky 7.0.0.125 2007.12.23 - McAfee 5191 2007.12.21 - Microsoft 1.3109 2007.12.23 - NOD32v2 2743 2007.12.23 - Norman 5.80.02 2007.12.21 - Panda 9.0.0.4 2007.12.22 - Prevx1 V2 2007.12.23 - Rising 20.23.52.00 2007.12.22 - Sophos 4.24.0 2007.12.22 - Sunbelt 2.2.907.0 2007.12.21 - Symantec 10 2007.12.23 - TheHacker 6.2.9.168 2007.12.22 - VBA32 3.12.2.5 2007.12.22 - VirusBuster 4.3.26:9 2007.12.23 - Webwasher-Gateway 6.6.2 2007.12.23 - Additional information Tamano archivo: 15544 bytes MD5: c6ea8d8c6442648746f69e3d75cacf98 SHA1: 0a8c657bfbb5e2f6a90973dc3f802c7a54ca237a PEiD: - Fichier drpkiont.sys reçu le 2007.12.26 18:09:07 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2007.12.27.10 2007.12.26 - AntiVir 7.6.0.46 2007.12.26 - Authentium 4.93.8 2007.12.26 - Avast 4.7.1098.0 2007.12.26 - AVG 7.5.0.516 2007.12.25 - BitDefender 7.2 2007.12.26 - CAT-QuickHeal 9.00 2007.12.25 - ClamAV 0.91.2 2007.12.26 - DrWeb 4.44.0.09170 2007.12.26 - eSafe 7.0.15.0 2007.12.26 - eTrust-Vet 31.3.5400 2007.12.24 - Ewido 4.0 2007.12.26 - FileAdvisor 1 2007.12.26 - Fortinet 3.14.0.0 2007.12.26 - F-Prot 4.4.2.54 2007.12.25 - F-Secure 6.70.13030.0 2007.12.26 - Ikarus T3.1.1.15 2007.12.26 - Kaspersky 7.0.0.125 2007.12.26 - McAfee 5192 2007.12.24 - Microsoft 1.3109 2007.12.26 - NOD32v2 2747 2007.12.25 - Norman 5.80.02 2007.12.26 - Panda 9.0.0.4 2007.12.25 - Prevx1 V2 2007.12.26 - Rising 20.24.21.00 2007.12.26 - Sophos 4.24.0 2007.12.26 - Sunbelt 2.2.907.0 2007.12.21 - Symantec 10 2007.12.26 - TheHacker 6.2.9.168 2007.12.22 - VBA32 3.12.2.5 2007.12.26 - VirusBuster 4.3.26:9 2007.12.26 - Webwasher-Gateway 6.6.2 2007.12.26 - Information additionnelle File size: 3968 bytes MD5: 5b2410766376cb6b2be95b6d6824b771 SHA1: 1fc6d5ea2cadb94671c3fc70a2dd073f2fcb789b PEiD: - ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, December 26, 2007 11:01:11 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 26/12/2007 Kaspersky Anti-Virus database records: 494220 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 349024 Number of viruses found: 9 Number of infected objects: 15 Number of suspicious objects: 0 Duration of the scan process: 03:45:19 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_7e8.dat Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Philippe\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Philippe\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Philippe\Local Settings\Temp\WCESLog.log Object is locked skipped C:\Documents and Settings\Philippe\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Philippe\Application Data\$_hpcst$.hpc Object is locked skipped C:\Documents and Settings\Philippe\ntuser.dat Object is locked skipped C:\Program Files\Eset\logs\virlog.dat Object is locked skipped C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000432.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP24\change.log Object is locked skipped D:\developpement\SEE\Wifi_old\tftp\SolarWinds-TFTP-Server.exe/WISE0049.BIN Infected: not-a-virus:Server-FTP.Win32.PremierServer.Tftp.503 skipped D:\developpement\SEE\Wifi_old\tftp\SolarWinds-TFTP-Server.exe WiseSFX: infected - 1 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP24\change.log Object is locked skipped D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe/file1 Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe/file2 Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe/file7 Infected: Trojan.Win32.Obfuscated.en skipped D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe Inno: infected - 3 skipped D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000519.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped D:\telecharge\outils\HideToolz.zip/HideToolz.exe Infected: not-a-virus:RiskTool.Win32.HideProc.d skipped D:\telecharge\outils\HideToolz.zip ZIP: infected - 1 skipped D:\telecharge\outils\hijackthis_199\backups\backup-20060701-204935-138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped D:\telecharge\outils\hijackthis_199\backups\backup-20060702-112119-400.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped D:\telecharge\outils\lopremover.zip/lopremover.exe Infected: Packed.Win32.PolyCrypt.d skipped D:\telecharge\outils\lopremover.zip ZIP: infected - 1 skipped D:\telecharge\outils\nero\Extract\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped Scan process completed.
