Aller au contenu

metabolis

Membres
  • Compteur de contenus

    4
  • Inscription

  • Dernière visite

metabolis's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. J'ai rien desactiver .peut etre que j'ai coché une option qu'il fallait pas coché quand j'ai lancé ces deux utilitaire CCleaner et Windows Doctor en plus je conais pas grand chose en informatique. merci.
  2. c'est fait , voila le rapport : ComboFix 08-01-30.1 - admin 2008-01-31 9:38:56.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.174 [GMT 0:00] Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf . . . . Echec de suppression D:\Autorun.inf . . . . Echec de suppression C:\Autorun.inf . . . . Echec de suppression D:\Autorun.inf . . . . Echec de suppression . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))))))) . 2008-01-30 19:43 . 2008-01-30 19:43 <REP> d-------- C:\HJT 2008-01-30 19:18 . 2008-01-30 19:29 414 -rahs---- C:\autorun.inf 2008-01-30 17:28 . 2008-01-30 19:17 104,044 -r-hs---- C:\h.cmd 2008-01-30 09:48 . 2008-01-30 09:48 3,320 --a------ C:\WINDOWS\desctemp.dat 2008-01-22 18:08 . 2008-01-28 16:43 <REP> d-------- C:\Program Files\SopCast 2008-01-22 18:08 . 2008-01-22 18:55 <REP> d-------- C:\Documents and Settings\admin\Application Data\SopCast 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Program Files\TVUPlayer 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\admin\Application Data\TVU networks 2008-01-22 16:00 . 2008-01-22 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-22 15:59 . 2008-01-22 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-01-22 10:19 . 2008-01-22 10:19 <REP> d-------- C:\UniScan 2008-01-21 17:16 . 2008-01-21 17:16 <REP> d-------- C:\Documents and Settings\admin\Application Data\TransMemory_Secure 2008-01-19 11:02 . 2008-01-19 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-19 11:02 . 2008-01-19 11:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 10:25 . 2008-01-15 10:25 <REP> d-------- C:\Program Files\ProgDVB 2008-01-12 16:40 . 2008-01-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft 2008-01-11 17:40 . 2008-01-11 17:40 <REP> d-------- C:\Mixesoft 2008-01-10 12:01 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\Webcammax 2008-01-10 12:00 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax 2008-01-10 11:57 . 2008-01-10 12:00 <REP> d-------- C:\Program Files\WebcamMax 2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 . 2008-01-09 11:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll 2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-01-05 11:31 . 2008-01-05 11:31 0 --a------ C:\WINDOWS\vpc32.INI 2008-01-05 11:16 . <REP> C:\Documents and Settings\LocalService\Application Data\Dossier de t‚l‚chargement Share-to-Web 2008-01-05 10:59 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-05 10:59 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-05 10:58 . 2008-01-31 09:44 <REP> d-------- C:\Program Files\Symantec AntiVirus 2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-05 09:08 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-01-04 17:04 . 2008-01-05 17:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\FileZilla 2008-01-04 17:03 . 2008-01-04 19:14 <REP> d-------- C:\Program Files\FileZilla Client 2007-12-31 09:44 . 2008-01-29 18:26 155 --a------ C:\WINDOWS\winamp.ini 2007-12-27 18:17 . 2007-12-31 11:14 <REP> d-------- C:\Program Files\Florikey V4.5 Beta 2007-12-26 18:55 . 2007-12-29 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2007-12-26 18:37 . 2007-12-26 18:52 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2007-12-26 18:37 . 2007-12-26 18:37 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-12-26 18:37 . 2007-12-26 18:52 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Fichiers communs\Acronis 2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Acronis 2007-12-26 17:07 . 2007-12-26 17:07 <REP> d-------- C:\Program Files\Windows Doctor 2007-12-25 17:07 . 2007-12-25 17:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Uniblue 2007-12-25 10:57 . 2007-12-25 10:58 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2007-12-11 19:44 . 2007-12-11 19:44 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 19:44 . 2007-12-11 19:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll 2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll 2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll 2007-12-11 19:44 . 2007-12-11 19:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 19:44 . 2007-12-11 19:44 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll 2007-12-11 19:44 . 