Aller au contenu

POURKOI!!!!

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    25

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français, anglais

POURKOI!!!!'s Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. POURKOI!!!!
    Bonjour, Alors désolé pour le retard, J'ai effectué les différentes manip mas je n'ai trouvé aucun fichier (Adober.exe....) Voici le rapport Clean: Rapport clean par Malekal_morte - http://www.malekal.com Script executed in Safe Mode 12/03/2008 a 10:46:08,45 Microsoft Windows XP [Version 5.1.2600] *** Suppression C: tentative de suppression de C:\autorun.inf Impossible de supprimer C:\autorun.inf *** Suppression C:\WINDOWS\ *** Suppression C:\WINDOWS\system32 *** Suppression C:\Program Files *** Deletion of the registry keys successful.. *** End of the report !
  2. POURKOI!!!!
    Ok alors je n'ai pas pu suivre le tutorial car il est impossible d'afficher la page pour l'instant mais j'ai quand même effectué le scan. Voici le rapport et merci: DiagHelp version v1.4 - http://www.malekal.com excute le 10/03/2008 à 13:07:56,90 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10/03/2008 13:07:31 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10/03/2008 13:07:28 C:\WINDOWS\prefetch\EXCEL.EXE-34CB65E9.pf -->10/03/2008 12:55:08 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->10/03/2008 12:54:27 C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->10/03/2008 12:29:56 C:\WINDOWS\prefetch\layout.ini -->10/03/2008 12:29:15 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->10/03/2008 12:11:10 C:\WINDOWS\prefetch\WINWORD.EXE-07381162.pf -->10/03/2008 12:07:39 C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->10/03/2008 12:07:28 C:\WINDOWS\prefetch\RUNDLL32.EXE-268BFF96.pf -->10/03/2008 11:53:22 C:\WINDOWS\System32\drivers\avipbb.sys -->10/03/2008 08:28:03 C:\WINDOWS\System32\drivers\mrxdav.sys -->18/12/2007 11:51:35 C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 12:25:53 C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 19:20:55 C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11 C:\WINDOWS\System32\drivers\ws2ifsl.sys -->27/07/2007 14:00:00 C:\WINDOWS\System32\drivers\wmilib.sys -->27/07/2007 14:00:00 C:\WINDOWS\System32\PerfStringBackup.INI -->10/03/2008 09:03:54 C:\WINDOWS\System32\perfh009.dat -->10/03/2008 09:03:54 C:\WINDOWS\System32\perfc009.dat -->10/03/2008 09:03:54 C:\WINDOWS\System32\wpa.dbl -->06/03/2008 17:33:01 C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->02/03/2008 14:38:09 C:\WINDOWS\System32\FNTCACHE.DAT -->22/02/2008 09:04:29 C:\WINDOWS\System32\TZLog.log -->21/02/2008 14:19:22 C:\WINDOWS\System32\nscompat.tlb -->13/02/2008 16:58:49 C:\WINDOWS\System32\amcompat.tlb -->13/02/2008 16:58:49 C:\WINDOWS\System32\wpa.bak -->13/02/2008 16:37:09 C:\WINDOWS\System32\h323log.txt -->13/02/2008 16:23:39 C:\WINDOWS\System32\pid.PNF -->13/02/2008 16:22:00 C:\WINDOWS\System32\$winnt$.inf -->13/02/2008 14:33:20 C:\WINDOWS\System32\CONFIG.NT -->13/02/2008 14:30:24 C:\WINDOWS\System32\WindowsLogon.manifest -->13/02/2008 14:29:09 C:\WINDOWS\System32\logonui.exe.manifest -->13/02/2008 14:29:09 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->13/02/2008 14:29:04 C:\WINDOWS\System32\sapi.cpl.manifest -->13/02/2008 14:29:04 C:\WINDOWS\System32\nwc.cpl.manifest -->13/02/2008 14:29:04 C:\WINDOWS\System32\ncpa.cpl.manifest -->13/02/2008 14:29:04 C:\WINDOWS\System32\cdplayer.exe.manifest -->13/02/2008 14:29:04 C:\WINDOWS\System32\emptyregdb.dat -->13/02/2008 14:26:51 C:\WINDOWS\System32\MRT.exe -->04/02/2008 15:09:48 C:\WINDOWS\System32\QuickTimeVR.qtx -->31/01/2008 23:13:18 C:\WINDOWS\System32\QuickTime.qts -->31/01/2008 23:13:18 C:\WINDOWS\WindowsUpdate.log -->10/03/2008 12:11:01 C:\WINDOWS\0.log -->10/03/2008 08:59:31 C:\WINDOWS\QTFont.qfn -->10/03/2008 08:59:15 C:\WINDOWS\bootstat.dat -->10/03/2008 08:59:06 C:\WINDOWS\SchedLgU.Txt -->10/03/2008 08:58:01 C:\WINDOWS\system.ini -->09/03/2008 20:18:09 C:\WINDOWS\wiaservc.log -->09/03/2008 20:15:55 C:\WINDOWS\wiadebug.log -->09/03/2008 20:15:55 C:\WINDOWS\win.ini -->08/03/2008 13:41:13 C:\WINDOWS\setupact.log -->08/03/2008 12:13:55 C:\WINDOWS\setupapi.log -->07/03/2008 15:20:36 C:\WINDOWS\wmsetup.log -->06/03/2008 19:23:42 C:\WINDOWS\mozver.dat -->02/03/2008 14:39:02 C:\WINDOWS\mariner.ini -->29/02/2008 09:23:34 C:\WINDOWS\mariner.his -->29/02/2008 09:23:34 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 232 Command line: C:\WINDOWS\explorer.exe Base Size Version Path 0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x10000000 0x21000 7.06.0000.0029 C:\Program Files\iTunes\iTunesMiniPlayer.dll 0x01130000 0xe000 7.06.0000.0021 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll 0x01160000 0x23000 7.06.0000.0029 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll 0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x68200000 0x12f000 0.03.0000.0001 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014U.DLL 0x68550000 0x14000 0.03.0000.0000 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014L.DLL 0x68330000 0x38000 0.02.0000.0000 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014C.DLL 0x02270000 0x4c000 8.00.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x014f0000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll 0x02150000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 824 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0xa4000 4.10.0047.0000 C:\WINDOWS\System32\BCMLogon.dll 0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\System32\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\System32\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\System32\MSVCP71.dll 0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Volume in drive C is Logiciels Volume Serial Number is 90B2-2BD1 Directory of C:\WINDOWS\system32 27/07/2007 14:00 6 144 csrss.exe 1 File(s) 6 144 bytes 0 Dir(s) 1 587 081 216 bytes free Contenu de Downloaded Program Files Volume in drive C is Logiciels Volume Serial Number is 90B2-2BD1 Directory of C:\WINDOWS\Downloaded Program Files 01/03/2008 11:12 <DIR> . 01/03/2008 11:12 <DIR> .. 13/02/2008 14:29 65 desktop.ini 20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe 20/11/2007 15:50 247 swflash.inf 3 File(s) 1 523 848 bytes Total Files Listed: 3 File(s) 1 523 848 bytes 2 Dir(s) 1 587 081 216 bytes free Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE:*:Enabled:SMLMProxy Module - HP2014MC.EXE" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-10 13:08:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... IPC error: 2 The system cannot find the file specified. