

ipiyo
Membres-
Compteur de contenus
19 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par ipiyo
-
Si tu lisais, tu aurais lu que j'arrive très bien a installer windows sur mes 2 disques (quand je n'active pas le RAID). Par contre quand ils sont en RAID, peut importe quel RAID (striping ou Mirroring), j'ai le message d'erreur. C'est un problème entre le pilote et le controleur RAID :??: (j'ai une carte mère Nforce4, controleur Nvidia Raid)
-
Il y a qu'en RAID 0 que ça ne marche pas. Mes disques n'ont rien (ils marchaient très bien avant).
-
Je ne pourrais pas l'installer, si je faisais pas F6 J'ai déjà installer windows sur ce RAID0 ça marchait très bien. J'ai voulus remettre au propre mon PC (en formatant mon ancienne partition) pas moyen de réinstaller windows sur ce RAID0
-
Donc, J'ai fait un CHkdsk, il a trouver des erreurs, j'ai essayer de réparer, mais il y avait toujours le message. J'ai détruit le RAID, et installer windows sur le disque 1 ça marche, j'ai supprimer la partition et installer windows sur le disque 2 ça marche aussi. Donc ce n'est pas la RAM, ni un disque dur fatigué.
-
Bonjour, J'ai un problème qui me prend la tête depuis 1 mois Voilà j'ai formaté, réinstallé windows (avec les pilotes SATA et RAID, je l'ai déjà fait) Windows s'installe tout bien, redémarre une fois, charge et l'installation continue jusqu'a la fin, là il redémarre, il a peine commencer a charger et boum j'ai cet écran. C'est un problème de MBR alors comment ca se passe ? - faut que je scan pour voir si il y a des virus....avec quoi ? - faut que je formate le MBR avec quoi ? (mes disques sont en RAID0 et j'ai une fonction Clear Disk, dans le bios du RAID (j'ai déjà essayer et ca me fait pareil) Si quelqu'un peut m'aider a résoudre ce problème.
-
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Merci beaucoup a vous deux -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Donc il y encore 2/3 trucs bizarre. Quand je démarre le pc j'ai deux fichiers qui s'ouvre desktop.ini (par exemple il y en a un dans Mes videos aussi) là aussi C:\Documents and Settings\xxxx\Application Data et là C:\Documents and Settings\All Users\Application Data Je sais pas d'où ils sortent J'ai aussi des fichiers "bizarre" a la racine de C: (cliquez pour voir en plus grand) -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
J'ai deux Java 6 Update 2 et Java 6 Update 3 je les supprime aussi ? -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Bonsoir, le rapport C:\Qoobox: trouvé ! C:\_OtMoveIt: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\xxxx\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\xxxx\Bureau\EliBaglA.exe: trouvé ! C:\Documents and Settings\xxxx\Bureau\HJTInstall.exe: trouvé ! C:\Documents and Settings\xxxx\Recent\HijackThis.lnk: trouvé ! C:\Program Files\Fichiers communs\VMware\VMware Virtual Machine Importer\gnu\gzip.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\xxxx\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\xxxx\Bureau\EliBaglA.exe: supprimé ! C:\Documents and Settings\xxxx\Bureau\HJTInstall.exe: supprimé ! C:\Documents and Settings\xxxx\Recent\HijackThis.lnk: supprimé ! C:\Program Files\Fichiers communs\VMware\VMware Virtual Machine Importer\gnu\gzip.exe: Erreur de suppression ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Qoobox: supprimé ! C:\_OtMoveIt: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
le rapport : 8 heures pour 1To Monday, February 25, 2008 4:02:45 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 24/02/2008 Enregistrements dans la base antivirus Kaspersky : 534360 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Statistiques de l'analyse Total d'objets analysés 284636 Nombre de virus trouvés 1 Nombre d'objets infectés 2 / 0 Nombre d'objets suspects 0 Durée de l'analyse 07:52:50 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases L'objet est verrouillé ignoré C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\Cache\60489DD1d01 L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Historique\History.IE5\MSHist012008022420080225\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Temp\Perflib_Perfdata_774.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Temp\~DF9CC3.tmp L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Temporary Internet Files\Content.IE5\N1AFXVFD\GP-LEDP-1[1].swf L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\Local Settings\Temporary Internet Files\Content.IE5\YSYAKEUH\ac_D_M_27729_080131[1].swf L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\XXXX\ntuser.dat.LOG L'objet est verrouillé ignoré C:\found.000\dir0000.chk\vk_back.png L'objet est verrouillé ignoré C:\found.000\dir0000.chk\vk_bigkey.png L'objet est verrouillé ignoré C:\found.000\dir0000.chk\vk_bigkey_left.png L'objet est verrouillé ignoré C:\found.000\dir0000.chk\vk_bigkey_right.png L'objet est verrouillé ignoré C:\found.000\dir0000.chk\vk_key.png L'objet est verrouillé ignoré C:\Program Files\National Instruments\MAX\Data\config3.mxd L'objet est verrouillé ignoré C:\Program Files\National Instruments\MAX\Data\config3.mxs L'objet est verrouillé ignoré C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log L'objet est verrouillé ignoré C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log L'objet est verrouillé ignoré C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log L'objet est verrouillé ignoré C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log L'objet est verrouillé ignoré C:\Program Files\RSSoft\debug.log L'objet est verrouillé ignoré C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat Infecté : Trojan-Downloader.Win32.Bagle.hp ignoré C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat Infecté : Trojan-Downloader.Win32.Bagle.hp ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{4F39929C-5878-41C9-9742-91D0675AF892}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\_nvidia_xxx_.log L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_d94.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\vmware-vmount.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré L:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré L:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\change.log L'objet est verrouillé ignoré Analyse terminée. Reste toujours Combo-fix et Qoobox c'est aussi combofix j'avais aussi essayer OTMoveIt avant donc j'ai un dossier. -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Les fichiers ont été supprimés (kspersky ne me les as jamais déterminé comme des virus. Pour firefox çà remarche. Là je lance le scan en ligne. -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