2007-12-11 19:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 19:43 . 2007-12-11 19:43 12,288 --a--c--- C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-11 19:43 . 2007-12-11 19:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm 2007-12-11 19:43 . 2007-12-11 19:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm 2007-12-06 18:40 . 2007-12-06 18:40 <REP> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-12-04 10:20 . 2007-12-04 10:20 <REP> d--hs---- C:\Diskeeper 2007-12-03 18:37 . 2007-12-03 18:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Program Files\X-Tool 1.0.0 2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-01 15:07 . 2007-12-01 15:07 268 --ah----- C:\sqmdata11.sqm 2007-12-01 15:07 . 2007-12-01 15:07 244 --ah----- C:\sqmnoopt11.sqm 2007-12-01 09:02 . 2007-12-01 09:02 268 --ah----- C:\sqmdata10.sqm 2007-12-01 09:02 . 2007-12-01 09:02 244 --ah----- C:\sqmnoopt10.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 09:09 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus 2008-01-26 11:21 --------- d-----w C:\Program Files\DivX 2008-01-24 11:06 3,781 ----a-w C:\WINDOWS\E220AutoRunLog.tmp 2008-01-22 16:54 --------- d-----w C:\Documents and Settings\admin\Application Data\U3 2008-01-22 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-12 10:02 --------- d-----w C:\Program Files\Locate 2008-01-10 09:28 --------- d-----w C:\Program Files\eMule 2008-01-05 11:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Dossier de téléchargement Share-to-Web 2008-01-05 11:11 --------- d-----w C:\Program Files\MSN Messenger 2008-01-05 11:10 --------- d-----w C:\Program Files\QuickTime 2008-01-05 11:00 --------- d-----w C:\Program Files\Symantec 2007-12-31 09:44 --------- d-----w C:\Program Files\Winamp 2007-12-07 16:44 --------- d-----w C:\Program Files\CCleaner 2007-12-04 11:26 --------- d-----w C:\Program Files\CodeRouteMarocMP3 2007-12-03 18:45 --------- d-----w C:\Program Files\Google 2007-11-24 16:30 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-29 11:36 88,576 -c-ha-w C:\Documents and Settings\admin\Application Data\rbap550.dll 2007-10-29 11:36 73,728 -c-ha-w C:\Documents and Settings\admin\Application Data\RBRegEx550.dll 2007-10-29 11:36 38,912 -c-ha-w C:\Documents and Settings\admin\Application Data\RBShell550.dll 2007-10-29 11:36 29,184 -c-ha-w C:\Documents and Settings\admin\Application Data\RBInternetEncodings550.dll 2007-10-29 11:36 1,166,772 -c-ha-w C:\Documents and Settings\admin\Application Data\RBXML550.dll 2007-10-29 11:36 1,001,472 -c-ha-w C:\Documents and Settings\admin\Application Data\RBScript550.dll 2007-03-05 19:36 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys 2006-11-10 19:19 8 --sh--r C:\WINDOWS\system32\9C8C5F520D.sys 2006-11-10 19:22 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "combofix"="C:\ComboFix\kmd.exe" [2004-08-05 12:00 400896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk] backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk] backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-02-16 18:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-02-17 17:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-23 14:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2005-04-08 15:52 48752 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2005-02-01 19:28 1469952 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] --a------ 2007-10-11 03:15 802816 C:\Program Files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2005-08-31 20:27 1658592 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a--c--- 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a--c--- 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a--c--- 2007-01-20 07:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-07-07 15:25 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-23 16:32 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-02-17 17:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows] --a------ 2004-08-05 12:00 33792 C:\WINDOWS\system32\rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SM_clp300_FUService"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) "Diskeeper"=2 (0x2) "SmcService"=2 (0x2) "ServiceLayer"=3 (0x3) "iPod Service"=3 (0x3) "cpextender"=2 (0x2) "Apple Mobile Device"=2 (0x2) "NMIndexingService"=3 (0x3) "gusvc"=2 (0x2) "WLSetupSvc"=3 (0x3) "idsvc"=3 (0x3) "SavRoam"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "AdobeActiveFileMonitor6.0"=2 (0x2) "AcrSch2Svc"=2 (0x2) R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 05:39] R2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 