Aller au contenu

chniout

Membres
  • Compteur de contenus

    16
  • Inscription

  • Dernière visite

chniout's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Salut à tous ! Je suis propriétaire d'un Asus M51SN-AS023C et je me demande, si avec Vista, j'utilise au mieux les capacités de mon pc. Je suis étudiant en architecture et je n'ai pas pu installer tous les logiciels que je voulais parce que je suis sous Vista : impossible d'installer autocad et 3Ds max par exemple. Pensez-vous qu'il serait préférable que je passe sous XP ou que je reste sous Vista (je n'ai pas bien cherché, il doit surement y avoir des versions d'autocad et de 3Ds max compatible avec Vista) ? Je sais que beaucoup d'étudiants de mon école en ont eu marre de Vista et sont passés sous XP, ont-ils eu raison ? Merci !
  2. Alors ce sera materiel.net, la garantie ASUS est de 2 ans, et l'extension de garantie 3e année sur site s'élève 128,90 €, bon ça dépasse mon budget mais c'était prévisible ! (question conne :-s, pourquoi 3 ans ?)
  3. Merci de m'avoir répondu ! La GeForce 9500 M GS de l'ASUS est légèrement supérieure à le GeForce 8600 GT que m'a conseillée un vendeur de la FNAC (en prenant bien évidemment en compte mon budget). J'ai voulu chercher des pc avec des cartes graphiques plus puissantes, mais les prix grimpent à 1500 voire 2000€. Alors je pense prendre l'ASUS. En espérant faire le bon choix... Il est à 1028€ sur matériel.net et à 986€ sur magipc, sachant qu'il y a un matériel.net dans ma ville (Nantes). Il vaut mieux que je choissise matériel.net ? Merci.
  4. Bonjour à tous, Je suis étudiant en archi et j'utilise des logiciels type autocad, archicad, sketchup, 3Ds max, cinéma 4D, etc... Je cherche un portable et après de nombreuses recherches je pense prendre ce modèle : http://www.magicpc.fr/asus-portable-m51sn-...remium/p-12093/ pour plus de détails : http://www.materiel.net/ctl/PC_Portables/3...1SN_AS022C.html Qu'en pensez-vous ? Sachant que je préfère prendre un 15 pouces, qu'un pavé numérique intégré est un plus, que je compte le conserver jusqu'à la fin de mes études, c'est-à-dire 3 ans, et que mon budget ne doit pas dépasser 1100 euros grand maximum. Si vous avez d'autres pc à me conseiller, je suis preneur ! Je vous remercie
  5. Bonjour à tous, Je vais acheter un portable mais je suis un peu perdu parmi tt ce qui est proposé. Je suis étudiant en architecture et g donc besoin de qqch d'assez puissant, j'utilise des logiciels type 3Ds max, archicad, photoshop, sketchup, etc... On me conseille un processeur core 2 duo, d'au moins 2 Ghz, mais je ne sais pas du tt ce qu'il me faut comme carte graphique, g du mal a comprendre leur classement. J'avais repéré des toshiba ac des offres intéressantes mais ils possèdent une carte ATI Radeon HD 2600 et je pense que ce n'est pas assez. J'ai répéré des ASUS un peu plus cher mais avec une carte nVidia Geforce 9500 M GS, est-ce bcp plus puissant ? Que me conseillez-vous comme carte ? Merci ! (PS : mon budget est de 1000/1100 € max)
  6. Bonjour ! Ca y est, plus de virus ! Voici le rapport de kapersky __________________________________________________________________ Selected target: My Computer Source: A:\; C:\; D:\; E:\; F:\; Report is empty. Please note: The free Kaspersky Online Scanner does not provide comprehensive protection and cannot prevent future infections. It only detects malware that has already penetrated your storage devices. We strongly recommend that you use a fully-functional antivirus solution to protect your computer at all times. Please wait, this process may take a long time depending on the selected target. If you want to continue browsing, open a new window. Scan Progress [98%]: Total number of scanned objects: 128100 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 02:15:04
  7. j'ajoute un bout de scan ac 1 virus (je l'avais arreté pr mieux configurer antivir) merci ________________________________________________________________________________ ____________________ AntiVir PersonalEdition Classic Report file date: dimanche 23 mars 2008 19:24 Scanning for 1163542 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ROMAIN-24A41661 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:16:01 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 18:16:01 ANTIVIR3.VDF : 7.0.3.65 36864 Bytes 23/03/2008 18:16:01 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 23/03/2008 18:16:04 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/03/2008 18:16:04 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 23 mars 2008 19:24 Starting search for hidden objects. '76484' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'Photoshop.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 24 processes with 24 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' C:\Autorun.inf [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2 [iNFO] The file was moved to '485aa169.qua'! C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: dimanche 23 mars 2008 19:27 Used time: 03:35 min The scan has been canceled! 253 Scanning directories 1800 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 1799 Files not concerned 4 Archives were scanned 1 Warnings 0 Notes 76484 Objects were scanned with rootkit scan 0 Hidden objects were found
