Aller au contenu

Ros's

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Ros's

  1. Ros's
    [résolu]
  2. Ros's
    Plus de nouvelles de virus, tout est clean! Grand merci à toi Angélique pour tes instructions claires et précises! Bon boulot
  3. Ros's
    Après un nouveau scan, le resultat me semble positif. J'attends ta confirmation pour je l'espère clore le sujet, et te remercier!!! KASPERSKY ONLINE SCANNER REPORT Sunday, March 16, 2008 7:19:04 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 16/03/2008 Kaspersky Anti-Virus database records: 633666 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 38034 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 00:27:02 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Robinhood\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped C:\Documents and Settings\Robinhood\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robinhood\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Robinhood\ntuser.dat.LOG Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D2CD2B23-8573-408A-8353-DBA21E0D07A4}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{24C95B95-D081-4774-BF3D-815AAEFC5FAA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  4. Ros's
    Voici le rapport demandé Je n'ai pas pu faire un scan avec ewido, mon ordi me dit que ce n'est pas une appliation win32 valide. Désolé pour la lenteur de mes réponses mais j'ai une connexion très lente où je suis! KASPERSKY ONLINE SCANNER REPORT Sunday, March 16, 2008 6:22:53 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 16/03/2008 Kaspersky Anti-Virus database records: 633666 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 38181 Number of viruses found 1 Number of infected objects 1 Number of suspicious objects 0 Duration of the scan process 00:26:43 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Robinhood\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Robinhood\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robinhood\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Robinhood\ntuser.dat.LOG Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D2CD2B23-8573-408A-8353-DBA21E0D07A4}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{24C95B95-D081-4774-BF3D-815AAEFC5FAA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\mstmdm.dll Infected: Trojan.Win32.Agent.bve skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  5. Ros's
    Tout c'est bien passé pour mes clés usb! Je m'occupe de la suite!
  6. Ros's
    Voici le rapport. ComboFix 08-03-14.4 - Robinhood 2008-03-16 16:17:54.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.606 [GMT 2:00] Endroit: C:\Documents and Settings\Robinhood\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Robinhood\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\fsmgmt.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\fsmgmt.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))))))) . 2008-03-13 22:22 . 2008-03-13 22:22 <REP> d-------- C:\Program Files\Managed DirectX (0901) 2008-03-12 16:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-03-12 16:20 . 2008-03-12 16:20 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\vlc 2008-03-11 21:08 . 2008-03-11 21:08 <REP> d-------- C:\Program Files\Lavasoft 2008-03-11 21:08 . 2008-03-11 21:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-11 21:07 . 2008-03-11 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-11 17:23 . 2008-03-11 17:23 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-09 19:50 . 2008-03-09 19:50 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-09 16:43 . 2008-03-09 16:43 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-09 16:16 . 2008-03-09 16:16 <REP> d-------- C:\Program Files\Winamp 2008-03-09 16:16 . 2008-03-09 16:21 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Winamp 2008-03-09 15:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-09 15:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-09 15:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-08 00:20 . 2008-03-08 00:20 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\MSNInstaller 2008-03-07 23:08 . 2007-12-07 04:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-07 23:08 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-03-07 23:08 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-03-07 23:08 . 2007-12-07 04:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-03-07 23:08 . 2007-12-07 04:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-03-07 23:08 . 2007-12-07 04:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-03-07 23:08 . 2007-12-07 04:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-03-07 23:08 . 2007-12-07 04:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-03-07 23:08 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-03-07 23:07 . 