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 232 - explorer.exe 436 - iTunesHelper.ex 476 - SynTPEnh.exe 492 - WLTRAY.EXE 576 - avgnt.exe 596 - ctfmon.exe 800 - csrss.exe 824 - winlogon.exe 868 - services.exe 880 - lsass.exe 1032 - svchost.exe 1108 - svchost.exe 1144 - svchost.exe 1196 - svchost.exe 1284 - svchost.exe 1356 - HP2014MC.EXE 1588 - BCMWLTRY.EXE 1644 - spoolsv.exe 1696 - avguard.exe 1748 - firefox.exe 1808 - iPodService.exe 1876 - sched.exe 1888 - AppleMobileDevi 3084 - cmd.exe 3112 - OUTLOOK.EXE Total number of processes = 26 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F8972000 - \WINDOWS\system32\KDCOM.DLL F8882000 - \WINDOWS\system32\BOOTVID.dll F8343000 - ACPI.sys F8974000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F8332000 - pci.sys F8472000 - isapnp.sys F8886000 - compbatt.sys F888A000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F8A3A000 - pciide.sys F86F2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8314000 - pcmcia.sys F8482000 - MountMgr.sys F82F5000 - ftdisk.sys F8976000 - dmload.sys F82CF000 - dmio.sys F888E000 - ACPIEC.sys F8A3B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F86FA000 - PartMgr.sys F8492000 - VolSnap.sys F82B7000 - atapi.sys F84A2000 - disk.sys F84B2000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F8297000 - fltMgr.sys F8285000 - sr.sys F826E000 - KSecDD.sys F81E1000 - Ntfs.sys F81B4000 - NDIS.sys F8199000 - Mup.sys F8552000 - \SystemRoot\system32\DRIVERS\intelppm.sys F8034000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys F8020000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7FFB000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7F52000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys F8752000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F7F2F000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F875A000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7F07000 - \SystemRoot\system32\DRIVERS\e100b325.sys F8562000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F8762000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7ED7000 - \SystemRoot\system32\DRIVERS\SynTP.sys F8982000 - \SystemRoot\system32\DRIVERS\USBD.SYS F876A000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8572000 - \SystemRoot\system32\DRIVERS\imapi.sys F8582000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8592000 - \SystemRoot\system32\DRIVERS\redbook.sys F7EB4000 - \SystemRoot\system32\DRIVERS\ks.sys F8772000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F8926000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F892A000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F8B5F000 - \SystemRoot\system32\DRIVERS\audstub.sys F85A2000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F892E000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F7E9D000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F85B2000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F85C2000 - \SystemRoot\system32\DRIVERS\raspptp.sys F877A000 - \SystemRoot\system32\DRIVERS\TDI.SYS F7E8C000 - \SystemRoot\system32\DRIVERS\psched.sys F85D2000 - \SystemRoot\system32\DRIVERS\msgpc.sys F8782000 - \SystemRoot\system32\DRIVERS\ptilink.sys F878A000 - \SystemRoot\system32\DRIVERS\raspti.sys F7E33000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F85E2000 - \SystemRoot\system32\DRIVERS\termdd.sys F8984000 - \SystemRoot\system32\DRIVERS\swenum.sys F7DDA000 - \SystemRoot\system32\DRIVERS\update.sys F894A000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F85F2000 - \SystemRoot\System32\Drivers\NDProxy.SYS AAF1D000 - \SystemRoot\system32\drivers\CHDAud.sys AAEFB000 - \SystemRoot\system32\drivers\portcls.sys F8612000 - \SystemRoot\system32\drivers\drmk.sys AAE27000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys AAD35000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys AAC82000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F879A000 - \SystemRoot\System32\Drivers\Modem.SYS F8662000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8988000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8B98000 - \SystemRoot\System32\Drivers\Null.SYS F898A000 - \SystemRoot\System32\Drivers\Beep.SYS F87CA000 - \SystemRoot\System32\drivers\vga.sys F898C000 - \SystemRoot\System32\Drivers\mnmdd.SYS F898E000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F87D2000 - \SystemRoot\System32\Drivers\Msfs.SYS F87DA000 - \SystemRoot\System32\Drivers\Npfs.SYS F815D000 - \SystemRoot\system32\DRIVERS\rasacd.sys AAC4F000 - \SystemRoot\system32\DRIVERS\ipsec.sys AABF7000 - \SystemRoot\system32\DRIVERS\tcpip.sys AABCF000 - \SystemRoot\system32\DRIVERS\netbt.sys AABAD000 - \SystemRoot\System32\drivers\afd.sys F8672000 - \SystemRoot\system32\DRIVERS\netbios.sys F87E2000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys AAB82000 - \SystemRoot\system32\DRIVERS\rdbss.sys AAAEB000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8682000 - \SystemRoot\System32\Drivers\Fips.SYS AAACA000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8692000 - \SystemRoot\system32\DRIVERS\wanarp.sys F86A2000 - \SystemRoot\system32\DRIVERS\avipbb.sys F8990000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F86C2000 - \SystemRoot\System32\Drivers\Cdfs.SYS AAAB2000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8992000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7E6C000 - \SystemRoot\System32\drivers\Dxapi.sys F87F2000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8AC5000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E4000 - \SystemRoot\System32\ialmdnt5.dll BF9D5000 - \SystemRoot\System32\ialmrnt5.dll BFA06000 - \SystemRoot\System32\ialmdev5.DLL BFA41000 - \SystemRoot\System32\ialmdd5.DLL AA906000 - \SystemRoot\system32\DRIVERS\ndisuio.sys AA665000 - \SystemRoot\system32\drivers\wdmaud.sys AA7C2000 - \SystemRoot\system32\drivers\sysaudio.sys AA50C000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys AA3C8000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BFFA0000 - \SystemRoot\System32\ATMFD.DLL AA1D8000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys A9EEE000 - \SystemRoot\system32\DRIVERS\srv.sys A9C94000 - \SystemRoot\System32\Drivers\HTTP.sys A99B5000 - \SystemRoot\System32\Drivers\Fastfat.SYS F8832000 - \SystemRoot\system32\DRIVERS\usbprint.sys A98EA000 - \SystemRoot\system32\drivers\kmixer.sys F8B87000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 123 Liste des programmes installes Adobe Flash Player ActiveX Adobe Reader 8.1.2 - Français Apple Mobile Device Support Apple Software Update Avira AntiVir PersonalEdition Classic Barre d'outils MSN Broadcom 802.11 Network Adapter Conexant HD Audio HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB926239) HP Deskjet 460 Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers iTunes Java 6 Update 3 Lecteur Windows Media 11 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (2.0.0.12) NetWaiting QuickTime Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) Synaptics Pointing Device Driver Update for Outlook 2007 Junk Email Filter (kb944965) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911164) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) VideoLAN VLC media player 0.8.6d WebFldrs XP WinAce Archiver 2.0 Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Volume in drive C is Logiciels Volume Serial Number is 90B2-2BD1 Directory of C:\Program Files 09/03/2008 18:44 <DIR> . 