Nicola.S
-
Compteur de contenus
24 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Nicola.S
-
-
Voila, j'ai branché la clé et j'ai effectué la manipulation (bon après je sais pas si ça a marché
)Par contre j'ai toujours la croix rouge (si ça a un rapport)
-
tu t'es fait aussi entre autre infecté par un support USB infecté ::
branche ce support mais ne l'ouvre pas!!!!!!!!!!!!!
**desactive temporairement antivir sinon il va couiner sur::
==telecharge >> http://www.techsupportforum.com/sectools/s...Disinfector.exe
execute le
-----------------------
c'est pas forcément facile de prendre un sujet en cours pour t'aider et de relire les 36.000 rapports ;o)
Je ne comprends pas à quoi correspond ce support ?
Que dois-je brancher ?
-
Il ne semble plus y avoir de problèmes.
Juste une chose étrange, le disque dur apparait toujours avec une croix rouge.
Sinon, je suis conscient des risques de P2p, aussi j'essaie de minimiser les risques en ne téléchargeant pas n'importe quoi.
Mais merci du conseil -
Bonjour, bonjour,
Voila les 2 rapports demandés
__________________________________________________
ewido anti-spyware online scanner
__________________________________________________
Name: TrackingCookie.2o7
Path: :mozilla.39:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.40:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.41:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.42:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Estat
Path: :mozilla.135:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: :mozilla.169:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: :mozilla.171:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.237:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt
Risk: Medium
Name: Not-A-Virus.Hacktool.EvID
Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe
Risk: Low
Name: Not-A-Virus.Hacktool.EvID
Path: C:\Program Files\eChanblard\EvID4226Patch.exe
Risk: Low
ComboFix 08-02-13.2 - Nicolas 2008-02-15 18:13:05.11 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1507 [GMT 1:00]
Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\awvtqrs.dll
C:\WINDOWS\system32\awvtrrs.dll
C:\WINDOWS\system32\awvtu.exe
C:\WINDOWS\system32\ddayxwt.dll
C:\WINDOWS\system32\ddccb.exe
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccywv.dll
C:\WINDOWS\system32\gebcccy.dll
C:\WINDOWS\system32\gebcy.exe
C:\WINDOWS\system32\gebyaby.dll
C:\WINDOWS\system32\gebyvvv.dll
C:\WINDOWS\system32\gebyw.exe
C:\WINDOWS\system32\geebyyy.dll
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\jkhhhhe.dll
c:\windows\system32\jkkjg.exe
C:\WINDOWS\system32\jkkjhgh.dll
C:\WINDOWS\system32\jkkjjge.dll
C:\WINDOWS\system32\jkklljk.dll
C:\WINDOWS\system32\mljgfde.dll
C:\WINDOWS\system32\mljiiih.dll
C:\WINDOWS\system32\mljji.exe
C:\WINDOWS\system32\mljjk.exe
C:\WINDOWS\system32\mllji.exe
C:\WINDOWS\system32\nelrtibi.dll
C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\pmkhfdd.dll
C:\WINDOWS\system32\pmkhfde.dll
C:\WINDOWS\system32\pmnlj.exe
C:\WINDOWS\system32\pmnljgh.dll
C:\WINDOWS\system32\qomljkj.dll
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\ssqro.exe
C:\WINDOWS\system32\ssqrsrq.dll
C:\WINDOWS\system32\sstqpmm.dll
C:\WINDOWS\system32\sstqr.exe
c:\windows\system32\sstts.exe
C:\WINDOWS\system32\sstttqr.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ubiqbxiu.ini
C:\WINDOWS\system32\uixbqibu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\vdqsqhdw.ini
C:\WINDOWS\system32\vtsqq.exe
C:\WINDOWS\system32\vtsqrop.dll
C:\WINDOWS\system32\vtststs.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\WinUpdating.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\poof
-------\poof
((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
.
2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira
2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe
2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe
2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe
2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents
2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups
2008-02-11 17:52 . 2008-02-15 18:12 <REP> d-------- C:\QooBox
2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini
2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini
2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini
2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini
2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2
2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6
2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft
2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 16:15 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-15 16:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2
2008-02-15 16:11 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 13:21 --------- d-----w C:\Program Files\Java
2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard
2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer
2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs
2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2
2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-11 15:42 --------- d-----w C:\Program Files\Google
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site
2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live
2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger
2008-01-08 12:35 --------- d-----w C:\Program Files\nutri
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique
2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media
2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client
2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll
2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll
2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 18:16:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
-
Bon je viens de faire le test ComboFix.
C'est bizarre, il dit lui même avoir crée un Combofix.txt dans C: mais pourtant il n'y a rien. J'avoue ne pas comprendre.
Peut être supprimer les deux dossiers Combofix et Combofix (2) (oui car à un moment, je pouvais plus rien supprimer, du coup j'avais gardé deux versions de combofix) dans C: pour remettre tout à 0 ? je sais pas trop.
Screen:
Voila le nouveau rapport obtenu situé dans C:/Combofix(2)/Combofix.txt
ComboFix 08-02-13.2 - Nicolas 2008-02-14 20:19:56.10 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1514 [GMT 1:00]
Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\awvtqrs.dll
C:\WINDOWS\system32\awvtrrs.dll
C:\WINDOWS\system32\awvtu.exe
C:\WINDOWS\system32\ddayxwt.dll
C:\WINDOWS\system32\ddccb.exe
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccywv.dll
C:\WINDOWS\system32\gebcccy.dll
C:\WINDOWS\system32\gebcy.exe
C:\WINDOWS\system32\gebyaby.dll
C:\WINDOWS\system32\gebyvvv.dll
C:\WINDOWS\system32\gebyw.exe
C:\WINDOWS\system32\geebyyy.dll
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\jkhhhhe.dll
C:\WINDOWS\system32\jkkjg.exe
C:\WINDOWS\system32\jkkjhgh.dll
C:\WINDOWS\system32\jkkjjge.dll
C:\WINDOWS\system32\jkklljk.dll
C:\WINDOWS\system32\mljgfde.dll
C:\WINDOWS\system32\mljji.exe
C:\WINDOWS\system32\mljjk.exe
C:\WINDOWS\system32\mllji.exe
C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\pmkhfdd.dll
C:\WINDOWS\system32\pmkhfde.dll
C:\WINDOWS\system32\pmnlj.exe
C:\WINDOWS\system32\pmnljgh.dll
C:\WINDOWS\system32\ssqro.exe
C:\WINDOWS\system32\ssqrsrq.dll
C:\WINDOWS\system32\sstqpmm.dll
C:\WINDOWS\system32\sstqr.exe
C:\WINDOWS\system32\sstts.exe
C:\WINDOWS\system32\sstttqr.dll
C:\WINDOWS\system32\vtsqq.exe
C:\WINDOWS\system32\vtsqrop.dll
C:\WINDOWS\system32\vtststs.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\WinUpdating.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\awvtqrs.dll
C:\WINDOWS\system32\awvtrrs.dll
C:\WINDOWS\system32\awvtu.exe
C:\WINDOWS\system32\ddayxwt.dll
C:\WINDOWS\system32\ddccb.exe
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccywv.dll
C:\WINDOWS\system32\gebcccy.dll
C:\WINDOWS\system32\gebcy.exe
C:\WINDOWS\system32\gebyaby.dll
C:\WINDOWS\system32\gebyvvv.dll
C:\WINDOWS\system32\gebyw.exe
C:\WINDOWS\system32\geebyyy.dll
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\jkhhhhe.dll
c:\windows\system32\jkkjg.exe
C:\WINDOWS\system32\jkkjhgh.dll
C:\WINDOWS\system32\jkkjjge.dll
C:\WINDOWS\system32\jkklljk.dll
C:\WINDOWS\system32\mljgfde.dll
C:\WINDOWS\system32\mljiiih.dll
C:\WINDOWS\system32\mljji.exe
C:\WINDOWS\system32\mljjk.exe
C:\WINDOWS\system32\mllji.exe
C:\WINDOWS\system32\nelrtibi.dll
C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\pmkhfdd.dll
C:\WINDOWS\system32\pmkhfde.dll
C:\WINDOWS\system32\pmnlj.exe
C:\WINDOWS\system32\pmnljgh.dll
C:\WINDOWS\system32\qomljkj.dll
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\ssqro.exe
C:\WINDOWS\system32\ssqrsrq.dll
C:\WINDOWS\system32\sstqpmm.dll
C:\WINDOWS\system32\sstqr.exe
c:\windows\system32\sstts.exe
C:\WINDOWS\system32\sstttqr.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ubiqbxiu.ini
C:\WINDOWS\system32\uixbqibu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\vdqsqhdw.ini
C:\WINDOWS\system32\vtsqq.exe
C:\WINDOWS\system32\vtsqrop.dll
C:\WINDOWS\system32\vtststs.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\WinUpdating.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\poof
-------\poof
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.
2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira
2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe
2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe
2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe
2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents
2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups
2008-02-11 17:52 . 2008-02-14 20:19 <REP> d-------- C:\QooBox
2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini
2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini
2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini
2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini
2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2
2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6
2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft
2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 18:10 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-14 18:08 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-14 18:08 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2
2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 13:21 --------- d-----w C:\Program Files\Java
2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard
2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer
2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs
2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2
2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-11 15:42 --------- d-----w C:\Program Files\Google
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site
2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live
2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger
2008-01-08 12:35 --------- d-----w C:\Program Files\nutri
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique
2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media
2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client
2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla
2007-12-14 20:51 --------- d-----w C:\Program Files\RealMedia
2007-12-14 20:51 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-12-14 20:51 --------- d-----w C:\Program Files\DScaler5
2007-12-14 20:51 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-12-14 20:50 --------- d-----w C:\Program Files\Haali
2007-12-14 20:50 --------- d-----w C:\Program Files\DirectVobSub
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll
2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll
2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]
"{25BE2418-6C95-418F-BE03-0D9B9354A167}"= C:\WINDOWS\system32\mljiiih.dll [ ]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57]
*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 20:22:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
-
J'aime bien Antivir, pendant l'analyse, il effectue un bip lorsqu'il trouve un trojan/virus. Je me suis cru dans la bataille finale de la Guerre des Etoiles tellement ça sonnait.