  6. plm26
    Salut, Voici le rapport de Panda. Beaucoup de cookies et autres saletes en latent. ;*********************************************************************************************************************************************************************************** ANALYSIS: 2007-12-24 20:31:07 PROTECTIONS: 1 MALWARE: 47 SUSPECTS: 2 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== ESET NOD32 antivirus system 2.70 2.70 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00047746 Adware/Lop Adware No 0 Yes No D:\telecharge\outils\lopremover.zip[lopremover.exe] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@doubleclick[1].txt 00139535 Application/Processor HackTools No 0 No No D:\telecharge\outils\antivundo\VirtumundoBeGone.exe[²ƒÇ] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.247realmedia.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@tribalfusion[1].txt 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ccbill[1].txt 00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.myaffiliateprogram[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@yadro[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@yadro[2].txt 00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@webpower[1].txt 00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.ademails[1].txt 00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.ademails[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.xiti.com/] 00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@fe.lea.lycos[1].txt 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@gostats[1].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@toplist[1].txt 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@888[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.burstbeacon[2].txt 00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@as1.falkag[1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@weborama[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.weborama.fr/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.adtech.de/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@server.iad.liveperson[1].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@fl01.ct2.comclick[2].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@fl01.ct2.comclick[2].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@fl01.ct2.comclick[3].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@fl01.ct2.comclick[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@advertising[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@media.adrevolver[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@statse.webtrendslive[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@statse.webtrendslive[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@overture[1].txt 00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www5.addfreestats[2].txt 00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@int.sitestat[1].txt 00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@int.sitestat[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@bluestreak[1].txt 00173987 Cookie/Itrack TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ilead.itrack[1].txt 00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@stats1.reliablestats[2].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@adultfriendfinder[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@adultfriendfinder[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@searchportal.information[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@searchportal.information[2].txt 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@errorsafe[2].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@smartadserver[2].txt 00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www3.addfreestats[1].txt 00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www3.addfreestats[2].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www6.addfreestats[2].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www6.addfreestats[3].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ads.addynamix[1].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ads.addynamix[2].txt 00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@winantivirus[2].txt 00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@winantispyware[1].txt 00519333 Application/Processor HackTools No 0 Yes No D:\telecharge\outils\antivundo\VirtumundoBeGone.