2008-03-07 23:08 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-03-07 23:03 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-07 22:49 . 2008-03-07 22:49 <REP> d-------- C:\Program Files\MSXML 4.0 2008-03-07 22:49 . 2008-03-07 22:49 <REP> d-------- C:\Documents and Settings\Robinhood\Contacts 2008-03-07 22:48 . 2008-03-07 22:48 268 --ah----- C:\sqmdata00.sqm 2008-03-07 22:48 . 2008-03-07 22:48 244 --ah----- C:\sqmnoopt00.sqm 2008-03-07 22:36 . 2008-03-07 22:47 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-07 22:35 . 2008-03-07 22:47 <REP> d-------- C:\Program Files\Windows Live 2008-03-07 22:35 . 2008-03-13 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-07 22:19 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-03-07 22:17 . 2006-12-07 06:14 2,330,624 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll 2008-03-07 21:46 . 2007-12-18 11:51 179,584 -----c--- C:\WINDOWS\system32\dllcache\mrxdav.sys 2008-03-07 21:46 . 2007-08-13 18:39 92,672 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll 2008-03-07 19:58 . 2008-03-07 19:58 <REP> d-------- C:\Program Files\Avira 2008-03-07 19:58 . 2008-03-07 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-07 19:08 . 2008-03-07 19:51 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\AdobeUM 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Robinhood\Voisinage r‚seau 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Default User\Voisinage r‚seau 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-06 21:18 . 2008-03-07 22:48 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-03-06 21:18 . 2004-08-20 10:05 3,072,054 --a------ C:\WINDOWS\TOSHIBA SATELLITE.bmp 2008-03-06 21:18 . 2008-03-06 21:18 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-0QT03.MRK 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\WINDOWS 2008-03-06 21:17 . 2006-09-15 16:31 <REP> d--h----- C:\Documents and Settings\Robinhood\Voisinage d'impression 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d--h----- C:\Documents and Settings\Robinhood\ModŠles 2008-03-06 21:17 . 2008-03-09 19:12 <REP> dr------- C:\Documents and Settings\Robinhood\Mes documents 2008-03-06 21:17 . 2008-03-07 05:27 <REP> dr------- C:\Documents and Settings\Robinhood\Menu D‚marrer 2008-03-06 21:17 . 2008-03-07 23:34 <REP> dr------- C:\Documents and Settings\Robinhood\Favoris 2008-03-06 21:17 . 2008-03-16 16:17 <REP> d-------- C:\Documents and Settings\Robinhood\Bureau 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Windows Desktop Search 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\toshiba 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Sonic 2008-03-06 21:17 . 2006-09-22 15:12 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\ATI 2008-03-06 21:16 . 2008-03-07 05:27 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2008-03-06 21:16 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 03:45 --------- d-----w C:\Program Files\X10 Hardware 2008-03-07 03:45 --------- d-----w C:\Program Files\Windows Plus 2008-03-07 03:44 --------- d-----w C:\Program Files\Windows Desktop Search 2008-03-07 03:43 --------- d-----w C:\Program Files\Synaptics 2008-03-07 03:43 --------- d-----w C:\Program Files\Sonic 2008-03-07 03:43 --------- d-----w C:\Program Files\Services en ligne 2008-03-07 03:43 --------- d-----w C:\Program Files\Realtek 2008-03-07 03:42 --------- d-----w C:\Program Files\MSN Toolbar Suite 2008-03-07 03:42 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-07 03:41 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-07 03:41 --------- d-----w C:\Program Files\ltmoh 2008-03-07 03:41 --------- d-----w C:\Program Files\InterVideo 2008-03-07 03:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\InterVideo 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-07 03:39 --------- d-----w C:\Program Files\Common Files 2008-03-07 03:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander 2008-03-07 03:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search 2008-03-07 03:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\toshiba 2008-03-07 03:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic 2008-03-06 20:03 --------- d-----w C:\Program Files\Toshiba 2008-03-06 19:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-06 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-06 19:19 --------- d-----w C:\Program Files\Intel . ((((((((((((((((((((((((((((( snapshot@2008-03-16_14.59.16,26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-06 19:13:50 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-16 13:23:30 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-06 19:13:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-03-16 13:23:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-03-06 19:13:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-16 13:23:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120] "nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352] "TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784] "TFncKy"="TFncKy.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-07 21:40 249896] "CFSServ.exe"="CFSServ.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --a------ 2004-08-18 12:37 184320 C:\Program Files\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 16:20:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-16 16:23:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-16 14:23:04 ComboFix2.txt 2008-03-16 12:59:27 . 2008-03-13 16:56:02 --- E O F ---