Voila le Rapport d'antivir (celui de Combofix arrive dans un instant, le temps de le lancer)
AntiVir PersonalEdition Classic
Report file date: 2008-02-14 19:21
Scanning for 1109165 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DOCHE-0PKOS71KZ
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:19:50
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:19:50
ANTIVIR3.VDF : 7.0.2.139 181760 Bytes 2008-02-14 18:19:50
AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-14 18:19:50
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-14 18:19:50
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-02-14 19:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '21' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/WINDOWS/system32/cbxvvvw.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddabx.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/jkkjg.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/malcmicb.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/mljjg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/sstts.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/windows.vir
[DETECTION] Is the Trojan horse TR/Zapchast.DT.1
--> WINDOWS/System32/WinSpooler.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
--> WINDOWS/System32/WinUpdating.exe
[DETECTION] Is the Trojan horse TR/Agent.fgk.1
--> WINDOWS/System32/gebyw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/ddccb.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/jkhhh.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/ddccy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/mljgfde.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/sstttqr.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/gebcccy.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/jkkjjge.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/pmkhfdd.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/awvtqrs.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was moved to '48208746.qua'!
C:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36
[iNFO] The file was moved to '481d8785.qua'!
C:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[iNFO] The file was moved to '482287ac.qua'!
C:\Documents and Settings\Nicolas\Local Settings\Temp\TEMP01.rar
[0] Archive type: CAB (Microsoft)
--> runme.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[iNFO] The file was moved to '48018788.qua'!
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\KO0NIYOT\tr[1]
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\TQ26IOJT\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\awtsp.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtqrs.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtrrs.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvvvw.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddabx.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddayxwt.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccb.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccy.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccywv.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcccy.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyaby.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyvvv.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyw.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\geebyyy.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfc.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhe.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhf.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhh.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhhhe.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjhgh.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjjge.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkklljk.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\malcmicb.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mljgfde.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mljji.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mljjk.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\nelrtibi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhf.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfdd.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfde.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlj.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnljgh.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqro.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrsrq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sstqpmm.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sstqr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sstts.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sstttqr.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\uixbqibu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqq.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqrop.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtststs.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir
[DETECTION] Is the Trojan horse TR/Zapchast.DT.1
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[iNFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\WinUpdating.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.fgk.1
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP291\A0047046.exe
[DETECTION] Contains detection pattern of the dropper DR/MegaSearch.N.25
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP303\A0053654.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP305\A0054904.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055154.exe
[DETECTION] Is the Trojan horse TR/Pakes.bzo
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055175.dll
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055176.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055184.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055226.dll
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055232.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055234.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055242.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056287.dll
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056289.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056506.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056579.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056582.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056597.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056598.dll
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056599.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058686.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058687.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058884.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058885.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058886.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058887.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058888.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058889.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058890.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058891.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058892.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058893.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058894.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058895.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058896.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058897.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058898.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058899.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058900.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058901.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058902.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058903.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058904.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058905.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058906.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058907.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058908.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058909.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058910.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058911.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058912.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058913.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058914.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058915.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058916.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058917.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058918.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058919.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058920.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058921.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058923.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058924.exe
[DETECTION] Is the Trojan horse TR/Agent.fgk.1
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058926.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058928.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was deleted!
C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP321\A0059316.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36
[iNFO] The file was deleted!
C:\VundoFix Backups\awvvu.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\VundoFix Backups\degcwhrk.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\VundoFix Backups\dpmxctvy.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\VundoFix Backups\igkurnmj.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\VundoFix Backups\jkkjh.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\VundoFix Backups\lidwufmt.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\VundoFix Backups\pmnll.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[iNFO] The file was deleted!
C:\VundoFix Backups\spexysod.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\VundoFix Backups\tuvtcdnf.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\VundoFix Backups\vxrnndve.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\VundoFix Backups\wdhqsqdv.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was deleted!
C:\VundoFix Backups\xpybytff.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\VundoFix Backups\zjkpsyfy.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[iNFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <Nouveau nom>
End of the scan: 2008-02-14 20:10
Used time: 48:49 min
The scan has been done completely.
8815 Scanning directories
678173 Files were scanned
157 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
132 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
678016 Files not concerned
3507 Archives were scanned
2 Warnings
0 Notes
-
Je m'en occupe dans un instant, le temps de finir l'analyse antivurs de Antivir (qui du coup, trouve beaucoup plus de chose que F-Secure, dont Vundo
) -
<br /><br /><br />
-------------------------------
bien sur que non !! le rapport est en c:\ComboFix.txt
Malheureusement ça ne semble pas le cas.
Je n'ai jamais eu de rapport dans C: directement, mais dans C:/Combofix/Combofix.txt.
Je me doute que ce n'est pas normal mais c'est pourtant le cas. Rien n'est créé dans C: directement (contrairement aux rapports des autres logiciels tel que Genproc ou Vundofix)
Par contre, un dossier Combofix est bien apparu, et dans celui ci figue un Combofix.txt (qui contient ce que j'ai cité précédement)
-
poste le rapport complet ; merci
Le truc c'est que c'est le rapport complet
Merci pour l'antivirus
-
Voila le rapport, par contre, problème, F Secure ne se lance plus. Du coup plus d'antivirus là.
Quand je regarde les processus, je vois isass.exe, c'était pas un virus ?
Voila le rapport, en attendant, je débranche internet.
ComboFix 08-02-13.2 - Nicolas 2008-02-14 16:17:09.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 1:00]
Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\awvtqrs.dll
C:\WINDOWS\system32\awvtrrs.dll
C:\WINDOWS\system32\awvtu.exe
C:\WINDOWS\system32\ddayxwt.dll
C:\WINDOWS\system32\ddccb.exe
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccywv.dll
C:\WINDOWS\system32\gebcccy.dll
C:\WINDOWS\system32\gebcy.exe
C:\WINDOWS\system32\gebyaby.dll
C:\WINDOWS\system32\gebyvvv.dll
C:\WINDOWS\system32\gebyw.exe
C:\WINDOWS\system32\geebyyy.dll
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\jkhhhhe.dll
C:\WINDOWS\system32\jkkjg.exe
C:\WINDOWS\system32\jkkjhgh.dll
C:\WINDOWS\system32\jkkjjge.dll
C:\WINDOWS\system32\jkklljk.dll
C:\WINDOWS\system32\mljgfde.dll
C:\WINDOWS\system32\mljji.exe
C:\WINDOWS\system32\mljjk.exe
C:\WINDOWS\system32\mllji.exe
C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\pmkhfdd.dll
C:\WINDOWS\system32\pmkhfde.dll
C:\WINDOWS\system32\pmnlj.exe
C:\WINDOWS\system32\pmnljgh.dll
C:\WINDOWS\system32\ssqro.exe
C:\WINDOWS\system32\ssqrsrq.dll
C:\WINDOWS\system32\sstqpmm.dll
C:\WINDOWS\system32\sstqr.exe
C:\WINDOWS\system32\sstts.exe
C:\WINDOWS\system32\sstttqr.dll
C:\WINDOWS\system32\vtsqq.exe
C:\WINDOWS\system32\vtsqrop.dll
C:\WINDOWS\system32\vtststs.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\WinUpdating.exe
.
-
J'effectue cette manipulation alors ?
-
Ah tiens, je viens de constater, pendant ma navigation sur internet, qu'un second onglet s'est ouvert en popup sous firefox dirigeant vers "avsystemcare". Il ne me semble pas avoir eu cela auparavant
-
Le pc va déjà beaucoup mieux, grand merci à vous.
Il reste cependant certaines petites choses:
- Au démarrage du pc, un message d'erreur est parfois présent, indiquant l'absence d'une dll (toujours avec un nom bizarre du genre b1s5regxw4.dll)
- Dans le poste de travail, l'icone du disque dur C: est remplacée par une croix rouge. (Pas spécialement dérangeant mais étrange, puisque cela semble lié à sotrageprotector)
Sinon, j'ai moi aussi envie de désinstaller spybot afin de laisser tourner seulement AVG (moins "lourd" et plus simple d'utilisation), pas de contre-indication ?
Encore merci pour toutes ces réponses
-
Merci pour la réponse.
En ce qui concerne les antivirus etc, comme écrit dans la procédure, je les désactive (ainsi que la connexion internet) avant de lancer les différents logiciels de diagnostique. Sinon je possède F-Secure, Kerio, AVG, et spybot.
Une question en passant puisqu'on en parle. Spybot est muni d'un système de surveillance (Tea time) surement très complet mais aussi difficile à comprendre. J'ai fréquemment des messages venant de celui-ci indiquant des modifications importantes dans le registre. Comment savoir quand il faut autoriser ou non la modification ?