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000044.EXE 01262593 Application/NirCmd.A HackTools No 0 No No H:\TOOLS\ComboFix.exe[nircmd.exe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000181.EXE 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000291.EXE 01262593 Application/NirCmd.A HackTools No 0 No No D:\telecharge\outils\antivundo\ComboFix.exe[nircmd.cfexe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000348.EXE 01262593 Application/NirCmd.A HackTools No 0 No No D:\telecharge\outils\antivundo\ComboFix.exe[nircmd.exe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000480.EXE 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP11\A0001086.EXE 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000121.EXE 01262593 Application/NirCmd.A HackTools No 0 No No H:\TOOLS\ComboFix.exe[nircmd.cfexe] 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@adserver.easyad[1].txt 01649617 Trj/Hideproc.L Virus/Trojan No 1 Yes No D:\telecharge\outils\HideToolz.zip[HideToolz.exe] 02068727 Generic Backdoor Virus/Trojan No 0 No No D:\telecharge\outils\Power.Video.Converter.v1.5.18.WinALL.Keygen.Only-BRD.rar[Power.Video.Converter.v1.5.18.WinALL.Keygen.Only-BRD\keygen.exe] 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000086.SYS 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000020.SYS 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000313.SYS 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000448.SYS ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== D:\telecharge\outils\hijackthis_199\backups\backup-20060701-204935-138.dll D:\telecharge\outils\hijackthis_199\backups\backup-20060702-112119-400.dll ;===================================================================================================================================================================================
  7. plm26
    Voici les rapports, pour un oeil eclairé. Merci pour l'analyse : Combo.txt : ComboFix 07-12-21.4 - Philippe 2007-12-22 22:40:39.6 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.438 [GMT 1:00] Running from: D:\telecharge\outils\antivundo\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))))))) . 2007-12-22 22:37 . 2007-12-22 22:37 <REP> d-------- C:\Program Files\Trend Micro 2007-12-22 21:49 . 2007-12-22 21:49 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe 2007-12-22 21:48 . 2007-04-16 11:21 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll 2007-12-22 21:48 . 2007-04-16 11:21 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll 2007-12-22 21:27 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys 2007-12-22 19:21 . 2007-12-22 19:21 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys 2007-12-22 19:20 . 2007-12-22 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2007-12-22 18:49 . 2007-12-22 18:48 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-22 18:49 . 2007-12-22 18:48 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-12-22 18:49 . 2007-12-22 18:48 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-12-22 09:20 . 2007-12-22 09:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-21 20:31 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-12-21 20:17 . 2007-12-21 20:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBRC.dat 2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBFC.dat 2007-12-20 21:38 . 2004-08-05 14:00 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-20 17:31 . 2007-12-20 17:31 <REP> d-------- C:\VundoFix Backups 2007-12-20 16:39 . 2007-12-20 16:39 <REP> d-------- C:\Program Files\ABC Amber XML Converter 2007-12-20 13:42 . 2007-12-20 13:42 <REP> d-------- C:\WINDOWS\system32\windows media 2007-12-20 13:42 . 2007-12-20 13:42 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2007-12-20 12:59 . 2007-12-20 13:51 134,217,728 --a------ C:\rptemp.tmp 2007-12-20 12:56 . 2007-12-20 12:56 <REP> d-------- C:\Program Files\Futuremark 2007-12-19 22:22 . 2007-12-19 22:34 193 --a------ C:\WINDOWS\ComicGURU.INI 2007-12-19 21:42 . 2007-12-19 21:42 <REP> d-------- C:\Program Files\Raysolutions 2007-12-19 08:28 . 2007-12-19 08:28 <REP> d-------- C:\d3temp 2007-12-17 15:18 . 2005-01-14 13:47 180,224 --a------ C:\WINDOWS\system\StillDrv.dll 2007-12-17 15:18 . 2005-08-29 11:14 73,846 --a------ C:\WINDOWS\system32\BisonRem.dll 2007-12-17 07:58 . 2007-12-17 07:58 <REP> d-------- C:\Program Files\NoviiMedia 2007-12-13 12:28 . 2007-12-13 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\AVS4YOU 2007-12-13 12:24 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-12-13 12:24 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx 2007-12-13 12:24 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm 2007-12-13 12:24 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm 2007-12-13 12:24 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-13 12:24 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm 2007-12-10 10:50 . 2007-12-10 10:50 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\vlc 2007-12-09 21:39 . 