abousimbel

et voila le rapport antivir AntiVir PersonalEdition Classic Report file date: Thursday, 27 December 2007 17:32 Scanning for 992748 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ACER-537DA73FD4 Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 04:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 03:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 06:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 03:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 05:27:16 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 23:52:10 ANTIVIR2.VDF : 7.0.1.157 286720 Bytes 12/26/2007 07:09:06 ANTIVIR3.VDF : 7.0.1.158 2048 Bytes 12/26/2007 07:09:06 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 12/24/2007 23:52:12 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 01:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/17/2007 22:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 04:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 12/24/2007 23:52:12 AVREG.DLL : 7.0.1.6 30760 Bytes 7/17/2007 22:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 03:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/17/2007 22:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 02:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 03:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 03:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 00:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Thursday, 27 December 2007 17:32 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'SYMLCSVC.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned Scan process 'admServ.exe' - '1' Module(s) have been scanned Scan process 'AVGEMC.EXE' - '1' Module(s) have been scanned Scan process 'AVGUPSVC.EXE' - '1' Module(s) have been scanned Scan process 'ISSCH.EXE' - '1' Module(s) have been scanned Scan process 'LManager.exe' - '1' Module(s) have been scanned Scan process 'AVGAMSVR.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'ADMTRAY.EXE' - '1' Module(s) have been scanned Scan process 'eDSloader.exe' - '1' Module(s) have been scanned Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'AVGCC.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 49 processes with 49 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '44' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\upload_moi_ACER-537DA73FD4.tar.gz [0] Archive type: GZ --> upload_moi.tar [1] Archive type: TAR (tape archiver) --> WINDOWS/System32/vturo.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] The file was ignored! C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\vturo.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll [WARNING] The file could not be opened! C:\System Volume Information\_restore{8C0206E2-F928-4261-9A88-2ACD4745FD52}\RP1\A0000018.DLL [DETECTION] Is the Trojan horse TR/Vundo.DST [WARNING] The file was ignored! C:\VundoFix Backups\xxyxwwt.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DST [WARNING] The file was ignored! Begin scan in 'D:\' <ACERDATA> End of the scan: Thursday, 27 December 2007 18:38 Used time: 1:06:22 min The scan has been done completely. 4808 Scanning directories 175874 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 175870 Files not concerned 6745 Archives were scanned 8 Warnings 0 Notes

hello mr ingalls! Merci de m aider avec tout ce processus, je viens de rentrer du boulot et je viens de runner le diaghelp. cela m a cree une icone zip dans mon repertoire C:/ avec dedans une douzaine de fichier avec notamment le file vturo.dll qui est a l origine, je pense du tr/vundo gen. Pensez vous que je dois effacer ces fichiers? je sais quelle conduite adopter avec le web mais les collocs s en battent, sites de cul, telechargement a bloc, streaming, je bosse je peux rien y faire, enfin bon va falloir hausser la voix une fois de plus! merci pour toute votre aide, en tout cas voici le rapport txt du diag help. DiagHelp version v1.4 - http://www.malekal.com excute le Thu 27/12/2007 à 17:09:04.70 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf -->27/12/2007 5:08:06 PM C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->27/12/2007 5:07:52 PM C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->27/12/2007 5:07:48 PM C:\WINDOWS\prefetch\UNSECAPP.EXE-16EB9856.pf -->27/12/2007 5:07:30 PM C:\WINDOWS\prefetch\RTKBTMNT.EXE-37625A75.pf -->27/12/2007 5:07:22 PM C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->27/12/2007 5:07:20 PM C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf -->27/12/2007 5:07:20 PM C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf -->27/12/2007 5:07:18 PM C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf -->27/12/2007 5:07:18 PM C:\WINDOWS\prefetch\VOIPBUSTER.EXE-3AA96DDC.pf -->27/12/2007 5:07:18 PM C:\WINDOWS\System32\drivers\avipbb.sys -->25/12/2007 9:52:12 AM C:\WINDOWS\System32\drivers\avgmfx86.sys -->21/12/2007 10:15:20 AM C:\WINDOWS\System32\drivers\avgclean.sys -->21/12/2007 10:15:20 AM C:\WINDOWS\System32\drivers\tmcomm.sys -->13/11/2007 9:13:56 PM C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 8:25:54 PM C:\WINDOWS\System32\drivers\avg7core.sys -->26/10/2007 8:10:54 AM C:\WINDOWS\System32\drivers\ithsgt.sys -->23/10/2007 5:20:50 PM C:\WINDOWS\System32\orutv.ini -->27/12/2007 5:09:08 PM C:\WINDOWS\System32\orutv.ini2 -->27/12/2007 5:09:00 PM C:\WINDOWS\System32\wpa.dbl -->27/12/2007 5:08:04 PM C:\WINDOWS\System32\eRLog.ini -->27/12/2007 5:07:08 PM C:\WINDOWS\System32\nvapps.xml -->27/12/2007 5:06:20 PM C:\WINDOWS\System32\CONFIG.NT -->26/12/2007 4:49:58 PM C:\WINDOWS\System32\vturo.dll -->25/12/2007 9:39:26 AM C:\WINDOWS\System32\mnnmp.ini -->24/12/2007 8:07:20 AM C:\WINDOWS\System32\mnnmp.ini2 -->24/12/2007 8:07:06 AM C:\WINDOWS\System32\320d0a2f -->22/12/2007 5:06:08 PM C:\WINDOWS\System32\tmp.txt -->16/12/2007 4:47:38 PM C:\WINDOWS\System32\tmp.reg -->16/12/2007 4:47:38 PM C:\WINDOWS\System32\TZLog.log -->12/12/2007 4:28:50 PM C:\WINDOWS\System32\MRT.exe -->3/12/2007 9:00:06 AM C:\WINDOWS\System32\jscript.dll -->14/11/2007 5:26:56 PM C:\WINDOWS\System32\tzchange.exe -->13/11/2007 9:31:12 PM C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->13/11/2007 7:09:12 PM C:\WINDOWS\System32\mshtml.dll -->30/10/2007 8:16:34 PM C:\WINDOWS\System32\quartz.dll -->30/10/2007 8:43:04 AM C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 8:26:54 PM C:\WINDOWS\System32\wmasf.dll -->27/10/2007 5:40:30 PM C:\WINDOWS\System32\shell32.dll -->26/10/2007 1:36:52 PM C:\WINDOWS\System32\CmdLineExt.dll -->23/10/2007 5:02:52 PM C:\WINDOWS\System32\pngfilt.dll -->11/10/2007 4:13:46 PM C:\WINDOWS\System32\shdocvw.dll -->11/10/2007 4:13:46 PM C:\WINDOWS\setupapi.log -->27/12/2007 5:07:30 PM C:\WINDOWS\win.ini -->27/12/2007 5:07:20 PM C:\WINDOWS.log -->27/12/2007 5:07:02 PM C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->27/12/2007 5:07:00 PM C:\WINDOWS\wiadebug.log -->27/12/2007 5:06:56 PM C:\WINDOWS\bootstat.dat -->27/12/2007 5:05:34 PM C:\WINDOWS\SchedLgU.Txt -->27/12/2007 9:36:40 AM C:\WINDOWS\bthservsdp.dat -->27/12/2007 9:36:36 AM C:\WINDOWS\wiaservc.log -->27/12/2007 9:36:36 AM C:\WINDOWS\EventSystem.log -->27/12/2007 9:34:00 AM C:\WINDOWS\WindowsUpdate.log -->27/12/2007 8:50:50 AM C:\WINDOWS\system.ini -->26/12/2007 6:59:44 PM C:\WINDOWS\ntbtlog.txt -->26/12/2007 6:52:48 PM C:\WINDOWS\mozver.dat -->20/11/2007 8:48:32 AM C:\WINDOWS\nsreg.dat -->19/11/2007 5:47:44 PM winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ EXPLORER.EXE pid: 1900 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x10000000 0x9b000 C:\WINDOWS\system32\vturo.dll 0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x02170000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\MSNChatHook.dll 0x02200000 0xe000 1.20.0000.0001 C:\WINDOWS\system32\sysenv.dll 0x7c250000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL 0x022a0000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x01db0000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll 0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x00c20000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x027d0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 