Sinon, voila le rapport Diaghelp:
DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-02-14 à 14:35:57.38
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2008-02-14 14:35:57
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2008-02-14 14:35:54
C:\WINDOWS\prefetch\BACKWEB-7681197.EXE-0CD34FA2.pf -->2008-02-14 14:35:53
C:\WINDOWS\prefetch\FSLAUNCH.EXE-1541820B.pf -->2008-02-14 14:35:48
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->2008-02-14 14:35:28
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-02-14 14:34:22
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->2008-02-14 14:34:12
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->2008-02-14 14:34:08
C:\WINDOWS\prefetch\WINUPDATING.EXE-1BBB97B0.pf -->2008-02-14 14:34:08
C:\WINDOWS\prefetch\WINSPOOLER.EXE-212A566A.pf -->2008-02-14 14:34:08
C:\WINDOWS\System32\drivers\ComboFix.sys -->2008-02-14 14:27:07
C:\WINDOWS\System32\drivers\fwdrv.err -->2008-02-13 18:09:21
C:\WINDOWS\System32\drivers\sptd.sys -->2007-12-19 22:38:51
C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35
C:\WINDOWS\System32\drivers\yk51x86.sys -->2007-12-06 09:51:00
C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54
C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-11-06 20:00:00
C:\WINDOWS\System32\wpa.dbl -->2008-02-14 14:33:14
C:\WINDOWS\System32\settingsbkup.sfm -->2008-02-14 14:31:56
C:\WINDOWS\System32\settings.sfm -->2008-02-14 14:31:56
C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56
C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56
C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56
C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log -->2008-02-14 14:18:00
C:\WINDOWS\System32\tmp.txt -->2008-02-11 23:07:24
C:\WINDOWS\System32\tmp.reg -->2008-02-11 23:07:23
C:\WINDOWS\System32\bpsnfgrb.ini -->2008-02-11 13:44:51
C:\WINDOWS\System32\bmhvcfoh.ini -->2008-02-11 13:44:24
C:\WINDOWS\System32\rar.exe -->2008-02-10 13:45:18
C:\WINDOWS\System32\WinSpooler.exe -->2008-02-10 13:44:22
C:\WINDOWS\System32\WinUpdating.exe -->2008-02-10 11:57:57
C:\WINDOWS\System32\mljgfde.dll -->2008-02-07 12:18:57
C:\WINDOWS\System32\gebyw.exe -->2008-02-07 12:18:57
C:\WINDOWS\System32\sstttqr.dll -->2008-02-06 10:48:42
C:\WINDOWS\System32\gebcccy.dll -->2008-02-05 19:51:13
C:\WINDOWS\System32\ddccb.exe -->2008-02-05 19:51:13
C:\WINDOWS\System32\jkkjjge.dll -->2008-02-05 06:51:24
C:\WINDOWS\System32\jkhhh.exe -->2008-02-05 06:51:23
C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46
C:\WINDOWS\System32\pmkhfdd.dll -->2008-02-04 12:32:41
C:\WINDOWS\System32\ddccy.exe -->2008-02-04 12:32:41
C:\WINDOWS\System32\awvtqrs.dll -->2008-02-02 18:04:07
C:\WINDOWS.log -->2008-02-14 14:33:09
C:\WINDOWS\WindowsUpdate.log -->2008-02-14 14:33:05
C:\WINDOWS\bootstat.dat -->2008-02-14 14:32:50
C:\WINDOWS\SchedLgU.Txt -->2008-02-14 14:31:50
C:\WINDOWS\PSEXESVC.EXE -->2008-02-14 14:26:55
C:\WINDOWS\system.ini -->2008-02-14 12:19:19
C:\WINDOWS\MEMORY.DMP -->2008-02-13 19:52:57
C:\WINDOWS\ntbtlog.txt -->2008-02-13 18:09:32
C:\WINDOWS\tsoc.log -->2008-02-13 12:08:11
C:\WINDOWS\setupapi.log -->2008-02-13 12:08:11
C:\WINDOWS\ocmsn.log -->2008-02-13 12:08:11
C:\WINDOWS\ocgen.log -->2008-02-13 12:08:11
C:\WINDOWS\ntdtcsetup.log -->2008-02-13 12:08:11
C:\WINDOWS\msgsocm.log -->2008-02-13 12:08:11
C:\WINDOWS\KB946026.log -->2008-02-13 12:08:11
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright © 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 2356
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x00da0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL
0x00f90000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x01900000 0x171000 6.14.0010.11129 C:\WINDOWS\system32\nview.dll
0x02220000 0x50000 6.14.0010.11129 C:\WINDOWS\system32\NVWRSFR.DLL
0x02620000 0x2c000 1.04.0000.0002 C:\Program Files\MarkAny\ContentSafer\MaCSProHook.DLL
0x01e40000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll
0x02c60000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x43ff0000 0xa000 7.00.6000.16608 C:\WINDOWS\system32\jsproxy.dll
0x03330000 0x15000 6.14.0011.6906 C:\WINDOWS\system32\nvwddi.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x033e0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll
0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll
0x036a0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x03710000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x03270000 0x6000 6.01.0004.0058 C:\WINDOWS\TEMP\IadHide4.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright © 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 756
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\WINDOWS\system32
2004-08-20 00:09 6,144 csrss.exe
1 fichier(s) 6,144 octets
0 Rép(s) 5,624,254,464 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\WINDOWS\Downloaded Program Files
2008-02-11 20:13 <REP> .
2008-02-11 20:13 <REP> ..
2004-12-07 17:07 32 bdcore.dll
2006-05-25 01:21 118,784 bdupd.dll
2007-02-14 15:40 65 desktop.ini
2007-03-23 11:17 1,292 erma.inf
2006-05-25 01:21 53,248 ipsupd.dll
2005-03-16 12:34 7,407 lang.ini
2004-12-07 17:07 32 libfn.dll
2005-03-14 14:38 126 live.ini
2007-10-29 16:45 1,244 oscan8.inf
2007-10-25 16:54 471,040 oscan8.ocx
2005-03-14 14:58 7,073 scanoptions.tsi
2005-05-26 04:19 291 wuweb.inf
12 fichier(s) 660,634 octets
Total des fichiers listés :
12 fichier(s) 660,634 octets
2 Rép(s) 5,624,254,464 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[sharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 www.msupdater.net
127.0.0.1 msupdater.net
127.0.0.1 www.necessaryupdates.com
127.0.0.1 necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 www.updatemysettings.com
127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 14:36:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000136
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
176 - FSMA32.exe
732 - csrss.exe
756 - winlogon.exe
804 - services.exe
816 - lsass.exe
864 - FSLAUNCH.exe
976 - svchost.exe
1052 - svchost.exe
1092 - svchost.exe
1132 - svchost.exe
1180 - svchost.exe
1276 - svchost.exe
1368 - spoolsv.exe
1520 - guard.exe
1536 - SERVIC~1.EXE
1556 - mDNSResponder.e
1636 - fsgk32.exe
1692 - fssm32.exe
1712 - nvsvc32.exe
2108 - alg.exe
2296 - wscntfy.exe
2356 - explorer.exe
2844 - smax4pnp.exe
2872 - CtHelper.exe
2932 - Ctxfihlp.exe
2956 - CTxfispi.exe
2964 - CTSched.exe
3040 - FSLAUNCH.exe
3064 - rundll32.exe
3132 - rundll32.exe
3248 - backWeb-7681197
3264 - MaAgent.exe
3284 - reader_sl.exe
3304 - avgas.exe
3372 - ctfmon.exe
3416 - svchost.exe
3456 - NMBgMonitor.exe
3492 - NMIndexingServi
3552 - NMIndexStoreSvr
3752 - cmd.exe
4076 - wuauclt.exe
Total number of processes = 42
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6A9000 - spcc.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA691000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA662000 - ACPI.sys
BA651000 - pci.sys
BA8A8000 - ohci1394.sys
BA8B8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
BA8C8000 - isapnp.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
BA8D8000 - MountMgr.sys
BA632000 - ftdisk.sys
BAB30000 - PartMgr.sys
BA8E8000 - VolSnap.sys
BA61A000 - atapi.sys
BA8F8000 - jraid.sys
BA908000 - disk.sys
BA918000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
BA5FA000 - fltmgr.sys
BA5E8000 - sr.sys
BA5D1000 - KSecDD.sys
BA5BE000 - WudfPf.sys
BA531000 - Ntfs.sys
BA504000 - NDIS.sys
BA4F1000 - sfvfs02.sys
BAB38000 - sfhlp02.sys
BA4DF000 - sfdrv01.sys
BA4C4000 - Mup.sys
BADAC000 - JGOGO.sys
BA9A8000 - \SystemRoot\System32\DRIVERS\intelppm.sys
B9D66000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
B9D52000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
BAB88000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
B9D2F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
BAB90000 - \SystemRoot\System32\DRIVERS\usbehci.sys
B9D0A000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys
BA9B8000 - \SystemRoot\System32\DRIVERS\cdrom.sys
B9CC4000 - \SystemRoot\System32\DRIVERS\yk51x86.sys
B9C46000 - \SystemRoot\system32\drivers\ctaud2k.sys
B9C22000 - \SystemRoot\system32\drivers\portcls.sys
BA9C8000 - \SystemRoot\system32\drivers\drmk.sys
B9BFF000 - \SystemRoot\system32\drivers\ks.sys
B9BCB000 - \SystemRoot\system32\drivers\ctoss2k.sys
BABB8000 - \SystemRoot\system32\drivers\ctprxy2k.sys
BA9D8000 - \SystemRoot\System32\DRIVERS\nic1394.sys
B9BBA000 - \SystemRoot\System32\DRIVERS\serial.sys
BAD64000 - \SystemRoot\System32\DRIVERS\serenum.sys
BADB4000 - \SystemRoot\System32\DRIVERS\ASACPI.sys
BA9E8000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
BABD8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
BAFBC000 - \SystemRoot\System32\DRIVERS\audstub.sys