En tous cas encore merci vous etes des pros (Cliquez pour voir en plus grand) -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Salut, Le rapport pour redswoosh.exe. Scan taken on 23 Feb 2008 23:28:02 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Le rapport ewido __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Adviva Path: C:\Documents and Settings\xxxx\Cookies\xxxx@adviva[2].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\xxxx\Cookies\xxxx@bluestreak[2].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\xxxx\Cookies\xxxx@smartadserver[2].txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: C:\Documents and Settings\xxxx\Cookies\xxxx@tradedoubler[1].txt Risk: Medium Name: TrackingCookie.Adviva Path: :mozilla.7:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.8:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.12:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.13:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.14:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.33:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.34:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.35:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.36:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.38:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.44:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.45:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.46:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.47:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.48:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.52:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.77:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.78:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.79:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.80:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.81:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Bluestreak Path: :mozilla.94:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.118:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.121:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.122:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.134:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.135:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.136:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.137:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.153:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.154:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.161:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.164:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.165:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.166:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Netflame Path: :mozilla.201:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: :mozilla.205:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.211:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.212:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.213:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.214:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.215:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.216:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.217:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.218:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.219:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.220:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.221:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.222:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.225:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.241:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.242:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.243:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.244:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.245:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.246:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.247:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.251:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.252:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.253:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.254:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.255:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.256:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.257:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.258:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.267:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.268:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.269:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.270:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.276:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Web-stat Path: :mozilla.281:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Web-stat Path: :mozilla.282:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Web-stat