09/03/2008 18:44 <DIR> .. 22/02/2008 11:31 <DIR> Adobe 13/02/2008 17:14 <DIR> Apple Software Update 08/03/2008 12:16 <DIR> Avira 16/02/2008 10:02 <DIR> Broadcom 02/03/2008 14:30 <DIR> Common Files 13/02/2008 14:26 <DIR> ComPlus Applications 19/02/2008 18:53 <DIR> CONEXANT 13/02/2008 17:19 <DIR> Grisoft 29/02/2008 09:20 <DIR> Hewlett-Packard 08/03/2008 13:50 <DIR> Hijackthis 13/02/2008 16:25 <DIR> Intel 22/02/2008 08:32 <DIR> Internet Explorer 13/02/2008 23:36 <DIR> iPod 13/02/2008 23:36 <DIR> iTunes 02/03/2008 14:38 <DIR> Java 29/02/2008 17:49 <DIR> Marvell-HP 22/02/2008 08:44 <DIR> Messenger 13/02/2008 14:30 <DIR> microsoft frontpage 13/02/2008 17:05 <DIR> Microsoft Office 13/02/2008 17:05 <DIR> Microsoft Visual Studio 13/02/2008 17:05 <DIR> Microsoft Works 13/02/2008 14:27 <DIR> Movie Maker 10/03/2008 12:54 <DIR> Mozilla Firefox 13/02/2008 17:05 <DIR> MSBuild 13/02/2008 14:25 <DIR> MSN 21/02/2008 20:47 <DIR> MSN Apps 13/02/2008 14:26 <DIR> MSN Gaming Zone 20/02/2008 19:43 <DIR> MSN Messenger 13/02/2008 14:28 <DIR> NetMeeting 19/02/2008 18:53 <DIR> NetWaiting 13/02/2008 14:28 <DIR> Online Services 22/02/2008 08:40 <DIR> Outlook Express 13/02/2008 23:35 <DIR> QuickTime 14/02/2008 07:57 <DIR> Synaptics 13/02/2008 17:12 <DIR> VideoLAN 14/02/2008 15:22 <DIR> WinAce 13/02/2008 16:58 <DIR> Windows Media Connect 2 22/02/2008 08:41 <DIR> Windows Media Player 13/02/2008 14:26 <DIR> Windows NT 13/02/2008 14:30 <DIR> xerox 0 File(s) 0 bytes 42 Dir(s) 1 578 237 952 bytes free Volume in drive C is Logiciels Volume Serial Number is 90B2-2BD1 Directory of C:\Program Files\common files 02/03/2008 14:30 <DIR> . 02/03/2008 14:30 <DIR> .. 22/02/2008 11:32 <DIR> Adobe 13/02/2008 17:13 <DIR> Apple 13/02/2008 17:05 <DIR> DESIGNER 13/02/2008 16:17 <DIR> InstallShield 02/03/2008 14:30 <DIR> Java 20/02/2008 19:43 <DIR> Microsoft Shared 13/02/2008 14:28 <DIR> MSSoap 13/02/2008 16:17 <DIR> ODBC 13/02/2008 14:28 <DIR> Services 13/02/2008 16:17 <DIR> SpeechEngines 22/02/2008 08:40 <DIR> System 0 File(s) 0 bytes 13 Dir(s) 1 578 237 952 bytes free Attention : C:\autorun.inf existe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe c:\Documents and Settings\Log nordkivu\Desktop\antivir_workstation_win7u_en_h(2).exe c:\Documents and Settings\Log nordkivu\Desktop\ATF-Cleaner.exe c:\Documents and Settings\Log nordkivu\Desktop\ComboFix.exe c:\Documents and Settings\Log nordkivu\Desktop\Flash_Disinfector(2).exe c:\Documents and Settings\Log nordkivu\Desktop\Flash_Disinfector.exe c:\Documents and Settings\Log nordkivu\Desktop\Question.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\catchme.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\diff.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\dumphive.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\find2.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\Fport.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\grep.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\gzip.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\KProcCheck.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\LFiles.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\md5sums.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\pslist.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\sigcheck.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\streams.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\swreg.exe c:\Documents and Settings\Log nordkivu\Desktop\DiagHelp\tar.exe c:\Documents and Settings\Log nordkivu\Local Settings\Temp\nircmd.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PU.tar.gz a l'adresse http://upload.malekal.com
  3. POURKOI!!!!
    Voilà le rapport: ComboFix 08-03-08.2 - Log nordkivu 2008-03-09 20:17:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.235 [GMT 2:00] Running from: C:\Documents and Settings\Log nordkivu\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Log nordkivu\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\a3g3.bat C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo1.dll D:\a3g3.bat E:\a3g3.bat G:\a3g3.bat . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-08 12:16 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\Avira 2008-03-08 12:16 . 2008-03-08 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-08 11:34 . 2008-03-08 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-02 14:45 . 2008-03-02 14:45 <DIR> d-------- C:\WINDOWS\Sun 2008-03-02 14:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-02 14:37 . 2008-03-02 14:38 <DIR> d-------- C:\Program Files\Java 2008-03-02 14:30 . 2008-03-02 14:30 <DIR> d-------- C:\Program Files\Common Files\Java 2008-02-29 09:21 . 2003-11-11 07:22 102,400 -ra------ C:\WINDOWS\scrub2k.exe 2008-02-29 09:21 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll.1 2008-02-29 09:21 . 2004-10-28 02:45 443 -ra------ C:\WINDOWS\hpw0460k.ini 2008-02-29 09:19 . 2008-02-29 09:19 1,835 --a------ C:\WINDOWS\hpbvnstp.his 2008-02-29 09:19 . 2008-02-29 09:23 1,252 --a------ C:\WINDOWS\mariner.his 2008-02-29 09:19 . 2008-02-29 09:19 574 --a------ C:\WINDOWS\hpbvnstp.ini 2008-02-29 09:19 . 2008-02-29 09:20 399 --a------ C:\WINDOWS\hpdj460.his 2008-02-29 09:19 . 2008-02-29 09:23 303 --a------ C:\WINDOWS\hpdj460.ini 2008-02-29 09:19 . 2008-02-29 09:23 176 --a------ C:\WINDOWS\mariner.ini 2008-02-29 09:18 . 2004-09-29 05:52 184,320 -ra------ C:\WINDOWS\system32\hpbvnstp.dll 2008-02-29 09:18 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll 2008-02-29 09:18 . 2004-08-13 19:47 346 -ra------ C:\WINDOWS\system32\hpbvnstp.dat 2008-02-29 08:54 . 2008-02-29 08:54 268 --ah----- C:\sqmdata03.sqm 2008-02-29 08:54 . 2008-02-29 08:54 244 --ah----- C:\sqmnoopt03.sqm 2008-02-28 07:56 . 2008-02-28 07:56 268 --ah----- C:\sqmdata02.sqm 2008-02-28 07:56 . 2008-02-28 07:56 244 --ah----- C:\sqmnoopt02.sqm 2008-02-28 00:05 . 2008-02-28 00:05 268 --ah----- C:\sqmdata01.sqm 2008-02-28 00:05 . 2008-02-28 00:05 244 --ah----- C:\sqmnoopt01.sqm 2008-02-27 19:23 . 2008-02-27 19:23 244 --ah----- C:\sqmnoopt00.sqm 2008-02-27 19:23 . 2008-02-27 19:23 232 --ah----- C:\sqmdata00.sqm 2008-02-25 21:23 . 2008-03-02 14:39 1,279 --a------ C:\WINDOWS\mozver.dat 2008-02-22 11:45 . 2008-02-29 17:49 <DIR> d-------- C:\Program Files\Marvell-HP 2008-02-22 11:44 . 2007-09-03 11:41 257,024 --a------ C:\WINDOWS\system32\HP2014LM.DLL 2008-02-22 11:44 . 2007-08-31 16:58 65,536 --a------ C:\WINDOWS\system32\HPPMLVS.DLL 2008-02-22 11:31 . 2008-02-22 11:32 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-20 19:46 . 2008-02-21 20:47 <DIR> d-------- C:\Program Files\MSN Apps 2008-02-20 19:46 . 2008-02-20 19:46 <DIR> d---s---- C:\Documents and Settings\Log nordkivu\UserData 2008-02-20 19:24 . 2008-02-20 19:43 <DIR> d-------- C:\Program Files\MSN Messenger 2008-02-20 19:18 . 2007-02-28 11:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-02-20 19:18 . 