  8. bonjour ! En effet, c t bien ZA qui bloquait le chargement de ewido et antivir Voici les rapports ewido, antivir et hijackthis : merci ! __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Romain\Cookies\romain@atdmt[1].txt Risk: Medium Name: Worm.AutoRun.aha Path: [1200] C:\WINDOWS\System.exe Risk: High Name: TrackingCookie.Doubleclick Path: :mozilla.6:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies-1.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.7:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies-1.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.8:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies-1.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.9:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies-1.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.9:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.10:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Adviva Path: :mozilla.19:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.20:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.26:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.27:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Bluestreak Path: :mozilla.28:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.29:C:\Documents and Settings\Romain\Application Data\Mozilla\Firefox\Profiles\pyzx16ma.default\cookies.txt Risk: Medium Name: Worm.AutoRun.aha Path: C:\Recycled\INFO.EXE Risk: High Name: Worm.AutoRun.aha Path: C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0001068.EXE Risk: High Name: Worm.AutoRun.aha Path: C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0002067.EXE Risk: High Name: Worm.AutoRun.aha Path: C:\WINDOWS\System.exe Risk: High Name: Worm.AutoRun.aha Path: D:\Recycled\INFO.EXE Risk: High ________________________________________________________________________________ _____ AntiVir PersonalEdition Classic Report file date: dimanche 23 mars 2008 19:29 Scanning for 1163542 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ROMAIN-24A41661 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:16:01 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 18:16:01 ANTIVIR3.VDF : 7.0.3.65 36864 Bytes 23/03/2008 18:16:01 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 23/03/2008 18:16:04 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/03/2008 18:16:04 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: quarantine Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 23 mars 2008 19:29 Starting search for hidden objects. '76488' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'Photoshop.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 24 processes with 24 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Romain\Bureau\[27][email protected] [0] Archive type: ZIP --> Qux36.sys [DETECTION] Is the Trojan horse TR/Drop.Agent.NBG [iNFO] The file was moved to '481da2e6.qua'! C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe [DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN [iNFO] The file was moved to '484fa6ea.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0001064.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4816abf1.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0001065.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4968236a.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0001066.inf [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2 [iNFO] The file was moved to '4816abf3.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0002063.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4816abf2.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0002064.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4968236b.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0002065.inf [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2 [iNFO] The file was moved to '4816abf4.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP1\A0002073.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4968236c.