02:29] S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [] S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [] S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [] S3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-02-10 13:26] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45] S4 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 02:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427bce-b3a3-11db-aa3e-101111111111}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856875e2-bf68-11db-aa48-101111111111}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-31 01:42:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-31 09:43:58 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DU Meter\DUMeter.exe C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe . ************************************************************************** . Temps d'accomplissement: 2008-01-31 9:46:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-31 09:46:41 ComboFix2.txt 2008-01-30 19:40:13 ComboFix3.txt 2008-01-30 17:58:17 . 2008-01-09 09:06:43 --- E O F ---
  3. C'est fait et voila les rapports ComboFix: ComboFix 08-01-30.1 - admin 2008-01-30 19:29:59.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.148 [GMT 0:00] Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\Setup1.exe C:\ylr.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ylr.exe C:\Autorun.inf . . . . Echec de suppression C:\WINDOWS\Setup1.exe C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo1.dll C:\ylr.exe D:\Autorun.inf . . . . Echec de suppression C:\Autorun.inf . . . . Echec de suppression D:\Autorun.inf . . . . Echec de suppression . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))))))) . 2008-01-30 19:18 . 2008-01-30 19:29 414 -rahs---- C:\autorun.inf 2008-01-30 17:28 . 2008-01-30 19:17 104,044 -r-hs---- C:\h.cmd 2008-01-30 09:48 . 2008-01-30 09:48 3,320 --a------ C:\WINDOWS\desctemp.dat 2008-01-22 18:08 . 2008-01-28 16:43 <REP> d-------- C:\Program Files\SopCast 2008-01-22 18:08 . 2008-01-22 18:55 <REP> d-------- C:\Documents and Settings\admin\Application Data\SopCast 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Program Files\TVUPlayer 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\admin\Application Data\TVU networks 2008-01-22 16:00 . 2008-01-22 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-22 15:59 . 2008-01-22 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-01-22 10:19 . 2008-01-22 10:19 <REP> d-------- C:\UniScan 2008-01-21 17:16 . 2008-01-21 17:16 <REP> d-------- C:\Documents and Settings\admin\Application Data\TransMemory_Secure 2008-01-19 11:02 . 2008-01-19 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-19 11:02 . 2008-01-19 11:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 10:25 . 2008-01-15 10:25 <REP> d-------- C:\Program Files\ProgDVB 2008-01-12 16:40 . 2008-01-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft 2008-01-11 17:40 . 2008-01-11 17:40 <REP> d-------- C:\Mixesoft 2008-01-10 12:01 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\Webcammax 2008-01-10 12:00 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax 2008-01-10 11:57 . 2008-01-10 12:00 <REP> d-------- C:\Program Files\WebcamMax 2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 . 2008-01-09 11:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll 2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-01-05 11:31 . 2008-01-05 11:31 0 --a------ C:\WINDOWS\vpc32.INI 2008-01-05 11:16 . <REP> C:\Documents and Settings\LocalService\Application Data\Dossier de t‚l‚chargement Share-to-Web 2008-01-05 10:59 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-05 10:59 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-05 10:58 . 2008-01-30 19:36 <REP> d-------- C:\Program Files\Symantec AntiVirus 2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-05 09:08 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-01-04 17:04 . 2008-01-05 17:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\FileZilla 2008-01-04 17:03 . 2008-01-04 19:14 <REP> d-------- C:\Program Files\FileZilla Client 2007-12-31 09:44 . 2008-01-29 18:26 155 --a------ C:\WINDOWS\winamp.ini 2007-12-27 18:17 . 2007-12-31 11:14 <REP> d-------- C:\Program Files\Florikey V4.5 Beta 2007-12-26 18:55 . 2007-12-29 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2007-12-26 18:37 . 2007-12-26 18:52 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2007-12-26 18:37 . 2007-12-26 18:37 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-12-26 18:37 . 