2007-02-28 11:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-02-20 19:18 . 2007-02-28 10:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-02-20 19:18 . 2007-02-28 10:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-02-19 19:20 . 2008-02-19 19:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-02-19 18:53 . 2008-02-19 18:53 <DIR> d-------- C:\Program Files\NetWaiting 2008-02-18 12:55 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-18 12:55 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-18 12:55 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-18 12:55 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-18 09:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-18 09:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-18 09:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-18 08:43 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-02-18 08:43 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-02-18 08:43 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-18 08:43 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-16 10:02 . 2008-02-16 10:02 <DIR> d-------- C:\Program Files\Broadcom 2008-02-16 10:02 . 2006-06-13 14:03 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll 2008-02-14 16:57 . 2008-02-14 16:57 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Application Data\InstallShield 2008-02-14 08:22 . 2006-06-13 13:57 139,264 --a------ C:\WINDOWS\system32\igfxres.dll 2008-02-14 07:57 . 2008-02-14 07:57 <DIR> d-------- C:\Program Files\Synaptics 2008-02-14 07:57 . 2006-06-17 01:40 193,120 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-02-14 07:57 . 2006-06-17 01:54 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-02-14 07:57 . 2006-06-17 01:54 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-02-14 07:57 . 2006-06-17 01:53 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-02-14 07:57 . 2006-06-17 02:30 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-02-14 07:57 . 2006-06-17 02:25 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-02-14 07:42 . 2008-02-14 07:42 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Application Data\vlc 2008-02-13 23:36 . 2008-02-13 23:36 <DIR> d-------- C:\Program Files\iTunes 2008-02-13 23:36 . 2008-02-13 23:36 <DIR> d-------- C:\Program Files\iPod 2008-02-13 23:36 . 2008-02-13 23:36 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-13 23:34 . 2008-02-13 23:35 <DIR> d-------- C:\Program Files\QuickTime 2008-02-13 20:19 . 2008-02-13 20:19 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Contacts 2008-02-13 17:15 . 2008-02-13 17:15 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Application Data\Apple Computer 2008-02-13 17:15 . 2008-03-09 20:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-13 17:14 . 2008-02-22 11:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-02-13 17:14 . 2008-02-13 17:14 <DIR> d-------- C:\Program Files\Apple Software Update 2008-02-13 17:14 . 2008-02-13 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-02-13 17:13 . 2008-02-13 17:13 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-02-13 17:13 . 2008-02-13 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-02-13 17:12 . 2008-02-13 17:12 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-13 17:10 . 2008-02-19 18:53 <DIR> d-------- C:\Program Files\CONEXANT 2008-02-13 17:07 . 2008-02-14 15:22 <DIR> d-------- C:\Program Files\WinAce 2008-02-13 17:05 . 2008-02-13 17:05 <DIR> d-------- C:\Program Files\MSBuild 2008-02-13 17:05 . 2008-02-13 17:05 <DIR> d-------- C:\Program Files\Microsoft Works 2008-02-13 17:02 . 2008-02-13 17:05 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-02-13 17:01 . 2008-02-13 17:01 <DIR> dr-h----- C:\MSOCache 2008-02-13 17:01 . 2008-02-22 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-13 13:49 . 2006-12-20 22:56 988,800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys 2008-02-13 13:49 . 2006-12-20 22:55 730,112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2008-02-13 13:49 . 2006-12-20 22:56 209,664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys 2008-02-13 13:49 . 2006-12-19 04:37 176,128 --a------ C:\WINDOWS\system32\UCI32M16.dll 2008-02-13 13:49 . 2006-12-21 02:04 144,201 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty 2008-02-13 13:49 . 2006-06-18 01:26 94,208 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2008-02-13 13:49 . 2006-06-18 01:26 12,672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 15:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 07:20 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-13 14:58 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-13 14:39 --------- d-----w C:\Documents and Settings\Log nordkivu\Application Data\Talkback 2008-02-13 14:25 --------- d-----w C:\Program Files\Intel 2008-02-13 14:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-13 12:30 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((( snapshot@2008-03-09_16.35.36,79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-09 09:40:18 41,238 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-09 18:10:24 41,238 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-09 09:40:18 315,076 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-09 18:10:24 315,076 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 13:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 13:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 13:57 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 02:22 794713] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-06-13 14:03 1236992] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "HPWRTOOLBOX"="C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-26 01:29 344064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10edccba-ddec-11dc-a76b-001a7390c68b}] \Shell\AutoRun\command - G:\a3g3.bat \Shell\explore\Command - G:\a3g3.bat \Shell\open\Command - G:\a3g3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59038064-da3f-11dc-a761-001b38381150}] \Shell\AutoRun\command - xo8wr9.exe \Shell\explore\Command - xo8wr9.exe \Shell\open\Command - xo8wr9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a8204a-dac5-11dc-a763-001a7390c68b}] \Shell\AutoRun\command - G:\a3g3.bat \Shell\explore\Command - G:\a3g3.bat \Shell\open\Command - G:\a3g3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7fc62c-dbe1-11dc-a765-001a7390c68b}] \Shell\AutoRun\command - oufddh.exe \Shell\explore\Command - oufddh.exe \Shell\open\Command - oufddh.exe . Contents of the 'Scheduled Tasks' folder "2008-03-04 09:13:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 20:18:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-09 20:18:40 ComboFix2.txt 2008-03-09 14:35:59 . 2008-02-25 05:59:09 --- E O F ---
  4. POURKOI!!!!
    Aucune trace de ces 2 fichiers, dans chaque partition, dans chaque fichier caché et dossier système..... Le lien ne fonctionne pas non plus, ilme ramène sur un site d'image.