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP4\A0002100.inf [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2 [iNFO] The file was moved to '4816abfb.qua'! C:\System Volume Information\_restore{FC150528-618E-4416-95C2-7C559D23A3D9}\RP4\A0002101.exe [DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN [iNFO] The file was moved to '49682364.qua'! C:\WINDOWS\Config\Svchost.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4849ae0e.qua'! C:\WINDOWS\Config\System.exe [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1 [iNFO] The file was moved to '4859ae12.qua'! Begin scan in 'D:\' D:\Autorun.inf [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2 [iNFO] The file was moved to '485ab1c9.qua'! D:\Emule\Incoming\Autodesk 3ds max 9 crack0.exe [DETECTION] Is the Trojan horse TR/Dldr.Calac.AB [iNFO] The file was moved to '485ab42b.qua'! End of the scan: dimanche 23 mars 2008 20:55 Used time: 1:26:27 min The scan has been done completely. 9077 Scanning directories 439277 Files were scanned 15 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 15 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 439262 Files not concerned 2959 Archives were scanned 1 Warnings 1 Notes 76488 Objects were scanned with rootkit scan 0 Hidden objects were found ________________________________________________________________________________ ___________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:01, on 23/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Photoshop CS\Photoshop.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F3 - REG:win.ini: load=System F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3020 bytes
  9. Alors g installé ewido et antivir, mais impossible de les mettre à jour. Pourtant firefox et msn par exemple sont connectés. :-s Voici le rapport de mise à jour d'antivir Merci encore _____________________________________________________________ 22.03.2008 20:22:35 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 22.03.2008 20:22:35 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\ 22.03.2008 20:22:35 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47e55c7b\ 22.03.2008 20:22:35 - Start the Update GUI... Displaymode: 0 22.03.2008 20:22:35 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 22.03.2008 20:22:35 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\ 22.03.2008 20:22:35 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47e55c7b\ 22.03.2008 20:22:35 - Start the Update GUI... Displaymode: 0 22.03.2008 20:22:38 - Keyfile: OK [FULL Mode] 22.03.2008 20:22:38 - Avira AntiVir PersonalEdition Classic 22.03.2008 20:22:44 - Connection failed while downloading the file http://dl3.avgate.net/upd/idx/master.idx. 22.03.2008 20:22:44 - Switching to next update server 22.03.2008 20:22:44 - Connection failed while downloading the file http://dl2.avgate.net/upd/idx/master.idx. 22.03.2008 20:22:44 - Switching to next update server 22.03.2008 20:22:45 - Connection failed while downloading the file http://dl1.avgate.net/upd/idx/master.idx. 22.03.2008 20:22:45 - Switching to next update server 22.03.2008 20:22:45 - Connection failed while downloading the file http://dl5.avgate.net/upd/idx/master.idx. 22.03.2008 20:22:45 - Switching to next update server 22.03.2008 20:22:47 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress 22.03.2008 20:22:47 - Critical error: Connection failed while downloading the file http://dl6.avgate.net/upd/idx/master.idx.
  10. bonjour ! alors je n'ai pas tenu compte de l'av dernier post, uniquement du dernier, g dc installé antivir et voici le nouveau rapport de combofix : ________________________________________________________________________________ _____________________________________ ComboFix 08-03-21.1 - Romain 2008-03-22 14:09:38.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.45 [GMT 1:00] Endroit: C:\Documents and Settings\Romain\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Romain\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\ntnut.exe C:\WINDOWS\smss.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\ntnut.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINDOWS_NT-SESSION_MANAGER -------\Service_Windows NT-Session Manager ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))) . 2008-03-22 14:08 . 2008-03-22 14:08 3,631 --a------ C:\5.tmp 2008-03-22 14:07 . 2008-03-22 14:07 3,631 --a------ C:\2.tmp 2008-03-22 14:04 . 2008-03-22 14:04 3,631 --a------ C:\1.tmp 2008-03-22 13:40 . 2008-03-22 13:40 <REP> d-------- C:\Program Files\Avira 2008-03-22 13:40 . 2008-03-22 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-21 20:44 . 2008-03-21 20:44 3,631 --a------ C:\4.tmp 2008-03-20 02:24 . 