2007-12-21 08:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-09 21:39 . 2007-12-09 21:39 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-09 16:17 . 2007-12-09 16:17 <REP> d-------- C:\Program Files\Windows Live 2007-12-09 16:17 . 2007-12-09 16:17 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-09 16:16 . 2007-12-09 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-07 17:57 . 2007-12-07 17:57 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\DAEMON Tools Pro 2007-12-07 17:55 . 2007-12-07 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-12-07 17:50 . 2007-12-07 17:50 <REP> d-------- C:\Program Files\DAEMON Tools Pro 2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\UltraISO 2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems 2007-12-04 12:02 . 2007-12-04 12:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-04 11:19 . 2007-12-04 11:19 <REP> d-------- C:\Program Files\Fichiers communs\ODBC 2007-12-04 11:16 . 2007-07-09 14:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-12-04 10:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-04 10:42 . 2007-12-04 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-02 11:29 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll 2007-12-02 11:29 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll 2007-12-02 11:28 . 2007-12-02 11:27 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-12-02 11:27 . 2007-12-02 11:27 <REP> d-------- C:\Program Files\Replay Converter 2007-11-30 07:45 . 2007-11-30 07:46 <REP> d-------- C:\Program Files\SuperCopier2 2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Program Files\FastStone Image Viewer 2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\FastStone 2007-11-27 17:09 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg 2007-11-27 14:51 . 2007-11-27 14:51 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\PokerAcademyPro2 2007-11-23 16:14 . 2007-11-23 16:14 <REP> d-------- C:\WINDOWS\system32\Viewers 2007-11-23 16:13 . 2007-11-23 16:13 <REP> d-------- C:\WINDOWS\Twain32 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 21:31 1,089,753 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-12-22 20:50 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-19 07:28 44,239 ----a-w C:\sound32.dll 2007-12-07 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-18 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SimCity Societies 2007-11-18 07:00 --------- d-----w C:\Program Files\Electronic Arts 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-23 06:57 --------- d-----w C:\Program Files\CachemanXP 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-07 08:30 286,720 ----a-w C:\WINDOWS\iun506.exe 2007-09-26 09:50 24,575 ----a-w C:\WINDOWS\system32\gwinapppiobas66.dll 2007-05-16 15:54 83 ----a-w C:\Documents and Settings\Philippe\Application Data\hexplorer.dat 2007-05-16 15:54 4 ----a-w C:\Documents and Settings\Philippe\Application Data\mclip.dat 2007-05-13 23:17 21,888 ----a-w C:\WINDOWS\inf\hopperp.sys 2007-05-04 10:15 7 ---h--r C:\Program Files\~etzero~.aic 2007-01-24 14:06 142,328 ----a-w C:\Documents and Settings\Philippe\file1.zip 2006-07-17 19:27 278 ----a-w C:\Documents and Settings\Philippe\Application Data\config.dat 1999-07-24 05:30 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1999-07-24 05:30 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1999-07-24 05:30 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1999-07-24 05:30 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1999-07-24 05:30 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1999-07-24 05:30 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL 2006-07-02 10:19 611,659 --sh--w C:\WINDOWS\system32\ybadd.ini2 2006-07-01 07:40 858,451 --sh--w C:\WINDOWS\system32\ybadd.bak2 . ((((((((((((((((((((((((((((( snapshot@2007-12-21_14.32.50.73 ))))))))))))))))))))))))))))))))))))))))) . + 2006-05-08 13:57:08 24,576 ----a-w C:\WINDOWS\ATK0100\AspScal.exe - 2005-07-28 17:05:42 159,744 ----a-w C:\WINDOWS\ATK0100\ASUSNet.dll + 2006-04-13 14:17:00 163,840 ----a-w C:\WINDOWS\ATK0100\ASUSNet.dll - 2005-11-10 10:11:36 2,170,880 ----a-w C:\WINDOWS\ATK0100\ATKOSD.exe + 2006-07-27 19:59:44 2,355,200 ----a-w C:\WINDOWS\ATK0100\ATKOSD.exe + 2006-07-28 21:04:06 110,592 ----a-w C:\WINDOWS\ATK0100\HControl.exe - 2005-02-16 14:40:20 45,056 ----a-w C:\WINDOWS\ATK0100\XPunin.exe + 2006-05-04 18:32:26 45,056 ----a-w C:\WINDOWS\ATK0100\XPunin.exe + 2007-12-22 18:18:48 19,230 ----a-r C:\WINDOWS\Installer\{9D462A06-E57F-4938-860B-3A9DF681C58E}\ARPPRODUCTICON.exe + 2006-07-28 01:45:42 561,152 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3c32.dll + 2006-07-28 01:47:04 646,656 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3c64.dll + 2006-07-26 09:42:08 1,703,040 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3k32.sys + 2006-07-28 01:46:14 2,732,032 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3r32.dll + 2006-07-28 01:47:28 2,628,096 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3r64.dll + 2006-07-26 09:39:32 1,707,776 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3x32.sys + 2006-07-26 09:44:54 2,050,560 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3x64.sys + 2007-04-16 10:21:10 684,032 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45A\NETw4c32.dll + 2007-04-30 05:35:52 2,201,856 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45A\NETw4k32.sys + 2007-04-16 10:21:46 2,772,992 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45A\NETw4r32.dll + 2007-04-16 10:21:10 684,032 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9\NETw4c32.dll + 2007-04-16 10:21:46 2,772,992 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9\NETw4r32.dll + 2007-04-30 05:37:20 2,206,976 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9\NETw4x32.sys + 2007-04-16 10:22:04 733,696 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x64_3FDB2100688236429B1308C609051803854732B5\NETw4c64.dll + 2007-04-16 10:22:32 2,669,056 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x64_3FDB2100688236429B1308C609051803854732B5\NETw4r64.dll + 2007-04-30 05:42:06 3,093,504 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x64_3FDB2100688236429B1308C609051803854732B5\NETw4x64.sys - 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll + 2003-02-21 19:42:22 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll - 2007-05-15 14:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll + 2005-09-29 00:13:36 1,303,752 ----a-w C:\WINDOWS\system32\msxml6.dll - 2007-11-18 08:53:04 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-22 20:48:38 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-18 08:53:04 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2007-12-22 20:48:38 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2007-11-18 08:53:04 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-22 20:48:38 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-11-18 08:53:04 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2007-12-22 20:48:38 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2006-07-28 01:45:42 561,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\NETw3c32.dll + 2006-07-28 01:46:14 2,732,032 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\NETw3r32.dll + 2006-09-27 01:36:24 1,709,696 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\NETw3x32.sys + 2004-05-28 09:13:04 16,269 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ASNDIS5.sys + 2005-07-28 17:05:42 159,744 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ASUSNet.dll + 2004-05-28 09:13:06 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ASW32N50.dll + 2005-02-17 22:07:48 5,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ATKACPI.sys + 2005-11-10 10:11:36 2,170,880 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ATKOSD.exe + 2004-05-28 09:13:08 80,384 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ATKWLIOC.DLL + 2004-05-28 09:13:10 57,344 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\CMSSC.dll + 2005-09-22 08:30:42 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\inter_f2.dll + 2004-05-28 09:13:10 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\radfn.dll + 2005-01-13 15:36:58 303,104 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\SiSPkt.dll + 2005-02-16 14:40:20 45,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\XPunin.exe - 2007-08-27 10:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe + 2007-06-13 09:38:44 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe + 2007-10-01 15:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll + 2007-12-22 21:49:54 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_e8.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DACD1DF-C1DD-459F-8F37-B71C74ECBDAC}] C:\WINDOWS\system32\pmkjj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [] "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 C:\WINDOWS\RTHDCPL.EXE] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [] "CAP2ON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [] "eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [] "pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [] "SMSERIAL"="sm56hlpr.exe" [2005-05-27 07:12 C:\WINDOWS\sm56hlpr.