  5. POURKOI!!!!
    Voilà le rapport Combo fix: ComboFix 08-03-08.2 - Log nordkivu 2008-03-09 16:34:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT 2:00] Running from: C:\Documents and Settings\Log nordkivu\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-08 12:16 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\Avira 2008-03-08 12:16 . 2008-03-08 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-08 11:34 . 2008-03-08 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-02 14:45 . 2008-03-02 14:45 <DIR> d-------- C:\WINDOWS\Sun 2008-03-02 14:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-02 14:37 . 2008-03-02 14:38 <DIR> d-------- C:\Program Files\Java 2008-03-02 14:30 . 2008-03-02 14:30 <DIR> d-------- C:\Program Files\Common Files\Java 2008-02-29 09:21 . 2003-11-11 07:22 102,400 -ra------ C:\WINDOWS\scrub2k.exe 2008-02-29 09:21 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll.1 2008-02-29 09:21 . 2004-10-28 02:45 443 -ra------ C:\WINDOWS\hpw0460k.ini 2008-02-29 09:19 . 2008-02-29 09:19 1,835 --a------ C:\WINDOWS\hpbvnstp.his 2008-02-29 09:19 . 2008-02-29 09:23 1,252 --a------ C:\WINDOWS\mariner.his 2008-02-29 09:19 . 2008-02-29 09:19 574 --a------ C:\WINDOWS\hpbvnstp.ini 2008-02-29 09:19 . 2008-02-29 09:20 399 --a------ C:\WINDOWS\hpdj460.his 2008-02-29 09:19 . 2008-02-29 09:23 303 --a------ C:\WINDOWS\hpdj460.ini 2008-02-29 09:19 . 2008-02-29 09:23 176 --a------ C:\WINDOWS\mariner.ini 2008-02-29 09:18 . 2004-09-29 05:52 184,320 -ra------ C:\WINDOWS\system32\hpbvnstp.dll 2008-02-29 09:18 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll 2008-02-29 09:18 . 2004-08-13 19:47 346 -ra------ C:\WINDOWS\system32\hpbvnstp.dat 2008-02-29 08:54 . 2008-02-29 08:54 268 --ah----- C:\sqmdata03.sqm 2008-02-29 08:54 . 2008-02-29 08:54 244 --ah----- C:\sqmnoopt03.sqm 2008-02-28 07:56 . 2008-02-28 07:56 268 --ah----- C:\sqmdata02.sqm 2008-02-28 07:56 . 2008-02-28 07:56 244 --ah----- C:\sqmnoopt02.sqm 2008-02-28 00:05 . 2008-02-28 00:05 268 --ah----- C:\sqmdata01.sqm 2008-02-28 00:05 . 2008-02-28 00:05 244 --ah----- C:\sqmnoopt01.sqm 2008-02-27 19:23 . 2008-02-27 19:23 244 --ah----- C:\sqmnoopt00.sqm 2008-02-27 19:23 . 2008-02-27 19:23 232 --ah----- C:\sqmdata00.sqm 2008-02-25 21:23 . 2008-03-02 14:39 1,279 --a------ C:\WINDOWS\mozver.dat 2008-02-22 11:45 . 2008-02-29 17:49 <DIR> d-------- C:\Program Files\Marvell-HP 2008-02-22 11:44 . 2007-09-03 11:41 257,024 --a------ C:\WINDOWS\system32\HP2014LM.DLL 2008-02-22 11:44 . 2007-08-31 16:58 65,536 --a------ C:\WINDOWS\system32\HPPMLVS.DLL 2008-02-22 11:31 . 2008-02-22 11:32 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-20 19:46 . 2008-02-21 20:47 <DIR> d-------- C:\Program Files\MSN Apps 2008-02-20 19:46 . 2008-02-20 19:46 <DIR> d---s---- C:\Documents and Settings\Log nordkivu\UserData 2008-02-20 19:24 . 2008-02-20 19:43 <DIR> d-------- C:\Program Files\MSN Messenger 2008-02-20 19:18 . 2007-02-28 11:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-02-20 19:18 . 2007-02-28 11:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-02-20 19:18 . 2007-02-28 10:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-02-20 19:18 . 2007-02-28 10:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-02-19 19:20 . 2008-02-19 19:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-02-19 18:53 . 2008-02-19 18:53 <DIR> d-------- C:\Program Files\NetWaiting 2008-02-18 12:55 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-18 12:55 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-18 12:55 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-18 12:55 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-18 09:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-18 09:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-18 09:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-18 08:43 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-02-18 08:43 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-02-18 08:43 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-18 08:43 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-16 10:02 . 2008-02-16 10:02 <DIR> d-------- C:\Program Files\Broadcom 2008-02-16 10:02 . 2006-06-13 14:03 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll 2008-02-14 16:57 . 2008-02-14 16:57 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Application Data\InstallShield 2008-02-14 08:22 . 2006-06-13 13:57 139,264 --a------ C:\WINDOWS\system32\igfxres.dll 2008-02-14 07:57 . 2008-02-14 07:57 <DIR> d-------- C:\Program Files\Synaptics 2008-02-14 07:57 . 2006-06-17 01:40 193,120 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-02-14 07:57 . 2006-06-17 01:54 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-02-14 07:57 . 2006-06-17 01:54 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-02-14 07:57 . 2006-06-17 01:53 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-02-14 07:57 . 2006-06-17 02:30 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-02-14 07:57 . 2006-06-17 02:25 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-02-14 07:42 . 2008-02-14 07:42 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Application Data\vlc 2008-02-13 23:36 . 2008-02-13 23:36 <DIR> d-------- C:\Program Files\iTunes 2008-02-13 23:36 . 2008-02-13 23:36 <DIR> d-------- C:\Program Files\iPod 2008-02-13 23:36 . 2008-02-13 23:36 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-13 23:34 . 2008-02-13 23:35 <DIR> d-------- C:\Program Files\QuickTime 2008-02-13 20:19 . 2008-02-13 20:19 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Contacts 2008-02-13 17:15 . 2008-02-13 17:15 <DIR> d-------- C:\Documents and Settings\Log nordkivu\Application Data\Apple Computer 2008-02-13 17:15 . 2008-03-09 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-13 17:14 . 2008-02-22 11:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-02-13 17:14 . 2008-02-13 17:14 <DIR> d-------- C:\Program Files\Apple Software Update 2008-02-13 17:14 . 2008-02-13 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-02-13 17:13 . 2008-02-13 17:13 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-02-13 17:13 . 2008-02-13 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-02-13 17:12 . 2008-02-13 17:12 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-13 17:10 . 2008-02-19 18:53 <DIR> d-------- C:\Program Files\CONEXANT 2008-02-13 17:07 . 2008-02-14 15:22 <DIR> d-------- C:\Program Files\WinAce 2008-02-13 17:05 . 2008-02-13 17:05 <DIR> d-------- C:\Program Files\MSBuild 2008-02-13 17:05 . 2008-02-13 17:05 <DIR> d-------- C:\Program Files\Microsoft Works 2008-02-13 17:02 . 2008-02-13 17:05 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-02-13 17:01 . 2008-02-13 17:01 <DIR> dr-h----- C:\MSOCache 2008-02-13 17:01 . 2008-02-22 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-13 13:49 . 2006-12-20 22:56 988,800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys 2008-02-13 13:49 . 2006-12-20 22:55 730,112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2008-02-13 13:49 . 2006-12-20 22:56 209,664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys 2008-02-13 13:49 . 2006-12-19 04:37 176,128 --a------ C:\WINDOWS\system32\UCI32M16.dll 2008-02-13 13:49 . 2006-12-21 02:04 144,201 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty 2008-02-13 13:49 . 2006-06-18 01:26 94,208 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2008-02-13 13:49 . 2006-06-18 01:26 12,672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 15:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 07:20 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-13 14:58 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-13 14:39 --------- d-----w C:\Documents and Settings\Log nordkivu\Application Data\Talkback 2008-02-13 14:25 --------- d-----w C:\Program Files\Intel 2008-02-13 14:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-13 12:30 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 13:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 13:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 13:57 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 02:22 794713] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-06-13 14:03 1236992] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "HPWRTOOLBOX"="C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-26 01:29 344064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10edccba-ddec-11dc-a76b-001a7390c68b}] \Shell\AutoRun\command - G:\a3g3.bat \Shell\explore\Command - G:\a3g3.bat \Shell\open\Command - G:\a3g3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59038064-da3f-11dc-a761-001b38381150}] \Shell\AutoRun\command - xo8wr9.exe \Shell\explore\Command - xo8wr9.exe \Shell\open\Command - xo8wr9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a8204a-dac5-11dc-a763-001a7390c68b}] \Shell\AutoRun\command - G:\a3g3.bat \Shell\explore\Command - G:\a3g3.bat \Shell\open\Command - G:\a3g3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7fc62c-dbe1-11dc-a765-001a7390c68b}] \Shell\AutoRun\command - oufddh.exe \Shell\explore\Command - oufddh.exe \Shell\open\Command - oufddh.exe . Contents of the 'Scheduled Tasks' folder "2008-03-04 09:13:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 16:35:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-09 16:35:58 . 2008-02-25 05:59:09 --- E O F ---
  6. POURKOI!!!!
    Ok, Alors j'ai effectué la manip de configuration de l'antivirus. Ensuite, j'avais déjà le logiciel "flash desinfector" (cf messages précedents). Il me semble que ce logiciel est spécialement conçu pour les DDE et flashdisks. En tout cas je m'en sers depuis 2 mois et il ne m'a jamais donné de rapport. Bref je l'ai fait quand même et j'ai toujours les mêmes pbs.