2007-12-26 18:52 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Fichiers communs\Acronis 2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Acronis 2007-12-26 17:07 . 2007-12-26 17:07 <REP> d-------- C:\Program Files\Windows Doctor 2007-12-25 17:07 . 2007-12-25 17:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Uniblue 2007-12-25 10:57 . 2007-12-25 10:58 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2007-12-11 19:44 . 2007-12-11 19:44 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 19:44 . 2007-12-11 19:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll 2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll 2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll 2007-12-11 19:44 . 2007-12-11 19:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 19:44 . 2007-12-11 19:44 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll 2007-12-11 19:44 . 2007-12-11 19:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 19:43 . 2007-12-11 19:43 12,288 --a--c--- C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-11 19:43 . 2007-12-11 19:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm 2007-12-11 19:43 . 2007-12-11 19:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm 2007-12-06 18:40 . 2007-12-06 18:40 <REP> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-12-04 10:20 . 2007-12-04 10:20 <REP> d--hs---- C:\Diskeeper 2007-12-03 18:37 . 2007-12-03 18:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Program Files\X-Tool 1.0.0 2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-01 15:07 . 2007-12-01 15:07 268 --ah----- C:\sqmdata11.sqm 2007-12-01 15:07 . 2007-12-01 15:07 244 --ah----- C:\sqmnoopt11.sqm 2007-12-01 09:02 . 2007-12-01 09:02 268 --ah----- C:\sqmdata10.sqm 2007-12-01 09:02 . 2007-12-01 09:02 244 --ah----- C:\sqmnoopt10.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 09:09 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus 2008-01-26 11:21 --------- d-----w C:\Program Files\DivX 2008-01-24 11:06 3,781 ----a-w C:\WINDOWS\E220AutoRunLog.tmp 2008-01-22 16:54 --------- d-----w C:\Documents and Settings\admin\Application Data\U3 2008-01-22 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-12 10:02 --------- d-----w C:\Program Files\Locate 2008-01-10 09:28 --------- d-----w C:\Program Files\eMule 2008-01-05 11:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Dossier de téléchargement Share-to-Web 2008-01-05 11:11 --------- d-----w C:\Program Files\MSN Messenger 2008-01-05 11:10 --------- d-----w C:\Program Files\QuickTime 2008-01-05 11:00 --------- d-----w C:\Program Files\Symantec 2007-12-31 09:44 --------- d-----w C:\Program Files\Winamp 2007-12-07 16:44 --------- d-----w C:\Program Files\CCleaner 2007-12-04 11:26 --------- d-----w C:\Program Files\CodeRouteMarocMP3 2007-12-03 18:45 --------- d-----w C:\Program Files\Google 2007-11-24 16:30 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-29 11:36 88,576 -c-ha-w C:\Documents and Settings\admin\Application Data\rbap550.dll 2007-10-29 11:36 73,728 -c-ha-w C:\Documents and Settings\admin\Application Data\RBRegEx550.dll 2007-10-29 11:36 38,912 -c-ha-w C:\Documents and Settings\admin\Application Data\RBShell550.dll 2007-10-29 11:36 29,184 -c-ha-w C:\Documents and Settings\admin\Application Data\RBInternetEncodings550.dll 2007-10-29 11:36 1,166,772 -c-ha-w C:\Documents and Settings\admin\Application Data\RBXML550.dll 2007-10-29 11:36 1,001,472 -c-ha-w C:\Documents and Settings\admin\Application Data\RBScript550.dll 2007-03-05 19:36 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys 2006-11-10 19:19 8 --sh--r C:\WINDOWS\system32\9C8C5F520D.sys 2006-11-10 19:22 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] "amva"="C:\WINDOWS\system32\amvo.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "combofix"="C:\ComboFix\kmd.exe" [2004-08-05 12:00 400896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk] backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk] backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-02-16 18:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-02-17 17:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva] C:\WINDOWS\system32\amvo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-23 14:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2005-04-08 15:52 48752 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2005-02-01 19:28 1469952 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] --a------ 2007-10-11 03:15 802816 C:\Program Files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2005-08-31 20:27 1658592 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a--c--- 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a--c--- 