Path: :mozilla.283:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.302:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.303:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.304:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.305:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.325:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.336:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.337:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Ru4 Path: :mozilla.364:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Ru4 Path: :mozilla.365:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.417:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.418:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.419:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.420:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.423:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.491:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.493:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.494:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.495:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.496:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.497:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Masterstats Path: :mozilla.586:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.589:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.590:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.623:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.624:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.625:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.626:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.627:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.628:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.629:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.653:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.658:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.659:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Bridgetrack Path: :mozilla.670:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.690:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.708:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbureau Path: :mozilla.740:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.742:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.743:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.814:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.841:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.874:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.876:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Navrcholu Path: :mozilla.877:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Bbmedia Path: :mozilla.885:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Bbmedia Path: :mozilla.886:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Bbmedia Path: :mozilla.887:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Bbmedia Path: :mozilla.888:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Billboard Path: :mozilla.894:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: TrackingCookie.Idot Path: :mozilla.897:C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\qltr59p3.default\cookies.txt Risk: Medium Name: Backdoor.Hupigon Path: L:\Logiciels\2005.09.15\2005.09.15.exe Risk: High Name: Backdoor.Hupigon Path: L:\Logiciels\1.4 Fr\7.exe Risk: High -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Le rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:08, on 23/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\RSSoft\RedSwoosh.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\MSI\DigiCell\DigiCell.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [nHancer] "C:\Program Files\KSE\nHancer 32bit\nHancer.exe" /tray O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143578245258 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198262293281 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B56E79-0DC7-4C3B-890C-EC91FEAAEDBC}: NameServer = 192.168.0.254 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 17725 bytes -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Oui, c'est mon PC et ma freebox est déjà en routeur. Je trouve qu'antivir "sonne l'alarme" pour rien par rapport a kaspersky. Il me dit que windows ne trouve pas combo-fix, quand j'essaye de le désinstaller. J'ai déjà fait çà AtfCleaner Sous Firefox les forums ne ressemble plus a rien (l'apparence ne s'affiche plus on voit juste le texte) et sous IE çà fonctionne correctement. Cà fait au moins 10 ans que je m'étais pas pris de virus, un manque d'inattention et hop. -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
C'est mieux que je remette Kaspersky ou je garde AntiVir ? le rapport: AntiVir PersonalEdition Classic Report file date: samedi 23 février 2008 16:48 Scanning for 1120425 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: XXXX Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:47:19 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 15:47:19 ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 15:47:19 AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 23/02/2008 15:47:19 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/02/2008 15:47:19 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 23 février 2008 16:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'vmnat.exe' - '1' Module(s) have been scanned Scan process 'vmount2.exe' - '1' Module(s) have been scanned Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned Scan process 'Apache.exe' - '1' Module(s) have been scanned Scan process 'tagsrv.exe' - '1' Module(s) have been scanned Scan process 'nisvcloc.exe' - '1' Module(s) have been scanned Scan process 'nidmsrv.exe' - '1' Module(s) have been scanned Scan process 'nimxs.exe' - '1' Module(s) have been scanned Scan process 'lktsrv.exe' - '1' Module(s) have been scanned Scan process 'lkads.