  7. Ros's
    Ok, voici le rapport: ComboFix 08-03-14.4 - Robinhood 2008-03-16 14:58:07.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.566 [GMT 2:00] Endroit: C:\Documents and Settings\Robinhood\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Robinhood\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))))))) . 2008-03-16 14:34 . 2008-03-16 14:34 45,056 --a------ C:\WINDOWS\system32\fsmgmt.dll 2008-03-13 22:22 . 2008-03-13 22:22 <REP> d-------- C:\Program Files\Managed DirectX (0901) 2008-03-12 16:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-03-12 16:20 . 2008-03-12 16:20 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\vlc 2008-03-11 21:08 . 2008-03-11 21:08 <REP> d-------- C:\Program Files\Lavasoft 2008-03-11 21:08 . 2008-03-11 21:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-11 21:07 . 2008-03-11 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-11 17:23 . 2008-03-11 17:23 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-09 19:50 . 2008-03-09 19:50 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-09 16:43 . 2008-03-09 16:43 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-09 16:16 . 2008-03-09 16:16 <REP> d-------- C:\Program Files\Winamp 2008-03-09 16:16 . 2008-03-09 16:21 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Winamp 2008-03-09 15:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-09 15:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-09 15:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-08 00:20 . 2008-03-08 00:20 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\MSNInstaller 2008-03-07 23:08 . 2007-12-07 04:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-07 23:08 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-03-07 23:08 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-03-07 23:08 . 2007-12-07 04:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-03-07 23:08 . 2007-12-07 04:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-03-07 23:08 . 2007-12-07 04:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-03-07 23:08 . 2007-12-07 04:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-03-07 23:08 . 2007-12-07 04:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-03-07 23:08 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-03-07 23:07 . 2008-03-07 23:08 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-03-07 23:03 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-07 22:49 . 2008-03-07 22:49 <REP> d-------- C:\Program Files\MSXML 4.0 2008-03-07 22:49 . 2008-03-07 22:49 <REP> d-------- C:\Documents and Settings\Robinhood\Contacts 2008-03-07 22:48 . 2008-03-07 22:48 268 --ah----- C:\sqmdata00.sqm 2008-03-07 22:48 . 2008-03-07 22:48 244 --ah----- C:\sqmnoopt00.sqm 2008-03-07 22:36 . 2008-03-07 22:47 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-07 22:35 . 2008-03-07 22:47 <REP> d-------- C:\Program Files\Windows Live 2008-03-07 22:35 . 2008-03-13 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-07 22:19 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-03-07 22:17 . 2006-12-07 06:14 2,330,624 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll 2008-03-07 21:46 . 2007-12-18 11:51 179,584 -----c--- C:\WINDOWS\system32\dllcache\mrxdav.sys 2008-03-07 21:46 . 2007-08-13 18:39 92,672 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll 2008-03-07 19:58 . 2008-03-07 19:58 <REP> d-------- C:\Program Files\Avira 2008-03-07 19:58 . 2008-03-07 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-07 19:08 . 2008-03-07 19:51 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\AdobeUM 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Robinhood\Voisinage réseau 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Default User\Voisinage réseau 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-06 21:19 . 2008-03-06 21:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-03-06 21:19 . 2008-03-06 21:19 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-06 21:18 . 2008-03-07 22:48 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-03-06 21:18 . 2004-08-20 10:05 3,072,054 --a------ C:\WINDOWS\TOSHIBA SATELLITE.bmp 2008-03-06 21:18 . 