BA9F8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
BAD6C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
B9B03000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
BAA08000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
BAA18000 - \SystemRoot\System32\DRIVERS\raspptp.sys
BABF8000 - \SystemRoot\System32\DRIVERS\TDI.SYS
B9AF2000 - \SystemRoot\System32\DRIVERS\psched.sys
BAA28000 - \SystemRoot\System32\DRIVERS\msgpc.sys
BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys
BAC18000 - \SystemRoot\System32\DRIVERS\raspti.sys
BAA38000 - \SystemRoot\System32\DRIVERS\termdd.sys
BAC28000 - \SystemRoot\System32\DRIVERS\mouclass.sys
BADBA000 - \SystemRoot\System32\DRIVERS\swenum.sys
B9A99000 - \SystemRoot\System32\DRIVERS\update.sys
BAD80000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
BAA48000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAA58000 - \SystemRoot\System32\DRIVERS\usbhub.sys
BADC0000 - \SystemRoot\System32\DRIVERS\USBD.SYS
B7934000 - \SystemRoot\system32\drivers\ADIHdAud.sys
B791D000 - \SystemRoot\system32\drivers\AEAudio.sys
B78BD000 - \SystemRoot\system32\drivers\Senfilt.sys
B3576000 - \SystemRoot\system32\drivers\ha20x2k.sys
B3547000 - \SystemRoot\system32\drivers\emupia2k.sys
B351E000 - \SystemRoot\system32\drivers\ctsfm2k.sys
B3482000 - \SystemRoot\system32\drivers\ctac32k.sys
BADC6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAEAB000 - \SystemRoot\System32\Drivers\Null.SYS
BADCA000 - \SystemRoot\System32\Drivers\Beep.SYS
BAEAD000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
BAC80000 - \SystemRoot\System32\drivers\vga.sys
BADCE000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADD2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
B3419000 - \SystemRoot\system32\drivers\fwdrv.sys
BAC90000 - \SystemRoot\System32\Drivers\Msfs.SYS
BACA0000 - \SystemRoot\System32\Drivers\Npfs.SYS
BA47C000 - \SystemRoot\System32\DRIVERS\rasacd.sys
B3406000 - \SystemRoot\System32\DRIVERS\ipsec.sys
B33AE000 - \SystemRoot\System32\DRIVERS\tcpip.sys
B3365000 - \SystemRoot\System32\DRIVERS\ipnat.sys
B333D000 - \SystemRoot\System32\DRIVERS\netbt.sys
BAA88000 - \SystemRoot\System32\DRIVERS\wanarp.sys
B331B000 - \SystemRoot\System32\drivers\afd.sys
BAA98000 - \SystemRoot\System32\DRIVERS\arp1394.sys
BAAA8000 - \SystemRoot\System32\DRIVERS\netbios.sys
B3250000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B31E1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B31D0000 - \SystemRoot\system32\drivers\khips.sys
BAD68000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAAD8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
BAB98000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAAF8000 - \SystemRoot\System32\Drivers\Fips.SYS
BAF16000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
B9A91000 - \SystemRoot\System32\DRIVERS\mouhid.sys
BAB18000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B31B8000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADE4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B78B1000 - \SystemRoot\System32\drivers\Dxapi.sys
BABE0000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAFC0000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B2E80000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B2C1C000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
B2CE8000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
B2C98000 - \??\C:\Program Files\F-Secure\Common\FSPM.SYS
B2972000 - \SystemRoot\System32\DRIVERS\srv.sys
B2B2C000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
B2CC8000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
B277D000 - \SystemRoot\system32\drivers\wdmaud.sys
B2B5C000 - \SystemRoot\system32\drivers\sysaudio.sys
B1F34000 - \SystemRoot\System32\Drivers\HTTP.sys
BAF0E000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 129
Liste des programmes installes
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2 - Français
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Ajouter ou supprimer Adobe Creative Suite 3 Web Premium
Archiveur WinRAR
ASUSUpdate
AVG Anti-Spyware 7.5
Canon iP3300
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CD Audio Reader Filter (remove only)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB914440)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DataCastComponent
DirectVobSub (remove only)
DivX Content Uploader
DivX Web Player
DScaler 5 Mpeg Decoders
Easy-WebPrint
Enregistrement utilisateur de Canon iP3300
F-Secure Anti-Virus
F-Secure BackWeb
F-Secure Management Agent
ffdshow [rev 1058+] [2007-03-22]
Google Earth
Half-Life® 2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java 6 Update 4
JRAID
K-Lite Codec Pack 2.85 Full
Lame ACM MP3 Codec
Lecteur Windows Media 11
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 French Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920342)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB925720)
Mise à jour pour Windows XP (KB925876)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7
neroxml
Neuf - Kit de connexion
NVIDIA Drivers
OpenOffice.org 2.3
OpenSource Flash Video Splitter (remove only)
Package de base Microsoft de service de chiffrement pour cartes à puce
PDF Settings
RealMedia (remove only)
Samsung Media Studio
Sound Blaster X-Fi
SoundMAX
Spybot - Search & Destroy
Steam
Sunbelt Personal Firewall
TeamSpeak 2 RC2
WebFldrs XP
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation FR Language Pack
Windows XP Service Pack 2
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\Program Files
2008-02-12 16:43 <REP> .
2008-02-12 16:43 <REP> ..
2008-02-09 18:55 <REP> Adobe
2007-02-14 15:59 <REP> Analog Devices
2007-02-15 11:55 <REP> ASUS
2007-11-25 17:18 <REP> Azureus
2007-07-21 17:10 <REP> Bonjour
2007-10-23 09:03 <REP> Canon
2008-02-11 23:05 <REP> CCleaner
2007-12-14 21:51 <REP> CD Audio Reader Filter
2007-02-14 15:38 <REP> ComPlus Applications
2007-02-14 16:21 <REP> Creative
2007-12-14 21:50 <REP> DirectVobSub
2007-07-23 12:09 <REP> DivX
2007-12-14 21:51 <REP> DScaler5
2008-02-14 12:52 <REP> eChanblard
2008-02-11 18:54 <REP> Fichiers communs
2007-12-15 20:14 <REP> FileZilla Client
2007-02-14 18:37 <REP> F-Secure
2008-01-11 16:42 <REP> Google
2008-02-11 17:00 <REP> Grisoft
2007-12-14 21:50 <REP> Haali
2007-02-14 15:46 <REP> Intel
2008-02-13 12:08 <REP> Internet Explorer
2008-02-14 14:21 <REP> Java
2007-03-25 16:41 <REP> K-Lite Codec Pack
2007-08-15 14:27 <REP> Lame MP3 Codec
2008-01-23 12:53 <REP> Lavasoft
2007-08-15 14:26 <REP> MarkAny
2007-02-14 16:04 <REP> Marvell
2007-02-14 20:30 <REP> Messenger
2008-01-08 15:37 <REP> Messenger Plus! Live
2007-02-14 15:41 <REP> microsoft frontpage
2007-02-14 19:43 <REP> Movie Maker
2008-02-14 14:34 <REP> Mozilla Firefox
2007-09-22 10:57 <REP> MSBuild
2007-02-14 15:38 <REP> MSN
2007-02-14 15:38 <REP> MSN Gaming Zone
2008-01-08 15:37 <REP> MSN Messenger
2007-07-05 10:11 <REP> MSXML 4.0
2007-09-22 10:59 <REP> MSXML 6.0
2007-07-04 11:22 <REP> Nero
2007-02-14 19:42 <REP> NetMeeting
2007-02-14 16:56 <REP> Neuf
2008-01-08 13:35 <REP> nutri
2007-12-01 13:34 <REP> OpenOffice.org 2.3
2007-12-14 21:51 <REP> OpenSource Flash Video Splitter
2007-06-19 18:13 <REP> Outlook Express
2007-07-21 17:35 <REP> QuickTime
2007-12-14 21:51 <REP> RealMedia
2007-09-22 10:55 <REP> Reference Assemblies
2007-08-15 14:26 <REP> Samsung
2007-02-14 15:38 <REP> Services en ligne
2008-02-12 12:20 <REP> Spybot - Search & Destroy
2007-02-14 16:59 <REP> Sunbelt Software
2007-09-23 18:11 <REP> Teamspeak2_RC2
2008-02-12 16:43 <REP> Trend Micro
2007-12-01 14:21 <REP> Valve
2007-12-15 20:14 <REP> Visicom Media
2007-07-17 15:17 <REP> Webteh
2008-01-08 15:37 <REP> Windows Live
2007-02-14 22:06 <REP> Windows Media Connect 2
2007-02-14 22:06 <REP> Windows Media Player
2007-02-14 19:41 <REP> Windows NT
2007-06-02 09:54 <REP> WinRAR
2008-01-08 13:50 <REP> WorkoutLogger
2007-02-14 15:41 <REP> xerox
2007-08-15 14:27 <REP> XviD
0 fichier(s) 0 octets
68 Rép(s) 5,624,160,256 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\Program Files\fichiers communs
2008-02-11 18:54 <REP> .
2008-02-11 18:54 <REP> ..
2008-02-09 18:55 <REP> Adobe
2007-07-04 11:22 <REP> Ahead
2007-12-02 09:39 <REP> Blizzard Entertainment
2007-02-14 16:15 <REP> Creative
2007-02-15 11:54 <REP> InstallShield
2007-06-30 10:55 <REP> Java
2007-07-21 17:06 <REP> Macrovision Shared
2007-02-14 22:03 <REP> Microsoft Shared
2007-02-14 15:39 <REP> MSSoap
2007-02-14 15:27 <REP> ODBC
2007-02-14 15:39 <REP> Services
2007-02-14 15:27 <REP> SpeechEngines
2007-06-19 18:13 <REP> System
0 fichier(s) 0 octets
15 Rép(s) 5,624,160,256 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
2007-02-14 15:44 <REP> .
2007-02-14 15:44 <REP> ..