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [] "ISUSScheduler"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" [] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 11:22] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-22 18:48] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-13 11:31] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-07-28 22:04] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 setuid R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-12-22 19:21] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2006-04-14 17:24] R2 Asystcom;Asystcom;C:\WINDOWS\system32\drivers\Asystcom.sys [2004-01-16 00:44] R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2007-06-02 11:11] R2 drpkiont;drpkiont;C:\WINDOWS\system32\drpkiont.sys [2004-02-24 18:41] R2 sdiont;sdiont;C:\WINDOWS\system32\drivers\sdiont.sys [1999-05-24 19:25] R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21] R2 xdsfast1;XDSFast1 ISA Bus Driver;C:\WINDOWS\system32\xdsfast1.sys [2004-02-24 18:41] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] S2 RapidPort2;RapidPort2;C:\WINDOWS\system32\Drivers\CAP2LPT.SYS [2002-04-11 16:00] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10] S3 sdusb2em;SD USB2 Emulator (sdusb2em.sys);C:\WINDOWS\system32\Drivers\sdusb2em.sys [2004-05-17 17:19] S3 SVNService;SVNService;C:\Program Files\Subversion\bin\SVNService.exe [2004-03-31 18:13] S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2002-02-19 12:06] S3 XDS560;Texas Instruments XDS560 Device Driver;C:\WINDOWS\system32\DRIVERS\xds560.sys [2004-02-24 18:41] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-08-11 21:48] *Newly Created Service* - AEGISP *Newly Created Service* - S24TRANS *Newly Created Service* - SBAPIFS . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-22 21:00:02 C:\WINDOWS\Tasks\B519BA2991AE2C31.job" - c:\docume~1\philippe\applic~1\acidty~1\Vc jump second.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 22:52:06 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 22:54:23 - machine was rebooted C:\ComboFix3.txt ... 2007-12-21 20:57 C:\ComboFix2.txt ... 2007-12-22 09:16 Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:09, on 22/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Wireless Console 2\wcourier.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE C:\WINDOWS\system32\CAP2RSK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE C:\Program Files\PopTray\PopTray.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\ZCfgsvc.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll O2 - BHO: (no name) - {6DACD1DF-C1DD-459F-8F37-B71C74ECBDAC} - C:\WINDOWS\system32\pmkjj.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1210.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Clip To ComicGURU - C:\Program Files\Raysolutions\ComicGURU\ComicGURU_IEClip.htm O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://D:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: Traduire (SYSTRAN) - res://D:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: www.rapdishare.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196762222953 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196762202984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{813E808E-F920-405E-8D14-538B9F951A10}: NameServer = 69.69.69.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{12A7E984-E803-4433-B981-FDC4951EA43B}: NameServer = 69.69.69.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{C5B70085-E29A-4AE8-8AD6-DFC4F3EFD88D}: NameServer = 69.69.69.1 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: SVNService - Clansoft - C:\Program Files\Subversion\bin\SVNService.exe O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 13058 bytes Je n'ai plus le rapport antivir.
  8. plm26
    Je viens de lancer un scan profond avec antivir. Il s'avère que antivir à fait un grand ménage. Le virus avait atteint la gestion du Wifi, counterspy, nod32. J'essaye de remettre de l'ordre. Mais attention des le trojan détecté génére des fichiers proches de vundo monde. D'où la confusion pour l'éradication. Mais ne crions pas victoire trop vite.
  9. plm26
    J'ai un gros soucis avec trjan. Il ressemble a un virus du type virtu monde. Impossible de l'eradiquer. J'ai essayer toutes les combinaisons : vundofix / combofix / Fixvundo / virtumundobegone, mais rien à faire. Il réapparait à chaque fois. Le pare feu sunbelt que j'utilise me prévient que des fichiers sont modifiés et qu'il y a une tentative d'intrusion sur lssa.exe J'aimerai éviter de tout reinstaller. Aprés avoir fait un scan de Antivir, il trouve un trojan : DROP.Delf.czz. Mais il n'y a pas de description de ce trojan sur le site Antivir. QUelqu'un a une idée ? Merci d'avance pour votre aide.
×
×
  • Créer...