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'lkcitdl.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'DigiCell.exe' - '1' Module(s) have been scanned Scan process 'Apache.exe' - '1' Module(s) have been scanned Scan process 'ADCDLicSvc.exe' - '1' Module(s) have been scanned Scan process 'CoreCenter.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'RedSwoosh.exe' - '1' Module(s) have been scanned Scan process 'CTxfispi.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'Ctxfihlp.exe' - '1' Module(s) have been scanned Scan process 'VolPanlu.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'soundman.exe' - '1' Module(s) have been scanned Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'HDJ2CPL.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'point32.exe' - '1' Module(s) have been scanned Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned Scan process 'rmc.exe' - '1' Module(s) have been scanned Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'CTAudSvc.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 73 processes with 73 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '41' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\XXXX\Mes documents\Themes\1164Themes\1164 Themes\Coco\views\Views.zip [0] Archive type: ZIP --> Views/viewgui.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen --> Views/views.zip [1] Archive type: ZIP --> views.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was deleted! C:\Documents and Settings\XXXX\Mes documents\Themes\1164Themes\1164 Themes\Destiny\destiny.exe [DETECTION] Is the Trojan horse TR/Agent.894276 [iNFO] The file was deleted! C:\Program Files\Windows Media Player\wmpnscfg.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48306814.qua'! C:\QooBox\Quarantine\catchme2008-02-23_141523.28.zip [0] Archive type: ZIP --> srosa.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen --> wintems.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> mdelk.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> hldrrr.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48346840.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\103937.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\108890.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\111703.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\112218.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\112609.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\117171.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\122921.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\123062.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\124046.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\125781.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\128140.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14989015.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14997968.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15038796.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15102921.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\247578.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29755390.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29802140.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\31060234.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\3702812.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\46901140.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\46984453.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\64556468.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\94765.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99734.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\A0000542.exe [DETECTION] Is the Trojan horse TR/Patch.DX [iNFO] The file was deleted! C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\A0000544.exe [DETECTION] Is the Trojan horse TR/Patch.DX [iNFO] The file was deleted! C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\A0000545.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: samedi 23 février 2008 19:55 Used time: 3:07:01 min The scan has been done completely. 23269 Scanning directories 1016661 Files were scanned 42 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 36 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 1016619 Files not concerned 8526 Archives were scanned 2 Warnings 147 Notes -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Le rapport ComboFix 08-02-23.2 - XXXX 2008-02-23 12:15:29.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1409 [GMT 1:00] Endroit: C:\Documents and Settings\XXXX\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\down\103937.exe C:\WINDOWS\system32\drivers\down\108890.exe C:\WINDOWS\system32\drivers\down\109421.exe C:\WINDOWS\system32\drivers\down\111703.exe C:\WINDOWS\system32\drivers\down\112218.exe C:\WINDOWS\system32\drivers\down\112609.exe C:\WINDOWS\system32\drivers\down\116218.exe C:\WINDOWS\system32\drivers\down\117062.exe C:\WINDOWS\system32\drivers\down\117171.exe C:\WINDOWS\system32\drivers\down\122921.exe C:\WINDOWS\system32\drivers\down\123062.exe C:\WINDOWS\system32\drivers\down\123250.exe C:\WINDOWS\system32\drivers\down\124046.exe C:\WINDOWS\system32\drivers\down\125781.exe C:\WINDOWS\system32\drivers\down\126421.exe C:\WINDOWS\system32\drivers\down\126796.exe C:\WINDOWS\system32\drivers\down\128140.exe C:\WINDOWS\system32\drivers\down\129953.exe C:\WINDOWS\system32\drivers\down\130171.exe C:\WINDOWS\system32\drivers\down\133562.exe C:\WINDOWS\system32\drivers\down\134234.exe C:\WINDOWS\system32\drivers\down\135093.exe C:\WINDOWS\system32\drivers\down\135421.exe C:\WINDOWS\system32\drivers\down\137609.exe