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a--c--- 2007-01-20 07:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-07-07 15:25 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-23 16:32 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-02-17 17:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows] --a------ 2004-08-05 12:00 33792 C:\WINDOWS\system32\rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SM_clp300_FUService"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) "Diskeeper"=2 (0x2) "SmcService"=2 (0x2) "ServiceLayer"=3 (0x3) "iPod Service"=3 (0x3) "cpextender"=2 (0x2) "Apple Mobile Device"=2 (0x2) "NMIndexingService"=3 (0x3) "gusvc"=2 (0x2) "WLSetupSvc"=3 (0x3) "idsvc"=3 (0x3) "SavRoam"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "AdobeActiveFileMonitor6.0"=2 (0x2) "AcrSch2Svc"=2 (0x2) R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 05:39] R2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 02:29] S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [] S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [] S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [] S3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-02-10 13:26] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45] S4 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 02:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427bce-b3a3-11db-aa3e-101111111111}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856875e2-bf68-11db-aa48-101111111111}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-30 01:42:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 19:36:08 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DU Meter\DUMeter.exe C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe . ************************************************************************** . Temps d'accomplissement: 2008-01-30 19:40:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-30 19:40:09 ComboFix2.txt 2008-01-30 17:58:17 . 2008-01-09 09:06:43 --- E O F --- et voila celui de HJT: Logfile of HijackThis v1.99.1 Scan saved at 19:43:57, on 30/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ping.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.17.239.251:8888 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: VPTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173808772615 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_2_0_4_9.cab O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://vpn.meditel.ma/extender.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe merci.
  4. Bonjour a tous J'ai un problème avec mon Pc sous WinXP Pro (Antivirus Norton corporate). Et j’ai suivi ces directives (celles de Gof sur un autre poste) ~~~~ Télécharge Flashdisinfector de sUBs sur ton bureau. Branche tes supports amovibles, démarre les (disques dur externes par exemple) pour ceux qui le devraient. Double-clique sur Flash_Disinfector.exe. Cela sera très rapide, un message t'informera de la fin du fix. Attention, celui-ci stoppe le processus explorer.exe puis le redémarre, prends soin de ne pas laisser de documents (word, excel) sur lesquels tu travailles ouvert à ce moment la. Si tu as beaucoup de clés à désinfecter, tu peux renouveler l'opération en branchant les clés non traitées une à une. Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau. Double-clique combofix.exe afin de l'exécuter et suis les instructions. Lorsque l'analyse sera complétée, un rapport apparaîtra. Copie-colle ce rapport dans ta prochaine réponse. ~~~~ et voila le rapport: ComboFix 08-01-30.1 - admin 2008-01-30 17:48:52.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.186 [GMT 0:00] Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - system32: deleted 3584 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Documents and Settings\admin\new.txt C:\WINDOWS\system32\amvo1.dll D:\Autorun.inf . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\NPF ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))))))) . 2008-01-30 17:28 . 2008-01-30 17:28 104,044 -r-hs---- C:\h.cmd 2008-01-30 09:48 . 2008-01-30 09:48 3,320 --a------ C:\WINDOWS\desctemp.dat 2008-01-29 19:24 . 2008-01-30 09:23 103,683 -r-hs---- C:\ylr.exe 2008-01-22 18:08 . 2008-01-28 16:43 <REP> d-------- C:\Program Files\SopCast 2008-01-22 18:08 . 2008-01-22 18:55 <REP> d-------- C:\Documents and Settings\admin\Application Data\SopCast 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Program Files\TVUPlayer 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks 2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\admin\Application Data\TVU networks 2008-01-22 16:00 . 