2008-03-20 02:24 <REP> d-------- C:\Program Files\Trend Micro 2008-03-20 00:21 . 2008-03-20 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-20 00:21 . 2008-03-20 00:21 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-18 23:22 . 2008-03-20 05:02 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-03-18 23:17 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\Romain\Application Data\Bitdefender 2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Program Files\Softwin 2008-03-18 23:12 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-03-18 23:09 . 2008-03-20 05:32 <REP> d-------- C:\Program Files\Fichiers communs\Softwin 2008-03-12 03:26 . 2008-03-12 03:26 276 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-11 23:16 . 2008-03-11 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-11 21:52 . 2008-03-11 21:52 <REP> d-------- C:\Program Files\stc 2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\WINDOWS\FLEOK 2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\Program Files\zango 2008-03-11 21:51 . 2008-03-11 21:51 31,488 --a------ C:\WINDOWS\system32\shdocpe.dll 2008-03-11 21:51 . 2008-03-11 21:51 24,576 --a------ C:\WINDOWS\msapasrc.dll 2008-03-11 21:51 . 2008-03-11 21:51 22,016 --a------ C:\WINDOWS\didduid.ini 2008-03-11 21:51 . 2008-03-11 21:51 17,920 --a------ C:\WINDOWS\system32\SIPSPI32.dll 2008-03-11 21:51 . 2008-03-11 21:51 17,152 --a------ C:\WINDOWS\123messenger.per 2008-03-11 21:51 . 2008-03-11 21:51 15,616 --a------ C:\WINDOWS\system32\MSNSA32.dll 2008-03-11 21:51 . 2008-03-11 21:51 12,544 --a------ C:\WINDOWS\system32\ntnut32.exe 2008-03-11 21:51 . 2008-03-11 21:51 10,752 --a------ C:\WINDOWS\msa64chk.dll 2008-03-11 21:51 . 2008-03-11 21:51 8,704 --a------ C:\WINDOWS\shdocpl.dll 2008-03-11 21:50 . 2008-03-11 21:50 <REP> d-------- C:\Program Files\Sysmnt 2008-03-11 21:39 . 2008-03-11 22:28 2 --a------ C:\74060203 2008-03-10 21:33 . 2008-03-10 21:33 <REP> d-------- C:\Documents and Settings\Romain\Application Data\MSNInstaller 2008-03-10 21:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-10 21:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-10 21:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-09 23:18 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-09 23:03 . 2008-03-09 23:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-09 23:02 . 2008-03-11 00:36 <REP> d-------- C:\Program Files\Windows Live 2008-03-09 23:02 . 2008-03-20 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-09 22:59 . 2008-03-09 22:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-09 18:45 . 2008-03-09 19:38 183 --a------ C:\Unit‚ DirectCD (E).lnk 2008-03-09 02:27 . 2008-03-09 02:28 684 --a------ C:\WINDOWS\mozver.dat 2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata08.sqm 2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata07.sqm 2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt08.sqm 2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt07.sqm 2008-03-07 18:10 . 2008-03-17 02:02 <REP> d-------- C:\Documents and Settings\Romain\Application Data\LimeWire 2008-02-22 14:36 . 2008-02-22 14:36 268 --ah----- C:\sqmdata05.sqm 2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt06.sqm 2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt05.sqm 2008-02-22 14:36 . 2008-02-22 14:36 136 --ah----- C:\sqmdata06.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-20 02:44 2,287,616 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp 2008-03-20 01:53 1,530,368 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-03-20 00:25 2,381,824 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp 2008-03-19 22:08 739,328 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp 2008-03-19 22:08 2,381,312 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp 2008-03-19 13:59 --------- d-----w C:\Program Files\Online_TV 2008-03-17 00:53 --------- d-----w C:\Program Files\eMule 2008-03-15 20:35 2,932,736 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-03-13 09:12 3,444,224 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-03-11 14:22 724,480 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-03-10 20:27 --------- d-----w C:\Program Files\MSN Messenger 2008-03-09 15:36 964,608 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-03-09 15:36 2,295,296 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-03-09 01:40 --------- d-----w C:\Program Files\Java 2008-03-09 01:28 --------- d-----w C:\Program Files\DivX 2008-03-04 21:20 2,190,848 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-03-03 06:23 1,802,752 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-02-29 