0x746c0000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll 0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74ea0000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ WINLOGON.EXE pid: 696 Command line: winlogon.exe Base Size Version Path 0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe 0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01280000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Volume in drive C is ACER Volume Serial Number is 320D-180E Directory of C:\WINDOWS\system 25/12/1998 08:15 AM 345,983 RCDsetup.exe 1 File(s) 345,983 bytes 0 Dir(s) 32,221,495,296 bytes free Volume in drive C is ACER Volume Serial Number is 320D-180E Directory of C:\WINDOWS\system32 04/08/2004 05:00 AM 6,144 csrss.exe 1 File(s) 6,144 bytes 0 Dir(s) 32,221,495,296 bytes free Contenu de Downloaded Program Files Volume in drive C is ACER Volume Serial Number is 320D-180E Directory of C:\WINDOWS\Downloaded Program Files 01/10/2006 03:09 AM <DIR> . 01/10/2006 03:09 AM <DIR> .. 22/08/2006 11:58 PM 65 desktop.ini 26/03/2007 04:46 PM 5,085 swflash.inf 22/09/2004 03:59 PM 110,592 PURen-us.dll 15/10/2004 07:59 AM 110,592 PURfr-xx.dll 16/06/2004 06:02 AM 323,584 isusweb.dll 25/07/2002 06:13 PM 196,608 dwusplay.exe 25/07/2002 06:13 PM 24,576 dwusplay.dll 18/09/2007 09:07 PM <DIR> CONFLICT.1 02/08/2006 11:20 AM 43,016 mhLbl.dll 20/06/2006 03:44 PM 379,704 MsnPUpld.dll 19/06/2006 02:40 PM 393 MsnPUpld.inf 09/01/2007 08:30 AM 110,592 PURfr-fr.dll 15/10/2007 10:02 AM 465,472 wlscBase.dll 15/10/2007 10:11 AM 320 wlscBase.inf 25/11/2007 11:43 PM 2,663,944 ImageUploader4.1.ocx 25/11/2007 11:43 PM 351 ImageUploader4.1.inf 31/05/2006 04:15 AM 10 oscan81.ocx_x 14/03/2005 02:38 PM 126 live.ini 14/03/2005 02:58 PM 7,073 scanoptions.tsi 16/03/2005 12:34 PM 7,407 lang.ini 25/05/2006 01:21 AM 53,248 ipsupd.dll 25/05/2006 01:21 AM 118,784 bdupd.dll 07/12/2004 05:07 PM 32 libfn.dll 07/12/2004 05:07 PM 32 bdcore.dll 01/06/2006 02:54 AM 471,040 oscan8.ocx 01/06/2006 02:57 AM 1,331 oscan8.inf 25 File(s) 5,093,977 bytes Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.1 18/09/2007 09:07 PM <DIR> . 18/09/2007 09:07 PM <DIR> .. 02/08/2007 11:31 AM 67,456 PURen-us.dll 02/08/2007 11:31 AM 360,320 MsnPUpld.dll 02/08/2007 03:47 PM 569 MSNPUpld.inf 06/08/2007 12:10 PM 68,992 PURfr-fr.dll 4 File(s) 497,337 bytes Total Files Listed: 29 File(s) 5,591,314 bytes 5 Dir(s) 32,221,495,296 bytes free Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\civcity rome\\CivCity Rome.exe"="D:\\civcity rome\\CivCity Rome.exe:*:Enabled:CivCity Rome" "D:\\Gamez\\civcity rome\\CivCity Rome.exe"="D:\\Gamez\\civcity rome\\CivCity Rome.exe:*:Enabled:CivCity Rome" "C:\\Documents and Settings\\USER\\My Documents\\VideoPak2.exe"="C:\\Documents and Settings\\USER\\My Documents\\VideoPak2.exe:*:Enabled:STOIK Video Converter" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "D:\\downloadlimewire\\LimeWire\\LimeWire.exe"="D:\\downloadlimewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "E:\\Half-Life 2\\hl2.exe"="E:\\Half-Life 2\\hl2.exe:*:Enabled:hl2" "D:\\Age of Empires\\empires2.exe"="D:\\Age of Empires\\empires2.exe:*:Enabled:Age of Empires II" "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-27 17:10:32 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... IPC error: 2 The system cannot find the file specified. scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 200 - NVSVC32.EXE 208 - SPOOLSV.EXE 276 - ADMSERV.EXE 312 - AVGUARD.EXE 344 - MSNMSGR.EXE 528 - AVGCC.EXE 540 - AVGNT.EXE 548 - MONITOR.EXE 556 - EPOWER_DMC.EXE 608 - EDSLOADER.EXE 668 - CSRSS.EXE 696 - WINLOGON.EXE 740 - SERVICES.EXE 752 - LSASS.EXE 884 - ADMTRAY.EXE 924 - SVCHOST.EXE 948 - SYNTPENH.EXE 1016 - SVCHOST.EXE 1068 - SVCHOST.EXE 1148 - EVTENG.EXE 1196 - S24EVMON.EXE 1240 - SVCHOST.EXE 1324 - RTHDCPL.EXE 1336 - SVCHOST.EXE 1424 - SVCHOST.EXE 1524 - RUNDLL32.EXE 1540 - SCHED.EXE 1584 - AVGAMSVR.EXE 1604 - AAWSERVICE.EXE 1676 - LMANAGER.EXE 1732 - ISSCH.EXE 1860 - READER_SL.EXE 1880 - AVGEMC.EXE 1900 - EXPLORER.EXE 2124 - SVCHOST.EXE 3056 - ALG.EXE 3092 - WMIPRVSE.EXE 3256 - RtkBtMnt.exe 3316 - cmd.exe 3492 - IEXPLORE.EXE 3508 - WUAUCLT.EXE 3588 - WMIPRVSE.EXE 4192 - livecall.exe Total number of processes = 44 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7A52000 - \WINDOWS\system32\KDCOM.DLL F7962000 - \WINDOWS\system32\BOOTVID.dll F7369000 - sptd.sys F7A54000 - \WINDOWS\System32\Drivers\WMILIB.SYS F7351000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F7323000 - ACPI.sys F7312000 - pci.sys F7552000 - ohci1394.sys F7562000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7572000 - isapnp.sys F7966000 - compbatt.sys F796A000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F7B1A000 - pciide.sys F77D2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7582000 - MountMgr.sys F72D5000 - ftdisk.sys F796E000 - ACPIEC.sys F7B1B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F77DA000 - PartMgr.sys F7972000 - UBHelper.sys F7592000 - VolSnap.sys F72BD000 - atapi.sys F75A2000 - disk.sys F75B2000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F729D000 - fltMgr.sys F728B000 - sr.sys F7268000 - Fastfat.sys F7251000 - KSecDD.sys F7224000 - NDIS.sys F7209000 - Mup.sys F75D2000 - \SystemRoot\system32\DRIVERS\intelppm.sys F7A2A000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F6D84000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F6D70000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6D4B000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F6BED000 - \SystemRoot\system32\DRIVERS\w39n51.sys F780A000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6BCA000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7812000 - \SystemRoot\system32\DRIVERS\usbehci.sys F75E2000 - \SystemRoot\system32\DRIVERS\EMS7SK.sys F6BB9000 - \SystemRoot\system32\DRIVERS\sdbus.sys F6BA6000 - \SystemRoot\system32\DRIVERS\ESM7SK.sys F75F2000 - \SystemRoot\system32\DRIVERS\ESD7SK.sys F7A3E000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F7602000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F781A000 - \SystemRoot\system32\DRIVERS\DKbFltr.sys F7822000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F6B76000 - \SystemRoot\system32\DRIVERS\SynTP.sys F7A56000 - \SystemRoot\system32\DRIVERS\USBD.SYS F782A000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7612000 - \SystemRoot\system32\DRIVERS\imapi.sys F7622000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7632000 - \SystemRoot\system32\DRIVERS\redbook.sys F6B53000 - \SystemRoot\system32\DRIVERS\ks.sys F7A58000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys F6AED000 - \SystemRoot\System32\Drivers\ajbj2kn0.SYS F717F000 - \SystemRoot\system32\DRIVERS\audstub.sys F7642000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F71C1000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6AD6000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7652000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7662000 - \SystemRoot\system32\DRIVERS\raspptp.sys F788A000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6AC5000 - \SystemRoot\system32\DRIVERS\psched.sys F7672000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7892000 - \SystemRoot\system32\DRIVERS\ptilink.sys F789A000 - \SystemRoot\system32\DRIVERS\raspti.sys F7682000 - \SystemRoot\system32\DRIVERS\termdd.sys F7A5E000 - \SystemRoot\system32\DRIVERS\swenum.sys F6A6C000 - \SystemRoot\system32\DRIVERS\update.sys F71A4000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F7692000 - \SystemRoot\System32\Drivers\NDProxy.SYS F4562000 - \SystemRoot\system32\drivers\RtkHDAud.sys F4540000 - \SystemRoot\system32\drivers\portcls.sys F76A2000 - \SystemRoot\system32\drivers\drmk.sys F450A000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys F4416000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys F4365000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F78AA000 - \SystemRoot\System32\Drivers\Modem.SYS F76B2000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7A64000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F7A66000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C1D000 - \SystemRoot\System32\Drivers\Null.SYS F7A68000 - \SystemRoot\System32\Drivers\Beep.SYS F7186000 - \SystemRoot\System32\Drivers\avgclean.sys F78CA000 - \SystemRoot\System32\drivers\vga.sys F7A6A000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7A6C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F78D2000 - \SystemRoot\System32\Drivers\Msfs.SYS F78DA000 - \SystemRoot\System32\Drivers\Npfs.SYS F7112000 - \SystemRoot\system32\DRIVERS\rasacd.sys F430A000 - \SystemRoot\system32\DRIVERS\ipsec.sys F42B2000 - \SystemRoot\system32\DRIVERS\tcpip.sys F428A000 - \SystemRoot\system32\DRIVERS\netbt.sys F4269000 - \SystemRoot\system32\DRIVERS\ipnat.sys F76C2000 - \SystemRoot\system32\DRIVERS\wanarp.sys F4247000 - \SystemRoot\System32\drivers\afd.sys F76D2000 - \SystemRoot\system32\DRIVERS\netbios.sys F78E2000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F421C000 - \SystemRoot\system32\DRIVERS\rdbss.sys F7A4E000 - \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys F41AD000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F76E2000 - \SystemRoot\System32\Drivers\Fips.SYS F76F2000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7A6E000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F40E4000 - \SystemRoot\System32\Drivers\avg7core.sys F71E5000 - \SystemRoot\system32\DRIVERS\hidusb.sys F7702000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F78EA000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F71E1000 - \SystemRoot\system32\DRIVERS\mouhid.sys F7A70000 - \SystemRoot\System32\Drivers\avg7rsw.sys F78F2000 - \SystemRoot\System32\Drivers\avg7rsxp.sys F7712000 - \SystemRoot\System32\Drivers\Cdfs.SYS F78FA000 - \SystemRoot\System32\Drivers\ASPI32.SYS F40A4000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7A72000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F6A5C000 - \SystemRoot\System32\drivers\Dxapi.sys F7902000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C04000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll F7912000 - \SystemRoot\system32\DRIVERS\AegisP.sys BA59C000 - \SystemRoot\system32\DRIVERS\s24trans.sys BA578000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BA0EB000 - \SystemRoot\system32\drivers\wdmaud.sys BA270000 - \SystemRoot\system32\drivers\sysaudio.sys BA0BE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys B9DDB000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B9D48000 - \SystemRoot\system32\DRIVERS\atksgt.sys F7A8C000 - \SystemRoot\System32\Drivers\avgtdi.sys F7C5D000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys B999C000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys B9974000 - \SystemRoot\system32\DRIVERS\ithsgt.sys B9922000 - \SystemRoot\system32\DRIVERS\srv.sys B9A84000 - \SystemRoot\system32\DRIVERS\lilsgt.sys F7932000 - \SystemRoot\system32\DRIVERS\lirsgt.sys B9A80000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys F7A80000 - \??\C:\WINDOWS\system32\drivers\osaio.sys F7B6D000 - \??\C:\WINDOWS\system32\drivers\osanbm.sys B9A48000 - \SystemRoot\system32\DRIVERS\secdrv.sys F78B2000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys B97F2000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys B9466000 - \SystemRoot\System32\Drivers\HTTP.sys B942D000 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys F7A96000 - \SystemRoot\System32\Drivers\NdisFilt.sys B95EA000 * --[Hidden]-- B6711000 - \SystemRoot\system32\drivers\kmixer.sys F7179000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 151 Liste des programmes installes Acer eDataSecurity Management Acer eDataSecurity Management 1.00.26 Acer eLock Management Acer eLock Management Acer Empowering Technology framework Acer Empowering Technology framework Acer eNet Management Acer ePerformance Management Acer ePerformance Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer eSettings Management Acer GridVista Acer Screensaver Ad-Aware 2007 Adobe Flash Player 9 ActiveX Adobe Photoshop 7.0 Adobe Reader 8.1.1 AVG 7.5 Avira AntiVir PersonalEdition Classic Barre d'outils Outlook de Windows Live (Windows