2008-01-22 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-22 15:59 . 2008-01-22 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-01-22 10:19 . 2008-01-22 10:19 <REP> d-------- C:\UniScan 2008-01-21 17:16 . 2008-01-21 17:16 <REP> d-------- C:\Documents and Settings\admin\Application Data\TransMemory_Secure 2008-01-19 11:02 . 2008-01-19 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-19 11:02 . 2008-01-19 11:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 10:25 . 2008-01-15 10:25 <REP> d-------- C:\Program Files\ProgDVB 2008-01-12 16:40 . 2008-01-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft 2008-01-11 17:40 . 2008-01-11 17:40 <REP> d-------- C:\Mixesoft 2008-01-10 12:01 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\Webcammax 2008-01-10 12:00 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax 2008-01-10 11:57 . 2008-01-10 12:00 <REP> d-------- C:\Program Files\WebcamMax 2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 . 2008-01-09 11:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll 2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-01-05 11:31 . 2008-01-05 11:31 0 --a------ C:\WINDOWS\vpc32.INI 2008-01-05 11:16 . <REP> C:\Documents and Settings\LocalService\Application Data\Dossier de t‚l‚chargement Share-to-Web 2008-01-05 10:59 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-05 10:59 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-05 10:58 . 2008-01-30 17:28 <REP> d-------- C:\Program Files\Symantec AntiVirus 2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-05 09:08 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-01-04 17:04 . 2008-01-05 17:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\FileZilla 2008-01-04 17:03 . 2008-01-04 19:14 <REP> d-------- C:\Program Files\FileZilla Client 2007-12-31 09:44 . 2008-01-29 18:26 155 --a------ C:\WINDOWS\winamp.ini 2007-12-27 18:17 . 2007-12-31 11:14 <REP> d-------- C:\Program Files\Florikey V4.5 Beta 2007-12-26 18:55 . 2007-12-29 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2007-12-26 18:37 . 2007-12-26 18:52 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2007-12-26 18:37 . 2007-12-26 18:37 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-12-26 18:37 . 2007-12-26 18:52 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Fichiers communs\Acronis 2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Acronis 2007-12-26 17:07 . 2007-12-26 17:07 <REP> d-------- C:\Program Files\Windows Doctor 2007-12-25 17:07 . 2007-12-25 17:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Uniblue 2007-12-25 10:57 . 2007-12-25 10:58 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2007-12-11 19:44 . 2007-12-11 19:44 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 19:44 . 2007-12-11 19:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll 2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll 2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll 2007-12-11 19:44 . 2007-12-11 19:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 19:44 . 2007-12-11 19:44 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll 2007-12-11 19:44 . 2007-12-11 19:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 19:43 . 2007-12-11 19:43 12,288 --a--c--- C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-11 19:43 . 2007-12-11 19:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm 2007-12-11 19:43 . 2007-12-11 19:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm 2007-12-06 18:40 . 2007-12-06 18:40 <REP> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-12-04 10:20 . 2007-12-04 10:20 <REP> d--hs---- C:\Diskeeper 2007-12-03 18:37 . 2007-12-03 18:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Program Files\X-Tool 1.0.0 2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-01 15:07 . 2007-12-01 15:07 268 --ah----- C:\sqmdata11.sqm 2007-12-01 15:07 . 2007-12-01 15:07 244 --ah----- C:\sqmnoopt11.sqm 2007-12-01 09:02 . 2007-12-01 09:02 268 --ah----- C:\sqmdata10.sqm 2007-12-01 09:02 . 2007-12-01 09:02 244 --ah----- C:\sqmnoopt10.