22:19 2,136,064 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-15 23:29 2,000,896 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2008-02-09 19:33 2,094,080 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-02-04 11:37 5,329,408 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-02-04 11:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-04 11:16 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-02-04 11:16 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-04 11:16 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-16 14:50 16,726,909 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_16_15_16_31_full.dmp.zip 2008-01-16 14:49 123,517 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_16_15_18_03_small.dmp.zip 2007-12-26 17:56 720,896 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2007-12-20 09:59 3,248,128 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2007-12-20 09:59 2,011,136 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2007-12-18 06:25 2,007,552 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2007-12-17 13:45 5,904,066 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-11-07 01:33 1,891,840 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2007-11-02 21:44 1,884,672 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2007-10-30 21:12 16,676,816 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_29_14_04_13_full.dmp.zip 2007-10-24 17:02 1,863,680 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2007-10-24 17:01 1,458,688 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2007-10-22 18:07 1,860,608 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2007-10-12 08:40 1,275,392 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2007-10-03 18:01 2,915,328 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-10-03 18:01 1,782,784 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2007-09-24 07:22 1,766,400 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-07-02 10:02 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-06-16 09:05 2,889,216 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-06-08 18:41 3,016,704 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2007-05-17 18:37 3,913,216 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2007-04-26 13:21 2,944,000 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-04-20 10:46 3,075,584 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-04-20 10:46 1,486,848 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-03-24 14:27 2,484,224 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-03-24 14:27 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-03-21 21:27 222,720 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp . ((((((((((((((((((((((((((((( snapshot@2008-03-21_20.03.32.98 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FAST Defrag"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StandardInstall"="" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoUserNameInStartMenu"= 1 (0x1) "NoInstrumentation"= 0 (0x0) "NoStartMenuPinnedList"= 0 (0x0) "ForceStartMenuLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Firewall System] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Windows NT-Session Manager"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\@Last Software\\SketchUp 3.0\\SketchUp.exe"= "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"= "C:\\Program Files\\amsn\\bin\\wish.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-17 18:00] R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [] S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a944007d-4dff-11da-92e2-000000000010}] \Shell\AutoRun\command - F:\setupSNK.exe *Newly Created Service* - SSMDRV . Contents of the 'Scheduled Tasks' folder "2008-03-15 19:39:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-22 14:15:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Completion time: 2008-03-22 14:19:22 - machine was rebooted [Romain] ComboFix-quarantined-files.txt 2008-03-22 13:19:17 ComboFix2.txt 2008-03-21 19:53:32 ComboFix3.txt 2008-03-21 19:03:58 . 2008-03-12 07:28:06 --- E O F --- ________________________________________________________________________________ ___________ Merci !