Live Toolbar) BitLord 1.1 Bloqueur de fenêtres pop-up (Windows Live Toolbar) CCleaner (remove only) DreamStation DXi Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) Extension de Windows Live Toolbar (Windows Live Toolbar) Fahrenheit HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 Intel® PROSet/Wireless Software Java 6 Update 2 Java 6 Update 3 L&H TTS3000 Français Launch Manager Lernout & Hauspie TruVoice American English TTS Engine Les Chevaliers de Baphomet - Les Gardiens du Temple de Salomon LightScribe 1.4.97.1 mCore Menus intelligents (Windows Live Toolbar) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft Visual C++ 2005 Redistributable mMHouse MotionDV STUDIO 5.3E LE for DV Mozilla Firefox (2.0.0.9) mPfMgr mProSafe MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Music Visualizer Library 1.4.00 mWlsSafe mXML Navigation par onglets (Windows Live Toolbar) Nero OEM NeroVision Express neroxml NetGammon8 NTI Backup NOW! 4.5 NTI CD & DVD-Maker NTI CD & DVD-Maker NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) OpenAL OpenMG Limited Patch 3.2-03-02-21-08 OpenMG Limited Patch 3.2-03-04-14-02 OpenMG Limited Patch 3.2-03-04-17-02 OpenMG Secure Module 3.2 PowerDVD Qloud Plug-in for WM Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows XP (KB923789) Skype™ 3.5 SonicStage Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 Symantec KB-DocID:2003093015493306 Synaptics Pointing Device Driver VeloMaster Lite CW Video Stream Driver for Panasonic DVC Video Stream Driver for Panasonic DVC Virtual DJ - Atomix Productions Virtual DJ Home Edition - Atomix Productions Virtual Sound Canvas DXi VoipBuster WebFldrs XP WinAce Archiver Winamp (remove only) Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5) Windows Genuine Advantage Notifications (KB905474) Windows Live Messenger Windows Live OneCare safety scanner Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 WinZip Zeb-Utility 1.2 Volume in drive C is ACER Volume Serial Number is 320D-180E Directory of C:\Program Files 01/10/2006 03:09 AM <DIR> . 01/10/2006 03:09 AM <DIR> .. 23/08/2006 12:13 AM <DIR> Acer Inc 23/08/2006 12:14 AM <DIR> Adobe 03/07/2007 08:50 PM <DIR> Ahead 13/05/2007 07:03 PM <DIR> Astonsoft 25/12/2007 09:44 AM <DIR> Avira 28/08/2007 05:56 PM <DIR> BitLord 19/04/2007 02:46 PM <DIR> CCleaner 22/08/2006 11:49 PM <DIR> Common Files 22/08/2006 11:56 PM <DIR> ComPlus Applications 23/08/2006 12:10 AM <DIR> CONEXANT 23/08/2006 12:15 AM <DIR> CyberLink 02/07/2007 09:24 PM <DIR> DAEMON Tools 08/08/2007 12:58 PM <DIR> DIFX 07/05/2007 05:22 PM <DIR> directx 03/11/2007 07:40 PM <DIR> Goto.Games 12/07/2007 03:19 PM <DIR> Grisoft 24/09/2007 07:33 PM <DIR> GSM 16/12/2007 04:51 PM <DIR> Helper 22/08/2006 03:50 AM <DIR> i386 19/04/2007 05:25 PM <DIR> Image-Line 23/08/2006 12:04 AM <DIR> Intel 22/08/2006 11:57 PM <DIR> Internet Explorer 13/05/2007 05:56 PM <DIR> iSofter 11/08/2007 06:38 PM <DIR> Java 11/10/2006 12:15 PM <DIR> Launch Manager 19/11/2007 05:25 PM <DIR> Lavasoft 22/08/2006 11:55 PM <DIR> Messenger 22/08/2006 11:59 PM <DIR> microsoft frontpage 15/09/2007 08:17 AM <DIR> Microsoft SQL Server 22/08/2006 11:57 PM <DIR> Movie Maker 19/11/2007 05:47 PM <DIR> Mozilla Firefox 22/08/2006 11:55 PM <DIR> MSN 22/08/2006 11:55 PM <DIR> MSN Gaming Zone 12/07/2007 03:40 PM <DIR> MSN Messenger 22/08/2007 09:17 AM <DIR> MSXML 4.0 21/05/2007 05:30 PM <DIR> MusicLab 22/08/2006 11:57 PM <DIR> NetMeeting 23/08/2006 12:18 AM <DIR> NewTech Infosystems 19/11/2007 03:32 PM <DIR> NoAdware5.0 23/08/2006 12:53 AM <DIR> Norton AntiVirus 22/08/2006 11:56 PM <DIR> Online Services 14/09/2007 11:34 AM <DIR> OpenAL 22/08/2006 11:57 PM <DIR> Outlook Express 24/04/2007 05:06 PM <DIR> Panasonic 23/08/2006 12:09 AM <DIR> Realtek 13/09/2007 02:25 PM <DIR> Skype 19/04/2007 02:55 PM <DIR> Spybot - Search & Destroy 21/04/2007 06:23 PM <DIR> SpywareBlaster 23/08/2006 12:12 AM <DIR> Synaptics 02/07/2007 07:05 PM <DIR> Ubisoft 28/08/2007 05:28 PM <DIR> VirtualDJ 01/11/2007 07:09 PM <DIR> VoipBuster.com 17/09/2007 06:33 PM <DIR> WinAce 11/05/2007 03:50 PM <DIR> Winamp 17/11/2007 09:42 PM <DIR> Windows Live Safety Center 19/04/2007 01:30 PM <DIR> Windows Media Connect 2 22/08/2006 11:56 PM <DIR> Windows Media Player 22/08/2006 11:55 PM <DIR> Windows NT 11/10/2006 12:16 PM <DIR> WinPCap 20/07/2007 09:17 PM <DIR> WinZip 22/08/2006 11:59 PM <DIR> xerox 26/12/2007 08:04 PM <DIR> Zeb-Utility 0 File(s) 0 bytes 64 Dir(s) 32,220,119,040 bytes free Volume in drive C is ACER Volume Serial Number is 320D-180E Directory of C:\Program Files\common files 01/10/2006 03:09 AM <DIR> . 