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 09:09 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus 2008-01-26 11:21 --------- d-----w C:\Program Files\DivX 2008-01-24 11:06 3,781 ----a-w C:\WINDOWS\E220AutoRunLog.tmp 2008-01-22 16:54 --------- d-----w C:\Documents and Settings\admin\Application Data\U3 2008-01-22 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-12 10:02 --------- d-----w C:\Program Files\Locate 2008-01-10 09:28 --------- d-----w C:\Program Files\eMule 2008-01-05 11:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Dossier de téléchargement Share-to-Web 2008-01-05 11:11 --------- d-----w C:\Program Files\MSN Messenger 2008-01-05 11:10 --------- d-----w C:\Program Files\QuickTime 2008-01-05 11:00 --------- d-----w C:\Program Files\Symantec 2007-12-31 09:44 --------- d-----w C:\Program Files\Winamp 2007-12-07 16:44 --------- d-----w C:\Program Files\CCleaner 2007-12-04 11:26 --------- d-----w C:\Program Files\CodeRouteMarocMP3 2007-12-03 18:45 --------- d-----w C:\Program Files\Google 2007-11-24 16:30 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-11-24 16:30 290,816 ------w C:\WINDOWS\Setup1.exe 2007-10-29 11:36 88,576 -c-ha-w C:\Documents and Settings\admin\Application Data\rbap550.dll 2007-10-29 11:36 73,728 -c-ha-w C:\Documents and Settings\admin\Application Data\RBRegEx550.dll 2007-10-29 11:36 38,912 -c-ha-w C:\Documents and Settings\admin\Application Data\RBShell550.dll 2007-10-29 11:36 29,184 -c-ha-w C:\Documents and Settings\admin\Application Data\RBInternetEncodings550.dll 2007-10-29 11:36 1,166,772 -c-ha-w C:\Documents and Settings\admin\Application Data\RBXML550.dll 2007-10-29 11:36 1,001,472 -c-ha-w C:\Documents and Settings\admin\Application Data\RBScript550.dll 2007-03-05 19:36 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys 2006-11-10 19:19 8 --sh--r C:\WINDOWS\system32\9C8C5F520D.sys 2006-11-10 19:22 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "combofix"="C:\ComboFix\kmd.exe" [2004-08-05 12:00 400896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="Userinit.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk] backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk] backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-02-16 18:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-02-17 17:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva] C:\WINDOWS\system32\amvo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-23 14:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2005-04-08 15:52 48752 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2005-02-01 19:28 1469952 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] --a------ 2007-10-11 03:15 802816 C:\Program Files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2005-08-31 20:27 1658592 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a--c--- 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a--c--- 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a--c--- 2007-01-20 07:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-07-07 15:25 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-23 16:32 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-02-17 17:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows] --a------ 2004-08-05 12:00 33792 C:\WINDOWS\system32\rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WinDefend"=2 (0x2) "usnjsvc"=3 (0x3) "SM_clp300_FUService"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) "Diskeeper"=2 (0x2) "SmcService"=2 (0x2) "ServiceLayer"=3 (0x3) "iPod Service"=3 (0x3) "cpextender"=2 (0x2) "Apple Mobile Device"=2 (0x2) "NMIndexingService"=3 (0x3) "gusvc"=2 (0x2) "WLSetupSvc"=3 (0x3) "idsvc"=3 (0x3) "SavRoam"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "AdobeActiveFileMonitor6.0"=2 (0x2) "AcrSch2Svc"=2 (0x2) R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 05:39] R2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 02:29] S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [] S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [] S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [] S3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-02-10 13:26] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45] S4 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 02:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427bce-b3a3-11db-aa3e-101111111111}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856875e2-bf68-11db-aa48-101111111111}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2138f5c-c03b-11dc-a77e-54554344520d}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-30 01:42:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 17:54:02 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DU Meter\DUMeter.exe C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe C:\Program Files\Symantec AntiVirus\DoScan.exe . ************************************************************************** . Temps d'accomplissement: 2008-01-30 17:58:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-30 17:58:12 . 2008-01-09 09:06:43 --- E O F --- Merci.
×
×
  • Créer...