  11. excusez moi, g du vous embrouiller :-s vous retrouverez ci dessous les derniers rapports combofix et hijackthis : ________________________________________________________________________________ _________________________ ComboFix 08-03-21.1 - Romain 2008-03-21 20:44:48.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.55 [GMT 1:00] Endroit: C:\Documents and Settings\Romain\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Romain\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\d.MSNFix C:\wcbcapm.exe C:\wcbcapm.MSNFix C:\WINDOWS\system32\drivers\Qux36.sys C:\WINDOWS\system32\drivers\riode32.sys C:\WINDOWS\system32\Drivers\Rvy36.sys C:\WINDOWS\System32\eqdtrn.exe C:\WINDOWS\system32\winfrun32.bin C:\WINDOWS\system32\WLCtrl32.dll C:\xkufbjjc.exe C:\xkufbjjc.MSNFix . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\74060203\ C:\d.MSNFix C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\wcbcapm.exe C:\wcbcapm.MSNFix C:\WINDOWS\system32\drivers\Qux36.sys C:\WINDOWS\system32\winfrun32.bin C:\WINDOWS\system32\WLCtrl32.dll C:\xkufbjjc.exe C:\xkufbjjc.MSNFix . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_QUX36 -------\Legacy_RIODE32 -------\Service_Qux36 -------\Service_riode32 -------\Service_Rvy36 ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-21 20:44 . 2008-03-21 20:44 3,631 --a------ C:\4.tmp 2008-03-20 02:24 . 2008-03-20 02:24 <REP> d-------- C:\Program Files\Trend Micro 2008-03-20 00:21 . 2008-03-20 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-20 00:21 . 2008-03-20 00:21 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-18 23:22 . 2008-03-20 05:02 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-03-18 23:17 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\Romain\Application Data\Bitdefender 2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Program Files\Softwin 2008-03-18 23:12 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-03-18 23:09 . 2008-03-20 05:32 <REP> d-------- C:\Program Files\Fichiers communs\Softwin 2008-03-12 03:26 . 2008-03-12 03:26 276 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-11 23:16 . 2008-03-11 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-11 21:52 . 2008-03-11 21:52 <REP> d-------- C:\Program Files\stc 2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\Program Files\zango 2008-03-11 21:50 . 2008-03-11 21:50 <REP> d-------- C:\Program Files\Sysmnt 2008-03-11 21:50 . 2008-03-11 21:50 29,696 --a------ C:\WINDOWS\asycfilt32.dll 2008-03-11 21:39 . 2008-03-11 22:28 2 --a------ C:\74060203 2008-03-10 21:33 . 2008-03-10 21:33 <REP> d-------- C:\Documents and Settings\Romain\Application Data\MSNInstaller 2008-03-10 21:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-10 21:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-10 21:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-09 23:18 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-09 23:03 . 2008-03-09 23:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-09 23:02 . 2008-03-11 00:36 <REP> d-------- C:\Program Files\Windows Live 2008-03-09 23:02 . 2008-03-20 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-09 22:59 . 2008-03-09 22:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-09 18:45 . 2008-03-09 19:38 183 --a------ C:\Unit‚ DirectCD (E).lnk 2008-03-09 02:27 . 2008-03-09 02:28 684 --a------ C:\WINDOWS\mozver.dat 2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata08.sqm 2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata07.sqm 2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt08.sqm 2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt07.sqm 2008-03-07 18:10 . 2008-03-17 02:02 <REP> d-------- C:\Documents and Settings\Romain\Application Data\LimeWire 2008-02-22 14:36 . 2008-02-22 14:36 268 --ah----- C:\sqmdata05.sqm 2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt06.sqm 2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt05.sqm 2008-02-22 14:36 . 2008-02-22 14:36 136 --ah----- C:\sqmdata06.sqm 2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 13:59 --------- d-----w C:\Program Files\Online_TV 2008-03-17 00:53 --------- d-----w C:\Program Files\eMule 2008-03-11 20:51 8,704 ----a-w C:\WINDOWS\shdocpl.dll 2008-03-11 20:51 24,576 ----a-w C:\WINDOWS\msapasrc.dll 2008-03-11 20:51 17,152 ----a-w C:\WINDOWS\ntnut.exe 2008-03-11 20:51 10,752 ----a-w C:\WINDOWS\msa64chk.dll 2008-03-10 20:27 --------- d-----w C:\Program Files\MSN Messenger 2008-03-09 01:40 --------- d-----w C:\Program Files\Java 2008-03-09 01:28 --------- d-----w C:\Program Files\DivX 2008-02-04 11:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-04 11:16 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FAST Defrag"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StandardInstall"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoUserNameInStartMenu"= 1 (0x1) "NoInstrumentation"= 0 (0x0) "NoStartMenuPinnedList"= 0 (0x0) "ForceStartMenuLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Firewall System] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Windows NT-Session Manager"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\@Last Software\\SketchUp 3.0\\SketchUp.exe"= "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"= "C:\\Program Files\\amsn\\bin\\wish.