C:\WINDOWS\system32\drivers\down\140828.exe C:\WINDOWS\system32\drivers\down\143843.exe C:\WINDOWS\system32\drivers\down\144812.exe C:\WINDOWS\system32\drivers\down\146171.exe C:\WINDOWS\system32\drivers\down\147984.exe C:\WINDOWS\system32\drivers\down\148109.exe C:\WINDOWS\system32\drivers\down\14986750.exe C:\WINDOWS\system32\drivers\down\14989015.exe C:\WINDOWS\system32\drivers\down\14997968.exe C:\WINDOWS\system32\drivers\down\15012562.exe C:\WINDOWS\system32\drivers\down\15026000.exe C:\WINDOWS\system32\drivers\down\15038796.exe C:\WINDOWS\system32\drivers\down\15050421.exe C:\WINDOWS\system32\drivers\down\15050437.exe C:\WINDOWS\system32\drivers\down\15060453.exe C:\WINDOWS\system32\drivers\down\15064531.exe C:\WINDOWS\system32\drivers\down\15069468.exe C:\WINDOWS\system32\drivers\down\15072765.exe C:\WINDOWS\system32\drivers\down\15102921.exe C:\WINDOWS\system32\drivers\down\15141968.exe C:\WINDOWS\system32\drivers\down\15143515.exe C:\WINDOWS\system32\drivers\down\15147703.exe C:\WINDOWS\system32\drivers\down\15150859.exe C:\WINDOWS\system32\drivers\down\15176750.exe C:\WINDOWS\system32\drivers\down\15177578.exe C:\WINDOWS\system32\drivers\down\15182468.exe C:\WINDOWS\system32\drivers\down\15184375.exe C:\WINDOWS\system32\drivers\down\15186609.exe C:\WINDOWS\system32\drivers\down\15225078.exe C:\WINDOWS\system32\drivers\down\15255437.exe C:\WINDOWS\system32\drivers\down\15261609.exe C:\WINDOWS\system32\drivers\down\153812.exe C:\WINDOWS\system32\drivers\down\15549062.exe C:\WINDOWS\system32\drivers\down\15550109.exe C:\WINDOWS\system32\drivers\down\15746765.exe C:\WINDOWS\system32\drivers\down\157593.exe C:\WINDOWS\system32\drivers\down\15799796.exe C:\WINDOWS\system32\drivers\down\158234.exe C:\WINDOWS\system32\drivers\down\15874500.exe C:\WINDOWS\system32\drivers\down\158953.exe C:\WINDOWS\system32\drivers\down\15897718.exe C:\WINDOWS\system32\drivers\down\159265.exe C:\WINDOWS\system32\drivers\down\159609.exe C:\WINDOWS\system32\drivers\down\160500.exe C:\WINDOWS\system32\drivers\down\16063234.exe C:\WINDOWS\system32\drivers\down\16104375.exe C:\WINDOWS\system32\drivers\down\16114437.exe C:\WINDOWS\system32\drivers\down\16124609.exe C:\WINDOWS\system32\drivers\down\16202687.exe C:\WINDOWS\system32\drivers\down\16229375.exe C:\WINDOWS\system32\drivers\down\16443625.exe C:\WINDOWS\system32\drivers\down\16496437.exe C:\WINDOWS\system32\drivers\down\171578.exe C:\WINDOWS\system32\drivers\down\176687.exe C:\WINDOWS\system32\drivers\down\177218.exe C:\WINDOWS\system32\drivers\down\177625.exe C:\WINDOWS\system32\drivers\down\177984.exe C:\WINDOWS\system32\drivers\down\179703.exe C:\WINDOWS\system32\drivers\down\180484.exe C:\WINDOWS\system32\drivers\down\181546.exe C:\WINDOWS\system32\drivers\down\182500.exe C:\WINDOWS\system32\drivers\down\182906.exe C:\WINDOWS\system32\drivers\down\183500.exe C:\WINDOWS\system32\drivers\down\187843.exe C:\WINDOWS\system32\drivers\down\188203.exe C:\WINDOWS\system32\drivers\down\188859.exe C:\WINDOWS\system32\drivers\down\190734.exe C:\WINDOWS\system32\drivers\down\192000.exe C:\WINDOWS\system32\drivers\down\192718.exe C:\WINDOWS\system32\drivers\down\193312.exe C:\WINDOWS\system32\drivers\down\193906.exe C:\WINDOWS\system32\drivers\down\194031.exe C:\WINDOWS\system32\drivers\down\194312.exe C:\WINDOWS\system32\drivers\down\196781.exe C:\WINDOWS\system32\drivers\down\199875.exe C:\WINDOWS\system32\drivers\down\201546.exe C:\WINDOWS\system32\drivers\down\202218.exe C:\WINDOWS\system32\drivers\down\203468.exe C:\WINDOWS\system32\drivers\down\204984.exe C:\WINDOWS\system32\drivers\down\206015.exe C:\WINDOWS\system32\drivers\down\206296.exe C:\WINDOWS\system32\drivers\down\206359.exe C:\WINDOWS\system32\drivers\down\207187.exe C:\WINDOWS\system32\drivers\down\207640.exe C:\WINDOWS\system32\drivers\down\207718.exe C:\WINDOWS\system32\drivers\down\208562.exe C:\WINDOWS\system32\drivers\down\208890.exe C:\WINDOWS\system32\drivers\down\209531.exe C:\WINDOWS\system32\drivers\down\212531.exe C:\WINDOWS\system32\drivers\down\213078.exe C:\WINDOWS\system32\drivers\down\213609.exe C:\WINDOWS\system32\drivers\down\214093.exe C:\WINDOWS\system32\drivers\down\216359.exe C:\WINDOWS\system32\drivers\down\216812.exe C:\WINDOWS\system32\drivers\down\217375.exe C:\WINDOWS\system32\drivers\down\221937.exe C:\WINDOWS\system32\drivers\down\227187.exe C:\WINDOWS\system32\drivers\down\230343.exe C:\WINDOWS\system32\drivers\down\232906.exe C:\WINDOWS\system32\drivers\down\233468.exe C:\WINDOWS\system32\drivers\down\236265.exe C:\WINDOWS\system32\drivers\down\236546.exe C:\WINDOWS\system32\drivers\down\238031.exe C:\WINDOWS\system32\drivers\down\239531.exe C:\WINDOWS\system32\drivers\down\241765.exe C:\WINDOWS\system32\drivers\down\246312.exe C:\WINDOWS\system32\drivers\down\247578.exe C:\WINDOWS\system32\drivers\down\249015.exe C:\WINDOWS\system32\drivers\down\250625.exe C:\WINDOWS\system32\drivers\down\256468.exe C:\WINDOWS\system32\drivers\down\259140.exe C:\WINDOWS\system32\drivers\down\259812.exe C:\WINDOWS\system32\drivers\down\262375.exe C:\WINDOWS\system32\drivers\down\263859.exe C:\WINDOWS\system32\drivers\down\264984.exe C:\WINDOWS\system32\drivers\down\266343.exe C:\WINDOWS\system32\drivers\down\267671.exe C:\WINDOWS\system32\drivers\down\269218.exe C:\WINDOWS\system32\drivers\down\269718.exe C:\WINDOWS\system32\drivers\down\286453.exe C:\WINDOWS\system32\drivers\down\290671.exe C:\WINDOWS\system32\drivers\down\292843.exe C:\WINDOWS\system32\drivers\down\293781.exe C:\WINDOWS\system32\drivers\down\296843.exe C:\WINDOWS\system32\drivers\down\29755390.exe C:\WINDOWS\system32\drivers\down\29802140.exe C:\WINDOWS\system32\drivers\down\29840750.exe C:\WINDOWS\system32\drivers\down\298531.exe C:\WINDOWS\system32\drivers\down\299109.exe C:\WINDOWS\system32\drivers\down\29958484.exe