2008-03-06 21:18 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-0QT03.MRK 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\WINDOWS 2008-03-06 21:17 . 2006-09-15 16:31 <REP> d--h----- C:\Documents and Settings\Robinhood\Voisinage d'impression 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d--h----- C:\Documents and Settings\Robinhood\Modèles 2008-03-06 21:17 . 2008-03-09 19:12 <REP> dr------- C:\Documents and Settings\Robinhood\Mes documents 2008-03-06 21:17 . 2008-03-07 05:27 <REP> dr------- C:\Documents and Settings\Robinhood\Menu Démarrer 2008-03-06 21:17 . 2008-03-07 23:34 <REP> dr------- C:\Documents and Settings\Robinhood\Favoris 2008-03-06 21:17 . 2008-03-16 14:58 <REP> d-------- C:\Documents and Settings\Robinhood\Bureau 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Windows Desktop Search 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\toshiba 2008-03-06 21:17 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\Sonic 2008-03-06 21:17 . 2006-09-22 15:12 <REP> d-------- C:\Documents and Settings\Robinhood\Application Data\ATI 2008-03-06 21:16 . 2008-03-07 05:27 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2008-03-06 21:16 . 2008-03-07 05:27 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 03:45 --------- d-----w C:\Program Files\X10 Hardware 2008-03-07 03:45 --------- d-----w C:\Program Files\Windows Plus 2008-03-07 03:44 --------- d-----w C:\Program Files\Windows Desktop Search 2008-03-07 03:43 --------- d-----w C:\Program Files\Synaptics 2008-03-07 03:43 --------- d-----w C:\Program Files\Sonic 2008-03-07 03:43 --------- d-----w C:\Program Files\Services en ligne 2008-03-07 03:43 --------- d-----w C:\Program Files\Realtek 2008-03-07 03:42 --------- d-----w C:\Program Files\MSN Toolbar Suite 2008-03-07 03:42 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-07 03:41 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-07 03:41 --------- d-----w C:\Program Files\ltmoh 2008-03-07 03:41 --------- d-----w C:\Program Files\InterVideo 2008-03-07 03:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\InterVideo 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-03-07 03:39 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-07 03:39 --------- d-----w C:\Program Files\Common Files 2008-03-07 03:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander 2008-03-07 03:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search 2008-03-07 03:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\toshiba 2008-03-07 03:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic 2008-03-06 20:03 --------- d-----w C:\Program Files\Toshiba 2008-03-06 19:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-06 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-06 19:19 --------- d-----w C:\Program Files\Intel . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120] "nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352] "TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784] "TFncKy"="TFncKy.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-07 21:40 249896] "CFSServ.exe"="CFSServ.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt] fsmgmt.dll 2008-03-16 14:34 45056 C:\WINDOWS\system32\fsmgmt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --a------ 2004-08-18 12:37 184320 C:\Program Files\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2abf9354-f033-11dc-9ccf-00a0d15d7a96}] \Shell\AutoRun\command - E:\ \Shell\open\Command - rundll32.exe .\desktop.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0506fb-ec87-11dc-9cc9-00a0d15d7a96}] \Shell\Auto\command - F:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a18fe57-ede3-11dc-9ccc-00a0d15d7a96}] \Shell\Auto\command - E:\UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 14:59:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-16 14:59:26 . 2008-03-13 16:56:02 --- E O F ---
  8. Ros's
    J'ai un souci, rien ne se passe lorsque je fais glisser CFScript dans ComboFix. J'ai pourtant bien suivi tes instructions Il ne me donne aucune instruction et le scan ne se lance pas. Et j'ai coupé l'antivirus.
  9. Ros's
    Bonjour à tous, Je galère depuis quelques jours avec Song911.exe et newloader[1].exe. Ce sont deux virus qui reviennent à chaque allumage de mon ordi. Malgré les infos que j'ai pu avoir sur le net, je n'ai pu les éradiqués. Je m'en remet donc à votre expérience pour me donner un coup de main!! Merci d'avance Voici mon rapport HijackThis Apparemment, c'est deux virus seraient liés au même virus: un trojan infostealer wowcraft. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:45, on 16/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE c:\windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Documents and Settings\Robinhood\Mes documents\Logiciels\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8524 bytes
×
×
  • Créer...