2001-05-18 17:57 561,209 MSONSEXT.DLL
1999-06-03 14:09 122,937 MSOWS409.DLL
2001-03-07 09:00 127,033 MSOWS40c.DLL
3 fichier(s) 811,179 octets
2 Rép(s) 5,624,160,256 octets libres
c:\Documents and Settings\Nicolas\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
c:\Documents and Settings\Nicolas\Bureau\ccsetup204.exe
c:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe
c:\Documents and Settings\Nicolas\Bureau\FxVundoB.exe
c:\Documents and Settings\Nicolas\Bureau\HJTInstall(2).exe
c:\Documents and Settings\Nicolas\Bureau\HJTInstall.exe
c:\Documents and Settings\Nicolas\Bureau\jre-6u4-windows-i586-p.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Nicolas\Bureau\spybotsd152.exe
c:\Documents and Settings\Nicolas\Bureau\VirtumundoBeGone.exe
c:\Documents and Settings\Nicolas\Bureau\VundoFix(2).exe
c:\Documents and Settings\Nicolas\Bureau\VundoFix.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Nicolas\Bureau\GenProc\GenProc\outil\swreg.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\Setup.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\Setup.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\Setup.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe
c:\Documents and Settings\PASCAL\Bureau\Azureus_3.0.3.4_windows.exe
c:\Documents and Settings\PASCAL\Bureau\google-earth_google_earth_4.2.0198_beta_francais_14783.exe
c:\Documents and Settings\PASCAL\Bureau\installer-51883-17-Azureus-French.exe
c:\Documents and Settings\PASCAL\Bureau\jre-6u3-windows-i586-p-iftw.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Nicolas\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz a l'adresse http://upload.malekal.com
Merci d'avance.
-
Merci.
Voila le rapport :
DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-02-14 à 13:20:47.23
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\BACKWEB-7681197.EXE-0CD34FA2.pf -->2008-02-14 13:20:46
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2008-02-14 13:20:44
C:\WINDOWS\prefetch\FSLAUNCH.EXE-1541820B.pf -->2008-02-14 13:20:41
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->2008-02-14 13:20:22
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->2008-02-14 13:19:54
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-02-14 13:19:06
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->2008-02-14 13:19:02
C:\WINDOWS\prefetch\EMULE.EXE-00D65C08.pf -->2008-02-14 12:52:07
C:\WINDOWS\prefetch\RUNDLL32.EXE-54023F1C.pf -->2008-02-14 12:39:06
C:\WINDOWS\prefetch\RUNDLL32.EXE-57C8756E.pf -->2008-02-14 12:39:05
C:\WINDOWS\System32\drivers\fwdrv.err -->2008-02-13 18:09:21
C:\WINDOWS\System32\drivers\sptd.sys -->2007-12-19 22:38:51
C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35
C:\WINDOWS\System32\drivers\yk51x86.sys -->2007-12-06 09:51:00
C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54
C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-11-06 20:00:00
C:\WINDOWS\System32\drivers\tcpip.sys -->2007-10-30 18:20:55
C:\WINDOWS\System32\wpa.dbl -->2008-02-14 12:27:14
C:\WINDOWS\System32\settingsbkup.sfm -->2008-02-14 12:25:55
C:\WINDOWS\System32\settings.sfm -->2008-02-14 12:25:55
C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 12:25:55
C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 12:25:55
C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 12:25:55
C:\WINDOWS\System32\tmp.txt -->2008-02-11 23:07:24
C:\WINDOWS\System32\tmp.reg -->2008-02-11 23:07:23
C:\WINDOWS\System32\bpsnfgrb.ini -->2008-02-11 13:44:51
C:\WINDOWS\System32\bmhvcfoh.ini -->2008-02-11 13:44:24
C:\WINDOWS\System32\rar.exe -->2008-02-10 13:45:18
C:\WINDOWS\System32\WinSpooler.exe -->2008-02-10 13:44:22
C:\WINDOWS\System32\WinUpdating.exe -->2008-02-10 11:57:57
C:\WINDOWS\System32\mljgfde.dll -->2008-02-07 12:18:57
C:\WINDOWS\System32\gebyw.exe -->2008-02-07 12:18:57
C:\WINDOWS\System32\sstttqr.dll -->2008-02-06 10:48:42
C:\WINDOWS\System32\sstts.exe -->2008-02-06 10:48:42
C:\WINDOWS\System32\gebcccy.dll -->2008-02-05 19:51:13
C:\WINDOWS\System32\ddccb.exe -->2008-02-05 19:51:13
C:\WINDOWS\System32\jkkjjge.dll -->2008-02-05 06:51:24
C:\WINDOWS\System32\jkhhh.exe -->2008-02-05 06:51:23
C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46
C:\WINDOWS\System32\pmkhfdd.dll -->2008-02-04 12:32:41
C:\WINDOWS\System32\ddccy.exe -->2008-02-04 12:32:41
C:\WINDOWS\System32\jkkjg.exe -->2008-02-02 18:04:07
C:\WINDOWS.log -->2008-02-14 12:27:08
C:\WINDOWS\WindowsUpdate.log -->2008-02-14 12:27:05
C:\WINDOWS\bootstat.dat -->2008-02-14 12:26:49
C:\WINDOWS\SchedLgU.Txt -->2008-02-14 12:25:49
C:\WINDOWS\system.ini -->2008-02-14 12:19:19
C:\WINDOWS\MEMORY.DMP -->2008-02-13 19:52:57
C:\WINDOWS\ntbtlog.txt -->2008-02-13 18:09:32
C:\WINDOWS\tsoc.log -->2008-02-13 12:08:11
C:\WINDOWS\setupapi.log -->2008-02-13 12:08:11
C:\WINDOWS\ocmsn.log -->2008-02-13 12:08:11
C:\WINDOWS\ocgen.log -->2008-02-13 12:08:11
C:\WINDOWS\ntdtcsetup.log -->2008-02-13 12:08:11
C:\WINDOWS\msgsocm.log -->2008-02-13 12:08:11
C:\WINDOWS\KB946026.log -->2008-02-13 12:08:11
C:\WINDOWS\imsins.log -->2008-02-13 12:08:11
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright © 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 2200
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x00da0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL
0x00f90000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x01cb0000 0x171000 6.14.0010.11129 C:\WINDOWS\system32\nview.dll
0x02220000 0x50000 6.14.0010.11129 C:\WINDOWS\system32\NVWRSFR.DLL
0x00be0000 0x2c000 1.04.0000.0002 C:\Program Files\MarkAny\ContentSafer\MaCSProHook.DLL
0x00c90000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll
0x02c00000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x43ff0000 0xa000 7.00.6000.16608 C:\WINDOWS\system32\jsproxy.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x03430000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x03450000 0x15000 6.14.0011.6906 C:\WINDOWS\system32\nvwddi.dll
0x037b0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x013f0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x03da0000 0x1e1000 2.09.0001.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCP71.dll
0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll
0x02920000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x018f0000 0x19000 2.09.0001.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x04090000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x018d0000 0x9000 5.50.9200.0000 C:\Program Files\F-Secure\Common\fpshx.dll
0x17000000 0x16000 5.00.5420.0000 C:\Program Files\F-Secure\Common\FSMA32.dll
0x18000000 0x11000 5.00.5420.0000 C:\Program Files\F-Secure\Common\FSPMAPI.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x041c0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll
0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll
0x04480000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x10000000 0x6000 6.01.0004.0058 C:\WINDOWS\TEMP\IadHide4.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright © 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 756
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\WINDOWS\system32
2004-08-20 00:09 6,144 csrss.exe
1 fichier(s) 6,144 octets
0 Rép(s) 5,792,583,680 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\WINDOWS\Downloaded Program Files
2008-02-11 20:13 <REP> .
2008-02-11 20:13 <REP> ..