C:\WINDOWS\system32\drivers\down\300937.exe C:\WINDOWS\system32\drivers\down\30235765.exe C:\WINDOWS\system32\drivers\down\30237531.exe C:\WINDOWS\system32\drivers\down\30379250.exe C:\WINDOWS\system32\drivers\down\30442000.exe C:\WINDOWS\system32\drivers\down\30508656.exe C:\WINDOWS\system32\drivers\down\30532828.exe C:\WINDOWS\system32\drivers\down\30741515.exe C:\WINDOWS\system32\drivers\down\30773718.exe C:\WINDOWS\system32\drivers\down\30791468.exe C:\WINDOWS\system32\drivers\down\30804140.exe C:\WINDOWS\system32\drivers\down\30822234.exe C:\WINDOWS\system32\drivers\down\30915968.exe C:\WINDOWS\system32\drivers\down\30954203.exe C:\WINDOWS\system32\drivers\down\309609.exe C:\WINDOWS\system32\drivers\down\31060234.exe C:\WINDOWS\system32\drivers\down\31099484.exe C:\WINDOWS\system32\drivers\down\31139062.exe C:\WINDOWS\system32\drivers\down\31151031.exe C:\WINDOWS\system32\drivers\down\311703.exe C:\WINDOWS\system32\drivers\down\31176375.exe C:\WINDOWS\system32\drivers\down\31207453.exe C:\WINDOWS\system32\drivers\down\312859.exe C:\WINDOWS\system32\drivers\down\313781.exe C:\WINDOWS\system32\drivers\down\31442046.exe C:\WINDOWS\system32\drivers\down\31443046.exe C:\WINDOWS\system32\drivers\down\31606921.exe C:\WINDOWS\system32\drivers\down\31650906.exe C:\WINDOWS\system32\drivers\down\31733890.exe C:\WINDOWS\system32\drivers\down\31762390.exe C:\WINDOWS\system32\drivers\down\318375.exe C:\WINDOWS\system32\drivers\down\31903484.exe C:\WINDOWS\system32\drivers\down\31929203.exe C:\WINDOWS\system32\drivers\down\31940296.exe C:\WINDOWS\system32\drivers\down\31952078.exe C:\WINDOWS\system32\drivers\down\32018750.exe C:\WINDOWS\system32\drivers\down\32040500.exe C:\WINDOWS\system32\drivers\down\32236390.exe C:\WINDOWS\system32\drivers\down\32327078.exe C:\WINDOWS\system32\drivers\down\323875.exe C:\WINDOWS\system32\drivers\down\325921.exe C:\WINDOWS\system32\drivers\down\330562.exe C:\WINDOWS\system32\drivers\down\337640.exe C:\WINDOWS\system32\drivers\down\341593.exe C:\WINDOWS\system32\drivers\down\353234.exe C:\WINDOWS\system32\drivers\down\368234.exe C:\WINDOWS\system32\drivers\down\369671.exe C:\WINDOWS\system32\drivers\down\3702812.exe C:\WINDOWS\system32\drivers\down\3709375.exe C:\WINDOWS\system32\drivers\down\3716156.exe C:\WINDOWS\system32\drivers\down\373546.exe C:\WINDOWS\system32\drivers\down\3789515.exe C:\WINDOWS\system32\drivers\down\3790250.exe C:\WINDOWS\system32\drivers\down\3798640.exe C:\WINDOWS\system32\drivers\down\3801734.exe C:\WINDOWS\system32\drivers\down\3805093.exe C:\WINDOWS\system32\drivers\down\3808484.exe C:\WINDOWS\system32\drivers\down\3820328.exe C:\WINDOWS\system32\drivers\down\3823953.exe C:\WINDOWS\system32\drivers\down\3824984.exe C:\WINDOWS\system32\drivers\down\3825812.exe C:\WINDOWS\system32\drivers\down\3827671.exe C:\WINDOWS\system32\drivers\down\3833250.exe C:\WINDOWS\system32\drivers\down\3930156.exe C:\WINDOWS\system32\drivers\down\3959281.exe C:\WINDOWS\system32\drivers\down\410109.exe C:\WINDOWS\system32\drivers\down\410250.exe C:\WINDOWS\system32\drivers\down\411875.exe C:\WINDOWS\system32\drivers\down\416078.exe C:\WINDOWS\system32\drivers\down\423812.exe C:\WINDOWS\system32\drivers\down\427500.exe C:\WINDOWS\system32\drivers\down\46901140.exe C:\WINDOWS\system32\drivers\down\46984453.exe C:\WINDOWS\system32\drivers\down\47068640.exe C:\WINDOWS\system32\drivers\down\47225140.exe C:\WINDOWS\system32\drivers\down\473046.exe C:\WINDOWS\system32\drivers\down\47347359.exe C:\WINDOWS\system32\drivers\down\478828.exe C:\WINDOWS\system32\drivers\down\48007218.exe C:\WINDOWS\system32\drivers\down\48037218.exe C:\WINDOWS\system32\drivers\down\48397265.exe C:\WINDOWS\system32\drivers\down\484859.exe C:\WINDOWS\system32\drivers\down\48505234.exe C:\WINDOWS\system32\drivers\down\48636875.exe C:\WINDOWS\system32\drivers\down\48714093.exe C:\WINDOWS\system32\drivers\down\487750.exe C:\WINDOWS\system32\drivers\down\49088359.exe C:\WINDOWS\system32\drivers\down\49152031.exe C:\WINDOWS\system32\drivers\down\49184484.exe C:\WINDOWS\system32\drivers\down\49213281.exe C:\WINDOWS\system32\drivers\down\49331078.exe C:\WINDOWS\system32\drivers\down\49380312.exe C:\WINDOWS\system32\drivers\down\49644296.exe C:\WINDOWS\system32\drivers\down\49751156.exe C:\WINDOWS\system32\drivers\down\558312.exe C:\WINDOWS\system32\drivers\down\560156.exe C:\WINDOWS\system32\drivers\down\561921.exe C:\WINDOWS\system32\drivers\down\591218.exe C:\WINDOWS\system32\drivers\down\64556468.exe C:\WINDOWS\system32\drivers\down\64668828.exe C:\WINDOWS\system32\drivers\down\64730281.exe C:\WINDOWS\system32\drivers\down\64792140.exe C:\WINDOWS\system32\drivers\down\65153281.exe C:\WINDOWS\system32\drivers\down\65154812.exe C:\WINDOWS\system32\drivers\down\94765.exe C:\WINDOWS\system32\drivers\down\99734.exe C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\tmp44.tmp C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wintems.exe C:\WINDOWS\system32\wl.exe C:\WINDOWS\system32\wpcap.dll ----- BITS: Possible sites infect‚s ----- hxxp://au.download.windowsupdaõj . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\NPF -------\srosa ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))))))) . 2008-02-22 17:25 . 2008-02-22 17:25 <REP> d-------- C:\Program Files\Navilog1 2008-02-16 02:13 . 2008-02-23 12:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-15 17:32 . 2008-02-15 17:32 <REP> d-------- C:\_OTMoveIt 2008-02-15 17:15 . 2008-02-15 17:20 <REP> d-------- C:\HjackThis 2008-02-15 00:23 . 2008-02-15 00:23 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-15 00:21 . 2008-02-15 00:21 <REP> d-------- C:\Documents and Settings\XXXX\.housecall6.6 2008-02-15 00:11 . 2008-02-22 16:18 401,720 --a------ C:\HijackThis.exe 2008-02-14 23:21 . 