  7. POURKOI!!!!
    Ok, En fait j'ai toujors mes dossiers cachés qui ne s'affichent plus et je pens etre encore infecté. Voilà le rapport Antivir partition C: AntiVir PersonalEdition Classic Report file date: samedi 8 mars 2008 12:23 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Log nordkivu Computer name: PU Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 13:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 13:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 16:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: samedi 8 mars 2008 12:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' <Logiciels> C:\a3g3.bat [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '4839695b.qua'! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\4839695b.qua [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '4805696b.qua'! C:\WINDOWS\system32\amvo.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '484871f4.qua'! C:\WINDOWS\system32\amvo0.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\amvo1.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! End of the scan: samedi 8 mars 2008 13:07 Used time: 43:41 min The scan has been done completely. 3082 Scanning directories 121479 Files were scanned 2 viruses and/or unwanted programs were found 3 Files were classified as suspicious: 2 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 121477 Files not concerned 1084 Archives were scanned 1 Warnings 0 Notes ET VOILA LES AUTRES PARTITIONS D: E: AntiVir PersonalEdition Classic Report file date: samedi 8 mars 2008 13:10 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Log nordkivu Computer name: PU Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 13:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 13:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 16:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: samedi 8 mars 2008 13:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'D:\' <Documents > D:\a3g3.bat [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '4839746e.qua'! D:\logiciels\Winace\WinAce_Traduction_francaise.exe [0] Archive type: ACE SFX (self extracting) --> html\franais\av.htm [WARNING] Error creating the file --> html\franais\commands.htm [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'E:\' <Rien ici> E:\a3g3.bat [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '483979a4.qua'! End of the scan: samedi 8 mars 2008 13:33 Used time: 22:34 min The scan has been done completely. 1009 Scanning directories 38262 Files were scanned 0 viruses and/or unwanted programs were found 2 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 38262 Files not concerned 403 Archives were scanned 3 Warnings 1 Notes
  8. POURKOI!!!!
    Slt, Alors je connaissait cette procédure mais même avec Avira j'avais aussi pas mal de pbs de vers Bref je l'ai refait quand même et voilà mon rapport HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:50:16, on 08/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 5458 bytes
  9. POURKOI!!!!
    Bonjour à tous, Alors comme pour changer, j'ai encore des virus maléfiques sur mon laptop. 1) Les fichiers cachés ne s'affichent plus, même en faisant "appliquer" et "ok". 2) On doit se transmettre les virus par flasher car même si je fais attention, j'en chope quand même. J'ai "flash desinfector" mais ça ne fondtionne pas assez bien. 3) Voici mon rapport Hijack, merci d'avance!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:55:00, on 07/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe C:\Program Files\SPACENET\Internet Page Accelerator\AS_Agent.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9877 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iPA_PROXY_SETTINGS] C:\Program Files\SPACENET\Internet Page Accelerator\BRW_Setup.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RPA Service - Unknown owner - C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 5891 bytes
  10. POURKOI!!!!
    Ok avec ton nouveau lien ca roule ComboFix est desinstallé. Sinon le scan était propre et ca doit être pour ca que la case "save repot" n'était pas dispo. Merci merci merci beaucoup, je reviens avec un autre sujet!!! Biz biz
  11. POURKOI!!!!
    Ok merci mais c toi qui a tout fait, je n'ai eu qu'a executer... J'ai encore un pti problème: Je n'arrive pas à désinstaller ComboFix, une fenêtre apparait lorsque je laance l'executable comme quoi il n'arrive pas à trouver le chemin de destination. Puis j'ai lancé le scan mais il n'y a pas de rapport à afficher....???? Sinon ce n'est pas fini, je vais devoir te poster d'autres rapport HJT de 3 ordi!!!! désolé....
  12. POURKOI!!!!
    J'ai 2 DDE de 160 et 250giga; 4 flashers de 1 giga et 2 autres clés de 512. Je les aies toutes mis sous flash disinfector, mais peut être que certains problèmes persistent, à voir!!! ComboFix 08-01-23.2 - HP COMPAQ 2008-01-24 16:38:44.11 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.100 [GMT 2:00] Running from: C:\Documents and Settings\HP COMPAQ\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP COMPAQ\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))) . 2008-01-24 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 08:13 . 2008-01-24 09:24 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-22 19:14 . 2008-01-22 19:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-22 18:18 . 2008-01-22 18:18 <REP> d-------- C:\Program Files\SPACENET 2008-01-22 18:16 . 2008-01-22 18:16 <REP> d-------- C:\Program Files\IPA 2008-01-22 08:50 . 2008-01-22 09:32 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-01-21 15:37 . 2008-01-21 15:37 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-09 16:16 . 2008-01-09 16:16 25 --a------ C:\WINDOWS\cdplayer.ini 2008-01-06 18:37 . 2008-01-06 18:43 <REP> d-------- C:\Program Files\Dictionnaire 2008-01-06 15:47 . 2008-01-06 15:50 <REP> d-------- C:\Program Files\WinAce 2008-01-06 15:08 . 2008-01-23 19:56 <REP> d-------- C:\WINDOWS\Internet Logs 2008-01-06 10:56 . 2008-01-06 10:56 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-06 10:44 . 2008-01-06 10:44 <REP> d-------- C:\Program Files\MSBuild 2008-01-06 10:37 . 2008-01-06 10:37 <REP> dr-h----- C:\MSOCache 2007-12-27 12:46 . 2006-04-03 17:19 37,376 --a------ C:\WINDOWS\system32\hpz3l3y2.dll 2007-12-27 12:42 . 2007-12-27 12:42 <REP> d-------- C:\hpdj460 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-12-24 14:31 . 2007-12-24 14:31 <REP> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 12:26 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-22 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-06 08:53 --------- d-----w C:\Program Files\CyberLink 2008-01-06 08:52 --------- d-----w C:\Program Files\Microsoft Works 2007-12-22 16:40 --------- d-----w C:\Program Files\aMSN 2007-12-22 16:36 --------- d-----w C:\Program Files\iTunes 2007-12-22 16:36 --------- d-----w C:\Program Files\iPod 2007-12-22 16:35 --------- d-----w C:\Program Files\QuickTime 2007-12-22 16:34 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-22 16:34 --------- d-----w C:\Program Files\Apple Software Update 2007-12-22 03:54 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-22 03:43 --------- d-----w C:\Program Files\CONEXANT 2007-12-22 03:41 --------- d-----w C:\Program Files\Synaptics 2007-12-22 03:38 --------- d-----w C:\Program Files\Real 2007-12-22 03:38 --------- d-----w C:\Program Files\Common Files\xing shared 2007-12-22 03:37 --------- d-----w C:\Program Files\Common Files\Real 2007-12-22 03:31 --------- d-----w C:\Program Files\NetWaiting 2007-12-22 03:25 --------- d-----w C:\Program Files\Symantec 2007-12-22 03:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-21 12:03 --------- d-----w C:\Program Files\Intel 2007-12-21 12:03 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-21 12:01 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-21 11:58 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-21 11:56 --------- d-----w C:\Program Files\Nero 2007-12-21 11:53 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-21 11:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-12 09:07 362,496 ----a-w C:\WINDOWS\system32\dllcache\metal_ss.dll 2007-12-12 09:07 362,496 ----a-w C:\WINDOWS\system32\dllcache\home_ss.dll 2007-12-12 09:07 361,472 ----a-w C:\WINDOWS\system32\dllcache\blue_ss.dll 2007-12-12 05:58 304,920 ----a-w C:\WINDOWS\system32\drivers\iaStor.sys 2007-12-12 05:57 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-01-01 01:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 14:55 1628208] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 14:55 1057328] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 13:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 13:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 13:57 118784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 05:37 185632] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 02:22 794713] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 19:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 17:36 267048] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "IPA_PROXY_SETTINGS"="C:\Program Files\SPACENET\Internet Page Accelerator\BRW_Setup.exe" [2000-10-23 21:52 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-01-01 01:00 15360] R2 RPA Service;RPA Service;C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe [2000-08-29 19:03] . Contents of the 'Scheduled Tasks' folder "2008-01-22 19:13:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe .a ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 16:39:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** .