2004-12-07 17:07 32 bdcore.dll
2006-05-25 01:21 118,784 bdupd.dll
2007-02-14 15:40 65 desktop.ini
2007-03-23 11:17 1,292 erma.inf
2006-05-25 01:21 53,248 ipsupd.dll
2005-03-16 12:34 7,407 lang.ini
2004-12-07 17:07 32 libfn.dll
2005-03-14 14:38 126 live.ini
2007-10-29 16:45 1,244 oscan8.inf
2007-10-25 16:54 471,040 oscan8.ocx
2005-03-14 14:58 7,073 scanoptions.tsi
2005-05-26 04:19 291 wuweb.inf
12 fichier(s) 660,634 octets
Total des fichiers listés :
12 fichier(s) 660,634 octets
2 Rép(s) 5,792,583,680 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[sharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 www.msupdater.net
127.0.0.1 msupdater.net
127.0.0.1 www.necessaryupdates.com
127.0.0.1 necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 www.updatemysettings.com
127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 13:22:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000156
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
732 - csrss.exe
756 - winlogon.exe
804 - services.exe
816 - lsass.exe
964 - svchost.exe
1052 - svchost.exe
1092 - svchost.exe
1132 - svchost.exe
1180 - svchost.exe
1280 - svchost.exe
1452 - alg.exe
1520 - guard.exe
1556 - mDNSResponder.e
1636 - fsgk32.exe
1672 - fssm32.exe
1692 - nvsvc32.exe
1936 - cmd.exe
2200 - explorer.exe
2980 - CTSched.exe
3096 - rundll32.exe
3360 - ctfmon.exe
3388 - svchost.exe
3424 - NMBgMonitor.exe
3480 - NMIndexingServi
3528 - NMIndexStoreSvr
4012 - backWeb-7681197
Total number of processes = 27
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6A9000 - spbr.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA691000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA662000 - ACPI.sys
BA651000 - pci.sys
BA8A8000 - ohci1394.sys
BA8B8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
BA8C8000 - isapnp.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
BA8D8000 - MountMgr.sys
BA632000 - ftdisk.sys
BAB30000 - PartMgr.sys
BA8E8000 - VolSnap.sys
BA61A000 - atapi.sys
BA8F8000 - jraid.sys
BA908000 - disk.sys
BA918000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
BA5FA000 - fltmgr.sys
BA5E8000 - sr.sys
BA5D1000 - KSecDD.sys
BA5BE000 - WudfPf.sys
BA531000 - Ntfs.sys
BA504000 - NDIS.sys
BA4F1000 - sfvfs02.sys
BAB38000 - sfhlp02.sys
BA4DF000 - sfdrv01.sys
BA4C4000 - Mup.sys
BADAC000 - JGOGO.sys
BA9A8000 - \SystemRoot\System32\DRIVERS\intelppm.sys
B9D66000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
B9D52000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
BAB88000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
B9D2F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
BAB90000 - \SystemRoot\System32\DRIVERS\usbehci.sys
B9D0A000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys
BA9B8000 - \SystemRoot\System32\DRIVERS\cdrom.sys
B9CC4000 - \SystemRoot\System32\DRIVERS\yk51x86.sys
B9C46000 - \SystemRoot\system32\drivers\ctaud2k.sys
B9C22000 - \SystemRoot\system32\drivers\portcls.sys
BA9C8000 - \SystemRoot\system32\drivers\drmk.sys
B9BFF000 - \SystemRoot\system32\drivers\ks.sys
B9BCB000 - \SystemRoot\system32\drivers\ctoss2k.sys
BABB8000 - \SystemRoot\system32\drivers\ctprxy2k.sys
BA9D8000 - \SystemRoot\System32\DRIVERS\nic1394.sys
B9BBA000 - \SystemRoot\System32\DRIVERS\serial.sys
BAD64000 - \SystemRoot\System32\DRIVERS\serenum.sys
BADB4000 - \SystemRoot\System32\DRIVERS\ASACPI.sys
BA9E8000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
BABD8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
BAFDF000 - \SystemRoot\System32\DRIVERS\audstub.sys
BA9F8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
BAD6C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
B9B03000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
BAA08000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
BAA18000 - \SystemRoot\System32\DRIVERS\raspptp.sys
BABF8000 - \SystemRoot\System32\DRIVERS\TDI.SYS
B9AF2000 - \SystemRoot\System32\DRIVERS\psched.sys
BAA28000 - \SystemRoot\System32\DRIVERS\msgpc.sys
BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys
BAC18000 - \SystemRoot\System32\DRIVERS\raspti.sys
BAA38000 - \SystemRoot\System32\DRIVERS\termdd.sys
BAC28000 - \SystemRoot\System32\DRIVERS\mouclass.sys
BADBA000 - \SystemRoot\System32\DRIVERS\swenum.sys
B9A99000 - \SystemRoot\System32\DRIVERS\update.sys
BAD80000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
BAA48000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAA58000 - \SystemRoot\System32\DRIVERS\usbhub.sys
BADC0000 - \SystemRoot\System32\DRIVERS\USBD.SYS
B7934000 - \SystemRoot\system32\drivers\ADIHdAud.sys
B791D000 - \SystemRoot\system32\drivers\AEAudio.sys
B78BD000 - \SystemRoot\system32\drivers\Senfilt.sys
B3576000 - \SystemRoot\system32\drivers\ha20x2k.sys
B3547000 - \SystemRoot\system32\drivers\emupia2k.sys
B351E000 - \SystemRoot\system32\drivers\ctsfm2k.sys
B3482000 - \SystemRoot\system32\drivers\ctac32k.sys
BADCA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAEDE000 - \SystemRoot\System32\Drivers\Null.SYS
BADCE000 - \SystemRoot\System32\Drivers\Beep.SYS
BAEE0000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
BAC78000 - \SystemRoot\System32\drivers\vga.sys
BADD2000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADD6000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
B3419000 - \SystemRoot\system32\drivers\fwdrv.sys
BAC88000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAC98000 - \SystemRoot\System32\Drivers\Npfs.SYS
BA47C000 - \SystemRoot\System32\DRIVERS\rasacd.sys
B3406000 - \SystemRoot\System32\DRIVERS\ipsec.sys
B33AE000 - \SystemRoot\System32\DRIVERS\tcpip.sys
B3365000 - \SystemRoot\System32\DRIVERS\ipnat.sys
B333D000 - \SystemRoot\System32\DRIVERS\netbt.sys
BAA98000 - \SystemRoot\System32\DRIVERS\wanarp.sys
B331B000 - \SystemRoot\System32\drivers\afd.sys
BAAA8000 - \SystemRoot\System32\DRIVERS\arp1394.sys
BAAB8000 - \SystemRoot\System32\DRIVERS\netbios.sys
B3250000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B31E1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B31D0000 - \SystemRoot\system32\drivers\khips.sys
B9A95000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAAF8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
BAB80000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAB18000 - \SystemRoot\System32\Drivers\Fips.SYS
BAF45000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
B9A89000 - \SystemRoot\System32\DRIVERS\mouhid.sys
B9B9A000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B31B8000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADEA000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B78A9000 - \SystemRoot\System32\drivers\Dxapi.sys
BABD0000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAFF0000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B2E78000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B2C1C000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
B2CEC000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
B2CB8000 - \??\C:\Program Files\F-Secure\Common\FSPM.SYS
B2A12000 - \SystemRoot\System32\DRIVERS\srv.sys
B2B2C000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
B2C58000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
B277D000 - \SystemRoot\system32\drivers\wdmaud.sys
B28C2000 - \SystemRoot\system32\drivers\sysaudio.sys
B1F29000 - \SystemRoot\System32\Drivers\HTTP.sys
BAFA8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 129
Liste des programmes installes
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2 - Français
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Ajouter ou supprimer Adobe Creative Suite 3 Web Premium
Archiveur WinRAR
ASUSUpdate
AVG Anti-Spyware 7.5
Canon iP3300
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CD Audio Reader Filter (remove only)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB914440)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DataCastComponent
DirectVobSub (remove only)
DivX Content Uploader
DivX Web Player
DScaler 5 Mpeg Decoders
Easy-WebPrint
Enregistrement utilisateur de Canon iP3300
F-Secure Anti-Virus
F-Secure BackWeb
F-Secure Management Agent
ffdshow [rev 1058+] [2007-03-22]
Google Earth
Half-Life® 2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java 6 Update 2
Java 6 Update 3
Java SE Runtime Environment 6 Update 1
JRAID
K-Lite Codec Pack 2.85 Full
Lame ACM MP3 Codec
Lecteur Windows Media 11
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 French Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920342)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB925720)
Mise à jour pour Windows XP (KB925876)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7
neroxml
Neuf - Kit de connexion
NVIDIA Drivers
OpenOffice.org 2.3
OpenSource Flash Video Splitter (remove only)
Package de base Microsoft de service de chiffrement pour cartes à puce
PDF Settings
RealMedia (remove only)
Samsung Media Studio
Sound Blaster X-Fi
SoundMAX
Spybot - Search & Destroy
Steam
Sunbelt Personal Firewall
TeamSpeak 2 RC2
WebFldrs XP
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation FR Language Pack
Windows XP Service Pack 2
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\Program Files
2008-02-12 16:43 <REP> .
2008-02-12 16:43 <REP> ..
2008-02-09 18:55 <REP> Adobe
2007-02-14 15:59 <REP> Analog Devices
2007-02-15 11:55 <REP> ASUS
2007-11-25 17:18 <REP> Azureus
2007-07-21 17:10 <REP> Bonjour
2007-10-23 09:03 <REP> Canon
2008-02-11 23:05 <REP> CCleaner
2007-12-14 21:51 <REP> CD Audio Reader Filter
2007-02-14 15:38 <REP> ComPlus Applications
2007-02-14 16:21 <REP> Creative
2007-12-14 21:50 <REP> DirectVobSub
2007-07-23 12:09 <REP> DivX
2007-12-14 21:51 <REP> DScaler5
2008-02-14 12:52 <REP> eChanblard
2008-02-11 18:54 <REP> Fichiers communs
2007-12-15 20:14 <REP> FileZilla Client
2007-02-14 18:37 <REP> F-Secure
2008-01-11 16:42 <REP> Google
2008-02-11 17:00 <REP> Grisoft
2007-12-14 21:50 <REP> Haali
2007-02-14 15:46 <REP> Intel
2008-02-13 12:08 <REP> Internet Explorer
2007-10-19 18:08 <REP> Java
2007-03-25 16:41 <REP> K-Lite Codec Pack
2007-08-15 14:27 <REP> Lame MP3 Codec
2008-01-23 12:53 <REP> Lavasoft
2007-08-15 14:26 <REP> MarkAny
2007-02-14 16:04 <REP> Marvell
2007-02-14 20:30 <REP> Messenger
2008-01-08 15:37 <REP> Messenger Plus! Live
2007-02-14 15:41 <REP> microsoft frontpage
2007-02-14 19:43 <REP> Movie Maker
2008-02-14 13:19 <REP> Mozilla Firefox
2007-09-22 10:57 <REP> MSBuild
2007-02-14 15:38 <REP> MSN
2007-02-14 15:38 <REP> MSN Gaming Zone
2008-01-08 15:37 <REP> MSN Messenger
2007-07-05 10:11 <REP> MSXML 4.0
2007-09-22 10:59 <REP> MSXML 6.0
2007-07-04 11:22 <REP> Nero
2007-02-14 19:42 <REP> NetMeeting
2007-02-14 16:56 <REP> Neuf
2008-01-08 13:35 <REP> nutri
2007-12-01 13:34 <REP> OpenOffice.org 2.3
2007-12-14 21:51 <REP> OpenSource Flash Video Splitter
2007-06-19 18:13 <REP> Outlook Express
2007-07-21 17:35 <REP> QuickTime
2007-12-14 21:51 <REP> RealMedia
2007-09-22 10:55 <REP> Reference Assemblies
2007-08-15 14:26 <REP> Samsung
2007-02-14 15:38 <REP> Services en ligne
2008-02-12 12:20 <REP> Spybot - Search & Destroy
2007-02-14 16:59 <REP> Sunbelt Software
2007-09-23 18:11 <REP> Teamspeak2_RC2
2008-02-12 16:43 <REP> Trend Micro
2007-12-01 14:21 <REP> Valve
2007-12-15 20:14 <REP> Visicom Media
2007-07-17 15:17 <REP> Webteh
2008-01-08 15:37 <REP> Windows Live
2007-02-14 22:06 <REP> Windows Media Connect 2
2007-02-14 22:06 <REP> Windows Media Player
2007-02-14 19:41 <REP> Windows NT
2007-06-02 09:54 <REP> WinRAR
2008-01-08 13:50 <REP> WorkoutLogger
2007-02-14 15:41 <REP> xerox
2007-08-15 14:27 <REP> XviD
0 fichier(s) 0 octets
68 Rép(s) 5,780,762,624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\Program Files\fichiers communs
2008-02-11 18:54 <REP> .