2008-02-14 23:21 <REP> d-------- C:\Program Files\Alwil Software 2008-02-14 23:21 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-14 23:21 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-14 23:21 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-14 23:21 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-14 23:21 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-14 23:21 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-14 23:21 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-14 22:53 . 2008-02-14 22:53 <REP> d-------- C:\Program Files\Promixis 2008-02-10 15:30 . 2008-02-10 15:30 <REP> d-------- C:\Documents and Settings\XXXX\Application Data\iolo 2008-02-10 15:30 . 2008-02-10 15:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-02-06 14:36 . 2008-02-23 14:14 64,748 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000005-0034415A}.rfx 2008-02-06 14:36 . 2008-02-23 14:14 53,744 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-0034415A}.rfx 2008-02-06 14:36 . 2008-02-23 14:14 53,744 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000007-00001102-00000005-0034415A}.rfx 2008-01-26 21:23 . 2008-01-26 21:23 <REP> d-------- C:\Program Files\ASIO4ALL v2 2008-01-26 14:36 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE 2008-01-26 14:36 . 2007-11-06 13:54 12,457 --------- C:\WINDOWS\system32\AudioDrv.ini 2008-01-26 14:22 . 2007-12-17 23:45 1,316,864 -ra------ C:\WINDOWS\system32\CTEXFIFX.DLL 2008-01-26 13:29 . 2008-01-26 14:35 <REP> d-------- C:\WINDOWS\system32\Data 2008-01-26 13:29 . 2007-10-08 14:44 11,776 --a------ C:\WINDOWS\INRES.DLL 2008-01-26 13:29 . 2006-06-09 15:20 3,072 --a------ C:\WINDOWS\CTXFIFRN.DLL 2008-01-26 13:27 . 2008-01-26 14:33 <REP> d-------- C:\Program Files\Auzentech 2008-01-23 18:46 . 2008-01-23 18:46 <REP> d-------- C:\Program Files\Actual Earth 3D 2008-01-23 18:46 . 2008-01-23 18:46 111,616 --a------ C:\WINDOWS\system32\ActualEarth.scr . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-23 13:13 --------- d-----w C:\Program Files\RSSoft 2008-02-23 11:38 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys 2008-02-23 10:27 --------- d-----w C:\Program Files\Steam 2008-02-23 10:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware 2008-02-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware 2008-02-15 16:32 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-02-15 11:45 --------- d-----w C:\Program Files\FlashGet 2008-02-14 21:26 --------- d-----w C:\Documents and Settings\XXXX\Application Data\foobar2000 2008-02-14 05:27 895,148 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-02-14 05:27 88,592,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-14 05:27 2,856,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-02-14 05:27 1,194,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-09 21:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-09 20:32 --------- d-----w C:\Program Files\rFactor 2008-01-30 20:08 --------- d-----w C:\Program Files\Pinnacle 2008-01-26 15:25 --------- d-----w C:\Documents and Settings\XXXX\Application Data\Creative 2008-01-26 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative 2008-01-26 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-26 10:43 --------- d-----w C:\Program Files\Creative 2008-01-21 15:34 --------- d-----w C:\Documents and Settings\XXXX\Application Data\NewsLeecher 2008-01-21 13:32 --------- d-----w C:\Program Files\GameSpy Arcade 2008-01-21 11:09 --------- d-----w C:\Program Files\NewsLeecher 2008-01-12 20:28 --------- d-----w C:\Program Files\GrabIt 2008-01-07 17:21 --------- d-----w C:\Program Files\foobar2000 2008-01-03 20:38 --------- d-----w C:\Documents and Settings\XXXX\Application Data\SystemRequirementsLab 2008-01-03 18:17 --------- d-----w C:\Program Files\adslTV 2008-01-03 17:00 --------- d-----w C:\Program Files\Windows Live 2008-01-03 16:59 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-03 16:56 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-03 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-03 00:29 --------- d-----w C:\Program Files\MediaMonkey 2008-01-02 22:21 --------- d-----w C:\Program Files\Java 2007-12-30 01:17 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-12-30 01:17 --------- d-----w C:\Program Files\FireTune 2007-12-28 18:06 --------- d-----w C:\Program Files\Exact Audio Copy 2007-12-28 18:06 --------- d-----w C:\Documents and Settings\XXXX\Application Data\AccurateRip 2007-12-27 02:09 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-26 22:38 --------- d-----w C:\Program Files\iTunes 2007-12-26 22:38 --------- d-----w C:\Program Files\iPod 2007-12-26 22:36 --------- d-----w C:\Program Files\QuickTime 2007-12-26 22:35 --------- d-----w C:\Program Files\Fichiers communs\Apple 2007-12-26 22:35 --------- d-----w C:\Program Files\Apple Software Update 2007-12-26 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-11-17 18:47 22,328 ----a-w C:\Documents and Settings\XXXX\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 18:43 90112] "Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-21 02:07 1266936] "igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-01-11 16:07 972432] "nHancer"="C:\Program Files\KSE\nHancer 32bit\nHancer.exe" [ ] "Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-07-19 03:17 62436] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-06-11 03:01 694076] "SetDefaultMIDI"="MIDIDef.exe" [2007-12-17 23:41 28672 C:\WINDOWS\system32\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 16:52 113152] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-23 12:55 58992] "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 18:09 1537648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016] "Matchlock Scheduling"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe" [2008-02-23 12:55 45056] "Ulead Remote Control Center"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe" [2005-05-28 