  13. POURKOI!!!!
    Ok une dernière inch allah!!! ComboFix 08-01-23.2 - HP COMPAQ 2008-01-24 15:48:39.10 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.106 [GMT 2:00] Running from: C:\Documents and Settings\HP COMPAQ\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP COMPAQ\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))) . 2008-01-24 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 08:13 . 2008-01-24 09:24 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-22 19:14 . 2008-01-22 19:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-22 18:18 . 2008-01-22 18:18 <REP> d-------- C:\Program Files\SPACENET 2008-01-22 18:16 . 2008-01-22 18:16 <REP> d-------- C:\Program Files\IPA 2008-01-22 08:50 . 2008-01-22 09:32 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-01-21 15:37 . 2008-01-21 15:37 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-09 16:16 . 2008-01-09 16:16 25 --a------ C:\WINDOWS\cdplayer.ini 2008-01-06 18:37 . 2008-01-06 18:43 <REP> d-------- C:\Program Files\Dictionnaire 2008-01-06 15:47 . 2008-01-06 15:50 <REP> d-------- C:\Program Files\WinAce 2008-01-06 15:08 . 2008-01-23 19:56 <REP> d-------- C:\WINDOWS\Internet Logs 2008-01-06 10:56 . 2008-01-06 10:56 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-06 10:44 . 2008-01-06 10:44 <REP> d-------- C:\Program Files\MSBuild 2008-01-06 10:37 . 2008-01-06 10:37 <REP> dr-h----- C:\MSOCache 2007-12-27 12:46 . 2006-04-03 17:19 37,376 --a------ C:\WINDOWS\system32\hpz3l3y2.dll 2007-12-27 12:42 . 2007-12-27 12:42 <REP> d-------- C:\hpdj460 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-12-24 14:31 . 2007-12-24 14:31 <REP> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 12:26 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-22 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-06 08:53 --------- d-----w C:\Program Files\CyberLink 2008-01-06 08:52 --------- d-----w C:\Program Files\Microsoft Works 2007-12-22 16:40 --------- d-----w C:\Program Files\aMSN 2007-12-22 16:36 --------- d-----w C:\Program Files\iTunes 2007-12-22 16:36 --------- d-----w C:\Program Files\iPod 2007-12-22 16:35 --------- d-----w C:\Program Files\QuickTime 2007-12-22 16:34 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-22 16:34 --------- d-----w C:\Program Files\Apple Software Update 2007-12-22 03:54 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-22 03:43 --------- d-----w C:\Program Files\CONEXANT 2007-12-22 03:41 --------- d-----w C:\Program Files\Synaptics 2007-12-22 03:38 --------- d-----w C:\Program Files\Real 2007-12-22 03:38 --------- d-----w C:\Program Files\Common Files\xing shared 2007-12-22 03:37 --------- d-----w C:\Program Files\Common Files\Real 2007-12-22 03:31 --------- d-----w C:\Program Files\NetWaiting 2007-12-22 03:25 --------- d-----w C:\Program Files\Symantec 2007-12-22 03:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-21 12:03 --------- d-----w C:\Program Files\Intel 2007-12-21 12:03 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-21 12:01 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-21 11:58 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-21 11:56 --------- d-----w C:\Program Files\Nero 2007-12-21 11:53 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-21 11:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-12 09:07 362,496 ----a-w C:\WINDOWS\system32\dllcache\metal_ss.dll 2007-12-12 09:07 362,496 ----a-w C:\WINDOWS\system32\dllcache\home_ss.dll 2007-12-12 09:07 361,472 ----a-w C:\WINDOWS\system32\dllcache\blue_ss.dll 2007-12-12 05:58 304,920 ----a-w C:\WINDOWS\system32\drivers\iaStor.sys 2007-12-12 05:57 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-01-01 01:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 14:55 1628208] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 14:55 1057328] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 13:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 13:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 13:57 118784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 05:37 185632] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 02:22 794713] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 19:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 17:36 267048] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "IPA_PROXY_SETTINGS"="C:\Program Files\SPACENET\Internet Page Accelerator\BRW_Setup.exe" [2000-10-23 21:52 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-01-01 01:00 15360] R2 RPA Service;RPA Service;C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe [2000-08-29 19:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54185b7-b349-11dc-8491-001a7390cb05}] \Shell\AutoRun\command - F:\awda2.exe \Shell\explore\Command - F:\awda2.exe \Shell\open\Command - F:\awda2.exe . Contents of the 'Scheduled Tasks' folder "2008-01-22 19:13:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 15:50:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** .