01/10/2006 03:09 AM <DIR> .. 22/08/2006 11:49 PM <DIR> Microsoft Shared 22/08/2006 11:49 PM <DIR> SpeechEngines 22/08/2006 11:49 PM <DIR> ODBC 22/08/2006 11:57 PM <DIR> System 22/08/2006 11:57 PM <DIR> MSSoap 22/08/2006 11:57 PM <DIR> Services 23/08/2006 12:09 AM <DIR> InstallShield 23/08/2006 12:14 AM <DIR> Adobe 23/08/2006 12:18 AM <DIR> NewTech Infosystems 23/08/2006 12:19 AM <DIR> muvee Technologies 23/08/2006 12:19 AM <DIR> LightScribe 23/08/2006 12:52 AM <DIR> Symantec Shared 24/04/2007 05:06 PM <DIR> Panasonic 07/05/2007 05:21 PM <DIR> Sony Shared 03/07/2007 08:51 PM <DIR> Ahead 11/08/2007 06:36 PM <DIR> Java 13/09/2007 02:25 PM <DIR> Skype 23/10/2007 05:05 PM <DIR> DirectX 19/11/2007 05:25 PM <DIR> Wise Installation Wizard 0 File(s) 0 bytes 21 Dir(s) 32,220,119,040 bytes free c:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\user\Local Settings\Temp\IXP000.TMP\redist.exe c:\Documents and Settings\user\Local Settings\Temp\DirectX9\dxsetup.exe c:\Documents and Settings\user\Local Settings\Temp\ICD1.tmp\setup.exe c:\Documents and Settings\user\Local Settings\Temp\IXP001.TMP\MSNOIEF.exe c:\Documents and Settings\user\My Documents\internet download\3nityVideoConvert.exe c:\Documents and Settings\user\My Documents\internet download\ccsetup139.exe c:\Documents and Settings\user\My Documents\internet download\cdex_170b2_enu.exe c:\Documents and Settings\user\My Documents\internet download\DivXInstaller.exe c:\Documents and Settings\user\My Documents\internet download\DVDFabDecrypter3096.exe c:\Documents and Settings\user\My Documents\internet download\DVDTOAVI.exe c:\Documents and Settings\user\My Documents\internet download\flstudio7_RC6b.exe c:\Documents and Settings\user\My Documents\internet download\FreeDVD.exe c:\Documents and Settings\user\My Documents\internet download\idvdrip_38242.exe c:\Documents and Settings\user\My Documents\internet download\JAD7_BASIC.exe c:\Documents and Settings\user\My Documents\internet download\music_morpher_gold_cnt.exe c:\Documents and Settings\user\My Documents\internet download\RC2004Setup129Light.exe c:\Documents and Settings\user\My Documents\internet download\Setupex_QuartzStudioFreeF.exe c:\Documents and Settings\user\My Documents\internet download\SonicStageInstaller.exe c:\Documents and Settings\user\My Documents\internet download\SprBd081.exe c:\Documents and Settings\user\My Documents\internet download\winamp534_full_emusic-7plus.exe c:\Documents and Settings\user\My Documents\internet download\wpsetup.exe c:\Documents and Settings\user\My Documents\My Received Files\BitTorrent-6.0-Beta.exe c:\Documents and Settings\user\My Documents\My Received Files\emule048a.exe c:\Documents and Settings\user\My Documents\My Received Files\wace265i.exe c:\Documents and Settings\user\My Documents\VirtualDJ\crashguard3.exe c:\Documents and Settings\user\My Documents\VirtualDJ\ripdvd.exe c:\Documents and Settings\user\My Documents\VirtualDJ\ripvinyl.exe c:\Documents and Settings\user\My Documents\VirtualDJ\UNWISE.EXE c:\Documents and Settings\user\My Documents\VirtualDJ\virtualdj.exe c:\Documents and Settings\user\Desktop\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\user\Desktop\ATF-Cleaner.exe c:\Documents and Settings\user\Desktop\avg75free_476a1048.exe c:\Documents and Settings\user\Desktop\Setup_Zeb-Utility.exe c:\Documents and Settings\user\Desktop\setupfre.exe c:\Documents and Settings\user\Desktop\VundoFix.exe c:\Documents and Settings\user\Desktop\WMQloudSetup.exe c:\Documents and Settings\user\Desktop\web files\winamp535_full_emusic-7plus.