16:54 49152] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-07-21 07:21 589824] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "EPSON PictureMate"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.exe" [2003-10-10 04:00 99840] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824] "DJ Console Mk2"="C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2006-01-18 10:50 212992] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 16:53 856064] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [ ] "P17Helper"="SPIRun.dll" [2006-07-03 11:43 10752 C:\WINDOWS\system32\SPIRun.dll] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "VolPanel"="C:\Program Files\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe" [2007-11-05 16:21 217192] "CTxfiHlp"="CTXFIHLP.EXE" [2007-12-17 23:52 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-23 12:55 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019 "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\adslTV\\vlc.exe"= "C:\\Program Files\\adslTV\\adslTV.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Documents and Settings\\XXXX\\Bureau\\vlc-0.8.5-freehd\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000 "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11] R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2007-11-26 09:22] R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-08-18 10:00] R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe" [2006-07-15 19:47] R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe" [2006-07-25 17:36] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2007-12-17 23:44] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2006-01-16 16:23] S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [] S3 CrystalSysInfo;CrystalSysInfo;C:\Program Files\OCCT\SysInfo.sys [2005-09-19 06:08] S3 DigiCellDriver;DigiCellDriver;C:\Program Files\MSI\DigiCell\NTGLM7X.sys [2006-06-07 09:00] S3 HDJAsioK;HDJAsioK;C:\WINDOWS\system32\Drivers\HDJAsioK.sys [2006-01-16 16:17] S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2006-01-16 16:22] S3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 16:58] S3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys [2006-10-11 23:54] S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2006-10-24 15:21] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-10-25 13:40] S3 PTV332;DualTV USB;C:\WINDOWS\system32\DRIVERS\PTV332.SYS [2005-10-24 21:25] S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2006-12-19 09:49] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - "L:\Install FreeAgent Tools.exe" /run . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-21 16:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-23 14:15:27 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-23 14:20:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-23 13:20:32 . 2008-02-13 02:04:21 --- E O F --- -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a répondu à un(e) sujet de ipiyo dans Analyses et éradication malwares
Mon rapport : Fri Feb 15 11:56:09 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 12:03:39 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 12:09:39 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 12:14:12 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 17:59:56 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Fri Feb 15 18:08:56 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 15 18:34:52 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 18:35:15 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 15 19:59:40 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 19:59:43 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 15 20:03:07 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 15 20:03:13 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 808333870 Nº Total de Ficheros: 1344285472 Nº de Ficheros Analizados: 1751348321 Nº de Ficheros Infectados: 1548895790 Nº de Ficheros Limpiados: 540233805 Fri Feb 15 23:09:26 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Fri Feb 15 23:10:37 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Sat Feb 16 01:36:20 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Sat Feb 16 01:36:31 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Sat Feb 16 02:43:08 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Sat Feb 16 02:49:20 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 808333870 Nº Total de Ficheros: 1344285472 Nº de Ficheros Analizados: 1751348321 Nº de Ficheros Infectados: 1548895790 Nº de Ficheros Limpiados: 540233805 Fri Feb 22 17:41:06 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Fri Feb 22 17:42:42 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 22 17:46:24 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 22 17:47:10 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 22 17:53:19 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 22 17:54:12 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 22 17:59:17 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 22 18:00:06 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 22 20:28:10 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 22 20:29:03 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 22 20:35:51 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 22 20:37:19 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Feb 22 20:46:52 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Fri Feb 22 20:47:50 2008 EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ -
Virus Coriace sujet à l'attention de WawaSeb [Résolu]
ipiyo a posté un sujet dans Analyses et éradication malwares
Salut, On m'as dit sur un autre forum de m'adresser ici (particulièrement à WawaSeb) pour mon virus, donc me voilà Voilà mon problème, Merci