2008-02-11 18:54 <REP> ..
2008-02-09 18:55 <REP> Adobe
2007-07-04 11:22 <REP> Ahead
2007-12-02 09:39 <REP> Blizzard Entertainment
2007-02-14 16:15 <REP> Creative
2007-02-15 11:54 <REP> InstallShield
2007-06-30 10:55 <REP> Java
2007-07-21 17:06 <REP> Macrovision Shared
2007-02-14 22:03 <REP> Microsoft Shared
2007-02-14 15:39 <REP> MSSoap
2007-02-14 15:27 <REP> ODBC
2007-02-14 15:39 <REP> Services
2007-02-14 15:27 <REP> SpeechEngines
2007-06-19 18:13 <REP> System
0 fichier(s) 0 octets
15 Rép(s) 5,780,762,624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4876-1268
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
2007-02-14 15:44 <REP> .
2007-02-14 15:44 <REP> ..
2001-05-18 17:57 561,209 MSONSEXT.DLL
1999-06-03 14:09 122,937 MSOWS409.DLL
2001-03-07 09:00 127,033 MSOWS40c.DLL
3 fichier(s) 811,179 octets
2 Rép(s) 5,780,762,624 octets libres
c:\Documents and Settings\Nicolas\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
c:\Documents and Settings\Nicolas\Bureau\ccsetup204.exe
c:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe
c:\Documents and Settings\Nicolas\Bureau\FxVundoB.exe
c:\Documents and Settings\Nicolas\Bureau\HJTInstall(2).exe
c:\Documents and Settings\Nicolas\Bureau\HJTInstall.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Nicolas\Bureau\spybotsd152.exe
c:\Documents and Settings\Nicolas\Bureau\VirtumundoBeGone.exe
c:\Documents and Settings\Nicolas\Bureau\VundoFix(2).exe
c:\Documents and Settings\Nicolas\Bureau\VundoFix.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Nicolas\Bureau\GenProc\GenProc\outil\swreg.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\Setup.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\Setup.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\Setup.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe
c:\Documents and Settings\PASCAL\Bureau\Azureus_3.0.3.4_windows.exe
c:\Documents and Settings\PASCAL\Bureau\google-earth_google_earth_4.2.0198_beta_francais_14783.exe
c:\Documents and Settings\PASCAL\Bureau\installer-51883-17-Azureus-French.exe
c:\Documents and Settings\PASCAL\Bureau\jre-6u3-windows-i586-p-iftw.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMlr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMsr84.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMur84.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Nicolas\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz a l'adresse http://upload.malekal.com
-
Merci pour les réponses.
Voila le rapport obtenu: (qui ne se trouve pas dans C:/Combofix.txt mais C:/Combofix/Combofix.txt)
ComboFix 08-02-13.2 - Nicolas 2008-02-14 12:16:17.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1589 [GMT 1:00]
Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\ddcbaax.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\igkurnmj.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\mnotdkox.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\vtutq.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\qomljkj.dll
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\vdqsqhdw.ini
C:\WINDOWS\system32\windows
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.
2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-11 23:05 . 2008-02-11 23:05 <REP> d-------- C:\Program Files\CCleaner
2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents
2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-11 19:23 . 2008-02-12 18:58 <REP> d-------- C:\VundoFix Backups
2008-02-11 17:52 . 2008-02-14 12:16 <REP> d-------- C:\QooBox
2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft
2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini
2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini
2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini
2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini
2008-02-10 11:58 . 2008-02-10 13:44 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe
2008-02-07 12:18 . 2008-02-07 12:18 19,389 ---hs---- C:\WINDOWS\system32\gebyw.exe
2008-02-07 12:18 . 2008-02-07 12:18 12,434 --a------ C:\WINDOWS\system32\mljgfde.dll
2008-02-06 11:12 . 2008-02-14 11:19 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-06 10:48 . 2008-02-06 10:48 19,389 ---hs---- C:\WINDOWS\system32\sstts.exe
2008-02-06 10:48 . 2008-02-06 10:48 12,434 --a------ C:\WINDOWS\system32\sstttqr.dll
2008-02-05 19:51 . 2008-02-05 19:51 19,389 ---hs---- C:\WINDOWS\system32\ddccb.exe
2008-02-05 19:51 . 2008-02-05 19:51 12,434 --a------ C:\WINDOWS\system32\gebcccy.dll
2008-02-05 06:51 . 2008-02-05 06:51 19,389 ---hs---- C:\WINDOWS\system32\jkhhh.exe
2008-02-05 06:51 . 2008-02-05 06:51 12,434 --a------ C:\WINDOWS\system32\jkkjjge.dll
2008-02-04 12:32 . 2008-02-04 12:32 19,389 ---hs---- C:\WINDOWS\system32\ddccy.exe
2008-02-04 12:32 . 2008-02-04 12:32 12,434 --a------ C:\WINDOWS\system32\pmkhfdd.dll
2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2
2008-02-02 18:04 . 2008-02-02 18:04 19,389 ---hs---- C:\WINDOWS\system32\jkkjg.exe
2008-02-02 18:04 . 2008-02-02 18:04 12,434 --a------ C:\WINDOWS\system32\awvtqrs.dll
2008-02-02 15:40 . 2008-02-02 15:40 19,389 ---hs---- C:\WINDOWS\system32\mllji.exe
2008-02-02 15:40 . 2008-02-02 15:40 12,434 --a------ C:\WINDOWS\system32\sstqpmm.dll
2008-02-02 03:35 . 2008-02-02 03:35 19,389 ---hs---- C:\WINDOWS\system32\mljjk.exe
2008-02-02 03:35 . 2008-02-02 03:35 12,434 --a------ C:\WINDOWS\system32\gebyaby.dll
2008-02-01 14:35 . 2008-02-01 14:35 12,434 --a------ C:\WINDOWS\system32\geebyyy.dll
2008-01-30 19:33 . 2008-01-30 19:33 19,389 ---hs---- C:\WINDOWS\system32\jkhhe.exe
2008-01-30 19:33 . 2008-01-30 19:33 12,434 --a------ C:\WINDOWS\system32\ddccywv.dll
2008-01-30 05:33 . 2008-01-30 05:33 19,389 ---hs---- C:\WINDOWS\system32\mljji.exe
2008-01-30 05:33 . 2008-01-30 05:33 12,434 --a------ C:\WINDOWS\system32\vtststs.dll
2008-01-28 15:32 . 2008-01-28 15:32 19,389 ---hs---- C:\WINDOWS\system32\awtsp.exe
2008-01-28 15:32 . 2008-01-28 15:32 12,434 --a------ C:\WINDOWS\system32\pmnljgh.dll
2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6
2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-27 17:55 . 2008-01-27 17:55 19,389 ---hs---- C:\WINDOWS\system32\sstqr.exe
2008-01-27 17:55 . 2008-01-27 17:55 12,434 --a------ C:\WINDOWS\system32\vtsqrop.dll
2008-01-25 06:40 . 2008-01-25 06:40 19,389 ---hs---- C:\WINDOWS\system32\pmnlj.exe
2008-01-25 06:40 . 2008-01-25 06:40 12,434 --a------ C:\WINDOWS\system32\awvtrrs.dll
2008-01-24 13:33 . 2008-01-24 13:33 19,389 ---hs---- C:\WINDOWS\system32\jkhhf.exe
2008-01-24 13:33 . 2008-01-24 13:33 12,434 --a------ C:\WINDOWS\system32\jkkjhgh.dll
2008-01-23 20:52 . 2008-01-23 20:52 19,389 ---hs---- C:\WINDOWS\system32\vtsqq.exe
2008-01-23 20:52 . 2008-01-23 20:52 12,434 --a------ C:\WINDOWS\system32\jkhhhhe.dll
2008-01-23 18:52 . 2008-01-23 18:52 19,389 ---hs---- C:\WINDOWS\system32\ssqro.exe
2008-01-23 18:52 . 2008-01-23 18:52 12,434 --a------ C:\WINDOWS\system32\gebyvvv.dll
2008-01-23 17:52 . 2008-01-23 17:52 19,389 ---hs---- C:\WINDOWS\system32\awvtu.exe
2008-01-23 17:52 . 2008-01-23 17:52 12,434 --a------ C:\WINDOWS\system32\ssqrsrq.dll
2008-01-23 15:52 . 2008-01-23 15:52 19,389 ---hs---- C:\WINDOWS\system32\pmkhf.exe
2008-01-23 15:52 . 2008-01-23 15:52 12,434 --a------ C:\WINDOWS\system32\ddayxwt.dll
2008-01-23 13:03 . 2008-01-23 13:03 19,389 ---hs---- C:\WINDOWS\system32\jkhfc.exe
2008-01-23 13:03 . 2008-01-23 13:03 19,389 ---hs---- C:\WINDOWS\system32\gebcy.exe
2008-01-23 13:03 . 2008-01-23 13:03 12,434 --a------ C:\WINDOWS\system32\pmkhfde.dll
2008-01-23 13:03 . 2008-01-23 13:03 12,434 --a------ C:\WINDOWS\system32\jkklljk.dll
2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft
2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 11:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2
2008-02-14 10:44 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-14 10:17 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer
2008-02-12 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 11:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs
2008-02-11 16:57 --------- d-----w C:\Program Files\eChanblard
2008-02-10 10:57 741,376 ----a-w C:\WINDOWS\system32\WinUpdating.exe
2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2
2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-11 15:42 --------- d-----w C:\Program Files\Google
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site
2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live
2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger
2008-01-08 12:35 --------- d-----w C:\Program Files\nutri
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique
2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media
2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client
2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla
2007-12-14 20:51 --------- d-----w C:\Program Files\RealMedia
2007-12-14 20:51 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-12-14 20:51 --------- d-----w C:\Program Files\DScaler5
2007-12-14 20:51 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-12-14 20:50 --------- d-----w C:\Program Files\Haali
2007-12-14 20:50 --------- d-----w C:\Program Files\DirectVobSub
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll
2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll
2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC3108"="cmd /c del C:\WINDOWS\system32\vtutq.dll_old" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinSpooler.exe
"WinUpdating"= WinUpdating.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lhvmumhh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qknjzgwi]
qknjzgwi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomljkj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpmki]
urqpmki.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vxrnndve]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-02-14 18:37]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 17:52]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-04-21 08:54]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 12:32]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-12-05 16:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8a90748-a00e-11dc-b5dc-0018f3f600bb}]
\Shell\AutoRun\command - E:\autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 12:19:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
-
Bonsoir,
Je ne comprends pas à quel moment glisser le fichier car quand je lance Combofix, il enchaine les actions sans s'arrêter (scan+rapport) jusqu'à son arrêt et sa fermeture.