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\dumphive.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\exit.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\HostsChk.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\Process.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\Reboot.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\restart.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\swreg.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\swsc.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\swxcacls.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\unzip.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\user\Desktop\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\user\Desktop\DiagHelp\catchme.exe c:\Documents and Settings\user\Desktop\DiagHelp\diff.exe c:\Documents and Settings\user\Desktop\DiagHelp\dumphive.exe c:\Documents and Settings\user\Desktop\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\user\Desktop\DiagHelp\find2.exe c:\Documents and Settings\user\Desktop\DiagHelp\Fport.exe c:\Documents and Settings\user\Desktop\DiagHelp\grep.exe c:\Documents and Settings\user\Desktop\DiagHelp\gzip.exe c:\Documents and Settings\user\Desktop\DiagHelp\KProcCheck.exe c:\Documents and Settings\user\Desktop\DiagHelp\LFiles.exe c:\Documents and Settings\user\Desktop\DiagHelp\LISTDLLS.exe c:\Documents and Settings\user\Desktop\DiagHelp\md5sums.exe c:\Documents and Settings\user\Desktop\DiagHelp\pslist.exe c:\Documents and Settings\user\Desktop\DiagHelp\sigcheck.exe c:\Documents and Settings\user\Desktop\DiagHelp\streams.exe c:\Documents and Settings\user\Desktop\DiagHelp\swreg.exe c:\Documents and Settings\user\Desktop\DiagHelp\tar.exe c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\update virtualdj v3.0.exe c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\crack v3.0\virtualdj.exe c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\Virtual.DJ.v2.1 + crack\Virtualdj v2.1.exe c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\Virtual.DJ.v2.1 + crack\crack\virtualdj.exe c:\Documents and Settings\user\Application Data\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe c:\Documents and Settings\user\Application Data\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe c:\Documents and Settings\user\Application Data\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe c:\Documents and Settings\user\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe c:\Documents and Settings\user\.housecall6.6\getMac.exe c:\Documents and Settings\user\.housecall6.6\patch.exe c:\Documents and Settings\user\.housecall6.6\tsc.exe c:\Documents and Settings\Bart\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\Guest\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\Administrator\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\user\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\Objectps.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ACER-537DA73FD4.tar.gz a l'adresse http://upload.malekal.com

HEllo la communaut, je suis a cairns en australie et g acheter un laptop acer, je vis actuellement en colloc ettout le monde utilise mon pc a toutes heures de la journee et de la nuit, recemment antivir me sort ce TRvundo gen rien a faire il veut pas se mettre en 40aine ou effacer quoi que ce soit, voici le log hijack this en esperant que vous pourrez m aider. cheerz! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:30:36 PM, on 26/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Acer\Empowering Technology\admtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinAce\WinAce.exe C:\DOCUME~1\user\LOCALS~1\Temp\~AceTemp\HiJackThis\HijackThis.exe O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7257e19835c84f339476edd6bca5e60e O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7257e19835c84f339476edd6bca5e60e O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://bartcoreinternational.spaces.live.c...ad/MsnPUpld.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9190 bytes et joyeuses fetes!