  14. POURKOI!!!!
    Ok pas de problème voici le rapport ComboFix: ComboFix 08-01-23.2 - HP COMPAQ 2008-01-24 13:52:26.9 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.132 [GMT 2:00] Running from: C:\Documents and Settings\HP COMPAQ\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP COMPAQ\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\awda2.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\awda2.exe . ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))) . 2008-01-24 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 08:13 . 2008-01-24 09:24 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-22 19:14 . 2008-01-22 19:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-22 18:18 . 2008-01-22 18:18 <REP> d-------- C:\Program Files\SPACENET 2008-01-22 18:16 . 2008-01-22 18:16 <REP> d-------- C:\Program Files\IPA 2008-01-22 08:50 . 2008-01-22 09:32 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-01-21 15:37 . 2008-01-21 15:37 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-09 16:16 . 2008-01-09 16:16 25 --a------ C:\WINDOWS\cdplayer.ini 2008-01-06 18:37 . 2008-01-06 18:43 <REP> d-------- C:\Program Files\Dictionnaire 2008-01-06 15:47 . 2008-01-06 15:50 <REP> d-------- C:\Program Files\WinAce 2008-01-06 15:08 . 2008-01-23 19:56 <REP> d-------- C:\WINDOWS\Internet Logs 2008-01-06 10:56 . 2008-01-06 10:56 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-06 10:44 . 2008-01-06 10:44 <REP> d-------- C:\Program Files\MSBuild 2008-01-06 10:37 . 2008-01-06 10:37 <REP> dr-h----- C:\MSOCache 2007-12-27 12:46 . 2006-04-03 17:19 37,376 --a------ C:\WINDOWS\system32\hpz3l3y2.dll 2007-12-27 12:42 . 2007-12-27 12:42 <REP> d-------- C:\hpdj460 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-12-24 14:31 . 2007-12-24 14:31 <REP> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 10:20 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-22 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-06 08:53 --------- d-----w C:\Program Files\CyberLink 2008-01-06 08:52 --------- d-----w C:\Program Files\Microsoft Works 2007-12-22 16:40 --------- d-----w C:\Program Files\aMSN 2007-12-22 16:36 --------- d-----w C:\Program Files\iTunes 2007-12-22 16:36 --------- d-----w C:\Program Files\iPod 2007-12-22 16:35 --------- d-----w C:\Program Files\QuickTime 2007-12-22 16:34 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-22 16:34 --------- d-----w C:\Program Files\Apple Software Update 2007-12-22 03:54 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-22 03:43 --------- d-----w C:\Program Files\CONEXANT 2007-12-22 03:41 --------- d-----w C:\Program Files\Synaptics 2007-12-22 03:38 --------- d-----w C:\Program Files\Real 2007-12-22 03:38 --------- d-----w C:\Program Files\Common Files\xing shared 2007-12-22 03:37 --------- d-----w C:\Program Files\Common Files\Real 2007-12-22 03:31 --------- d-----w C:\Program Files\NetWaiting 2007-12-22 03:25 --------- d-----w C:\Program Files\Symantec 2007-12-22 03:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-21 12:03 --------- d-----w C:\Program Files\Intel 2007-12-21 12:03 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-21 12:01 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-21 11:58 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-21 11:56 --------- d-----w C:\Program Files\Nero 2007-12-21 11:53 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-21 11:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-12 05:58 304,920 ----a-w C:\WINDOWS\system32\drivers\iaStor.sys 2007-12-12 05:57 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-01-01 01:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 14:55 1628208] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 14:55 1057328] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 13:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 13:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 13:57 118784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 05:37 185632] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 02:22 794713] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 19:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 17:36 267048] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "IPA_PROXY_SETTINGS"="C:\Program Files\SPACENET\Internet Page Accelerator\BRW_Setup.exe" [2000-10-23 21:52 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-01-01 01:00 15360] R2 RPA Service;RPA Service;C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe [2000-08-29 19:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22547ae8-b21c-11dc-8490-001a7390cb05}] \Shell\AutoRun\command - G:\awda2.exe \Shell\explore\Command - G:\awda2.exe \Shell\open\Command - G:\awda2.exe . Contents of the 'Scheduled Tasks' folder "2008-01-22 19:13:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 13:53:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** .
  15. POURKOI!!!!
    Rebonjour, Voici le rapport ComboFix et en dessous le HJT: ComboFix 08-01-23.2 - HP COMPAQ 2008-01-24 13:20:03.8 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.68 [GMT 2:00] Running from: C:\Documents and Settings\HP COMPAQ\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP COMPAQ\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))) . 2008-01-24 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 08:53 . 2008-01-24 12:14 106,936 -r-hs---- C:\awda2.exe 2008-01-24 08:13 . 2008-01-24 09:24 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-22 19:14 . 2008-01-22 19:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-22 18:18 . 2008-01-22 18:18 <REP> d-------- C:\Program Files\SPACENET 2008-01-22 18:16 . 2008-01-22 18:16 <REP> d-------- C:\Program Files\IPA 2008-01-22 08:50 . 2008-01-22 09:32 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-01-21 15:37 . 2008-01-21 15:37 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-09 16:16 . 2008-01-09 16:16 25 --a------ C:\WINDOWS\cdplayer.ini 2008-01-06 18:37 . 2008-01-06 18:43 <REP> d-------- C:\Program Files\Dictionnaire 2008-01-06 15:47 . 2008-01-06 15:50 <REP> d-------- C:\Program Files\WinAce 2008-01-06 15:08 . 2008-01-23 19:56 <REP> d-------- C:\WINDOWS\Internet Logs 2008-01-06 10:56 . 2008-01-06 10:56 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-01-06 10:55 . 2008-01-06 10:55 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-06 10:44 . 2008-01-06 10:44 <REP> d-------- C:\Program Files\MSBuild 2008-01-06 10:37 . 2008-01-06 10:37 <REP> dr-h----- C:\MSOCache 2007-12-27 12:46 . 2006-04-03 17:19 37,376 --a------ C:\WINDOWS\system32\hpz3l3y2.dll 2007-12-27 12:42 . 2007-12-27 12:42 <REP> d-------- C:\hpdj460 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-27 07:52 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-12-24 14:31 . 2007-12-24 14:31 <REP> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 10:20 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-22 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-06 08:53 --------- d-----w C:\Program Files\CyberLink 2008-01-06 08:52 --------- d-----w C:\Program Files\Microsoft Works 2007-12-22 16:40 --------- d-----w C:\Program Files\aMSN 2007-12-22 16:36 --------- d-----w C:\Program Files\iTunes 2007-12-22 16:36 --------- d-----w C:\Program Files\iPod 2007-12-22 16:35 --------- d-----w C:\Program Files\QuickTime 2007-12-22 16:34 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-22 16:34 --------- d-----w C:\Program Files\Apple Software Update 2007-12-22 03:54 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-22 03:43 --------- d-----w C:\Program Files\CONEXANT 2007-12-22 03:41 --------- d-----w C:\Program Files\Synaptics 2007-12-22 03:38 --------- d-----w C:\Program Files\Real 2007-12-22 03:38 --------- d-----w C:\Program Files\Common Files\xing shared 2007-12-22 03:37 --------- d-----w C:\Program Files\Common Files\Real 2007-12-22 03:31 --------- d-----w C:\Program Files\NetWaiting 2007-12-22 03:25 --------- d-----w C:\Program Files\Symantec 2007-12-22 03:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-21 12:03 --------- d-----w C:\Program Files\Intel 2007-12-21 12:03 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-21 12:01 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-21 11:58 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-21 11:56 --------- d-----w C:\Program Files\Nero 2007-12-21 11:53 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-21 11:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-12 05:58 304,920 ----a-w C:\WINDOWS\system32\drivers\iaStor.sys 2007-12-12 05:57 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-01-01 01:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 14:55 1628208] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 14:55 1057328] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 13:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 13:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 13:57 118784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 05:37 185632] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 02:22 794713] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 19:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 17:36 267048] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "IPA_PROXY_SETTINGS"="C:\Program Files\SPACENET\Internet Page Accelerator\BRW_Setup.exe" [2000-10-23 21:52 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-01-01 01:00 15360] R2 RPA Service;RPA Service;C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe [2000-08-29 19:03] . Contents of the 'Scheduled Tasks' folder "2008-01-22 19:13:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 13:21:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Et le HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:25, on 2008-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe C:\Program Files\SPACENET\Internet Page Accelerator\AS_Agent.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9877 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [iPA_PROXY_SETTINGS] C:\Program Files\SPACENET\Internet Page Accelerator\BRW_Setup.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: RPA Service - Unknown owner - C:\Program Files\SPACENET\Internet Page Accelerator\RPAService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6776 bytes
×
×
  • Créer...