Quand l'effectuer alors ?
-
Merci pour la réponse.
Voici le rapport après avoir effectué la manipulation:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14, on 2008-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - (no file)
O2 - BHO: (no name) - {372c9abc-1b60-43ea-b20c-dff54d64a49a} - (no file)
O2 - BHO: (no name) - {4863EFFF-A3C9-4859-A1E2-ADBA58B4BB65} - C:\WINDOWS\system32\vtutq.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {7bdcd769-de8c-759b-bb24-71f3559b52e5} - {5e25b955-3f17-42bb-b957-c8ed967dcdb7} - C:\WINDOWS\system32\mnotdkox.dll (file missing)
O2 - BHO: (no name) - {672E33FF-4A43-4363-8994-0A8577B355E3} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {68F30D42-2903-4834-944F-7BF6BFB9FACC} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7EC0EC13-C2AF-4EF8-BD0A-1B117E03045A} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {C47479B1-0FE5-4EE9-9A64-5B0D4E25143F} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {D2678E01-1DF7-45E3-994D-FAB4C9587780} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {F081A7F4-973C-4BDE-9B8E-CBA9D3D876A2} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [487612c7] rundll32.exe "C:\WINDOWS\system32\igkurnmj.dll",b
O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\vtutq.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171468687926
O20 - Winlogon Notify: lhvmumhh - C:\WINDOWS\
O20 - Winlogon Notify: qknjzgwi - qknjzgwi.dll (file missing)
O20 - Winlogon Notify: qomljkj - C:\WINDOWS\
O20 - Winlogon Notify: urqpmki - urqpmki.dll (file missing)
O20 - Winlogon Notify: vxrnndve - C:\WINDOWS\
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 12411 bytes
-
Bon j'ai effectué la procédure, cependant, il semble que quelque chose cloche puisque Combofix ne m'a pas affiché de rapport. (Il simplement analysé puis rebooté)
Du coup je n'ai que le rapport de Vundofix et HijackThis:
VundoFix V6.7.8
Checking Java version...
Scan started at 19:23:31 11/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\afrcaruq.dll
C:\WINDOWS\system32\ddcbaax.dll
C:\WINDOWS\system32\efcddef.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\malcmicb.dll
C:\windows\system32\malcmicb.dllbox
C:\WINDOWS\system32\pwdhhbqq.dll
C:\WINDOWS\system32\qqbhhdwp.ini
C:\WINDOWS\system32\urqopom.dll
C:\windows\system32\xbeeg.ini
C:\windows\system32\xbeeg.ini2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\afrcaruq.dll
C:\WINDOWS\system32\afrcaruq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcbaax.dll
C:\WINDOWS\system32\ddcbaax.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\efcddef.dll
C:\WINDOWS\system32\efcddef.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\malcmicb.dll
C:\WINDOWS\system32\malcmicb.dll Has been deleted!
Attempting to delete C:\windows\system32\malcmicb.dllbox
C:\windows\system32\malcmicb.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\pwdhhbqq.dll
C:\WINDOWS\system32\pwdhhbqq.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qqbhhdwp.ini
C:\WINDOWS\system32\qqbhhdwp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqopom.dll
C:\WINDOWS\system32\urqopom.dll Has been deleted!
Attempting to delete C:\windows\system32\xbeeg.ini
C:\windows\system32\xbeeg.ini Has been deleted!
Attempting to delete C:\windows\system32\xbeeg.ini2
C:\windows\system32\xbeeg.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcbaax.dll
C:\WINDOWS\system32\ddcbaax.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!
_________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16, on 2008-02-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - (no file)
O2 - BHO: (no name) - {372c9abc-1b60-43ea-b20c-dff54d64a49a} - (no file)
O2 - BHO: (no name) - {4863EFFF-A3C9-4859-A1E2-ADBA58B4BB65} - C:\WINDOWS\system32\vtutq.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {7bdcd769-de8c-759b-bb24-71f3559b52e5} - {5e25b955-3f17-42bb-b957-c8ed967dcdb7} - C:\WINDOWS\system32\mnotdkox.dll (file missing)
O2 - BHO: (no name) - {672E33FF-4A43-4363-8994-0A8577B355E3} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {68F30D42-2903-4834-944F-7BF6BFB9FACC} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7EC0EC13-C2AF-4EF8-BD0A-1B117E03045A} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {C47479B1-0FE5-4EE9-9A64-5B0D4E25143F} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {D2678E01-1DF7-45E3-994D-FAB4C9587780} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {F081A7F4-973C-4BDE-9B8E-CBA9D3D876A2} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [487612c7] rundll32.exe "C:\WINDOWS\system32\igkurnmj.dll",b
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\vtutq.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171468687926
O20 - Winlogon Notify: lhvmumhh - C:\WINDOWS\
O20 - Winlogon Notify: qknjzgwi - qknjzgwi.dll (file missing)
O20 - Winlogon Notify: qomljkj - C:\WINDOWS\
O20 - Winlogon Notify: urqpmki - urqpmki.dll (file missing)
O20 - Winlogon Notify: vxrnndve - C:\WINDOWS\
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 12369 bytes
________________________________________________________________________________________
Note: Au démarrage du pc, j'ai quelques messages d'erreur comme quoi il manque certains fichiers.
Bref, j'attends votre retour
edit: a noter également que je n'ai plus les miliers de fichiers TMP
-
Une question encore.
Dans la procédure de Pear, il est demandé de désactiver antivirus, pare feu etc... Je compte donc désactiver internet le temps de l'opération. Or je suis connecté automatiquement et je ne peux accédez au panneau de configuration afin de désactiver manuellement la connexion (à cause du malware).
Que faire alors ? (Je ne vais tout de même pas tout désactiver en restant connecté à internet tout de même ?
)Edit: bon j'effectue les opérations avec le cable débranché.
-
Merci de la précision, j'execute donc les taches maintenant.
A tout de suite
-
Merci pour la réponse
Une question, je ne vois pas de case à cocher dans vundofix. Seules les icônes Scan for vundo et Remove vundo sont présentes.
(Peut être ne se lance-t-il qu'au premier démarrage du logiciel ?)A noter également que je ne peux plus supprimer aucun fichier et que le "poste de travail" ainsi que le "panneau de configuration" ne s'ouvrent pas non plus (comme les dossiers en somme). Je n'avais pas fait attention à ça.
-
Bonjour à tous,
Voila, depuis 2-3 jours, mon pc est infecté par un (ou plusieurs) spywares. A cela plusieurs conséquences:
- Apparition de 2 icônes "Help and support Center" et "Windos update" qui ré-apparaissent quand on les supprimes. Après avoir regardé vers quoi ils pointent (clique droit / propriété), ils menent les deux à un site: "storageprotector".
- Apparition fréquente de soi-disant messages d'erreurs systèmes un peu n'importe quand. (messages qui conseillent de se protéger chez storageblablabla...)
Plus étrange:
- Modification de l'icône du disque dur dans le poste de travail par une croix rouge.
- Apparition de milliers de fichiers TMP dans mes documents et dans C: dont les noms sont du genre: pos2E5.TMP / pos2E6.TMp etc..
- les dossiers ne s'ouvrent plus.
Bref un gros problème comme on aime. <_<
Après quelques recherches, j'en suis venu à la conclusion que je suis infecté par Storageprotector couplé au spyware Virtumonde.
J'ai utilisé divers logiciels tel que VundoFix, ComboFix, VirtumundoBeGone, Genproc ainsi que différentes analyses antivirus en ligne + Ad aware, AVG.
A chaque fois, des fichiers sont supprimés et le virus est détecté mais jamais celui ci n'est éradiqué (les deux icônes sont toujours là, etc...)
J'ai tenté de suivre cette procédure : http://www.commentcamarche.net/forum/affic...torageprotector
Elle correspond exactement à mon problème. Simplement les réponses données sont propres aux rapports obtenus par les divers logiciels, du coup, je ne peux pas suivre la procédure telle quelle. (bien qu'ayant testé les logiciels évoqués)
Bref, si certains parmis vous s'y connaissent bien la dedans, je vous écoute, car je commence à être perdu.
Voila le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00, on 2008-02-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [487612c7] rundll32.exe "C:\WINDOWS\system32\igkurnmj.dll",b
O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [spybotDeletingA3534] command /c del "C:\WINDOWS\system32\vtutq.dll_old"
O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\vtutq.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171468687926
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 10771 bytes
Merci d'avance.
[résolu][resolu] StorageProtector + Virtumonde
dans Analyses et éradication malwares
Posté(e)
Yep, je pense que la désinfection est bien effectuée (plus rien à signaler à part la croix)
Sinon, j'ai aussi effectué les conseils de Zonk, merci
Merci à vous de m'avoir aidé à désinfecter ce fichu pc, j'ai bien cru que reformater était la seule solution.
Merci encore