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-17 18:00] R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [] S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00] S4 Windows NT-Session Manager;Windows NT-Session Manager;"C:\WINDOWS\smss.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a944007d-4dff-11da-92e2-000000000010}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-03-15 19:39:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-21 20:50:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Completion time: 2008-03-21 20:53:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-21 19:53:27 ComboFix2.txt 2008-03-21 19:03:58 . 2008-03-12 07:28:06 --- E O F --- ________________________________________________________________________________ ______________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:01:02, on 21/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\WinAce\WinAce.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 2481 bytes ________________________________________________________________________________ ________________________________________________________ Merci de votre aide
  12. merci de votre réponse, euh je possède avast ! voici le rapport de combofix (PS : je fais les transferts de rapports via une clé usb, je ne suis pas connecté sur le pc infecté) ________________________________________________________________________________ _____________________________ ComboFix 08-03-21.1 - Romain 2008-03-21 19:54:42.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.63 [GMT 1:00] Endroit: C:\Documents and Settings\Romain\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\Documents and Settings\Romain\Application Data\ShoppingReport C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\res1\WhiteList.dbs C:\Program Files\Fichiers communs\Delsim C:\Program Files\Fichiers communs\Delsim\uninstall.bat C:\Program Files\seekmo C:\Program Files\seekmo\seekmo_gdf.dat C:\Program Files\seekmo\seekmo_hpk.dat C:\Program Files\seekmo\seekmo_kyf.dat C:\Program Files\seekmo\seekmoau.dat C:\Program Files\seekmo\seekmohook.dll C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Uninst.exe C:\WINDOWS\180ax.exe C:\WINDOWS\2020search.dll C:\WINDOWS\2020search2.dll C:\WINDOWS\bjam.dll C:\WINDOWS\bokja.exe C:\WINDOWS\cdsm32.dll C:\WINDOWS\default.htm C:\WINDOWS\help\hqaply.chm C:\WINDOWS\help\lagednick.chm C:\WINDOWS\mspphe.dll C:\WINDOWS\mssvr.exe C:\WINDOWS\saiemod.dll C:\WINDOWS\salm.exe C:\WINDOWS\stcloader.exe C:\WINDOWS\swin32.dll C:\WINDOWS\system32\adult.txt C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\finance.txt C:\WINDOWS\system32\lt.res C:\WINDOWS\system32\msixu.dll C:\WINDOWS\system32\other.txt C:\WINDOWS\system32\pharma.txt C:\WINDOWS\system32\sft.res C:\WINDOWS\system32\wer8274.dll C:\WINDOWS\updatetc.exe C:\WINDOWS\voiceip.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hqaply -------\Service_lagednick ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-20 02:24 . 2008-03-20 02:24 <REP> d-------- C:\Program Files\Trend Micro 2008-03-20 00:21 . 2008-03-20 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-20 00:21 . 2008-03-20 00:21 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-19 21:29 . 2008-03-19 02:50 <REP> d-------- C:\SDFix 2008-03-19 10:58 . 2008-03-21 20:00 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll 2008-03-18 23:22 . 2008-03-20 05:02 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-03-18 23:17 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\Romain\Application Data\Bitdefender 2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Program Files\Softwin 2008-03-18 23:12 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-03-18 23:09 . 2008-03-20 05:32 <REP> d-------- C:\Program Files\Fichiers communs\Softwin 2008-03-12 03:26 . 2008-03-12 03:26 276 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-11 23:16 . 2008-03-11 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-11 22:28 . 2008-03-11 22:28 0 --a------ C:\d.MSNFix 2008-03-11 22:25 . 2008-03-11 22:25 6,656 --a------ C:\xkufbjjc.MSNFix 2008-03-11 22:25 . 2008-03-11 22:25 6,656 --a------ C:\xkufbjjc.exe 2008-03-11 21:52 . 2008-03-11 21:52 <REP> d-------- C:\Program Files\stc 2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\Program Files\zango 2008-03-11 21:50 . 2008-03-11 21:50 <REP> d-------- C:\Program Files\Sysmnt 2008-03-11 21:50 . 2008-03-11 21:50 29,696 --a------ C:\WINDOWS\asycfilt32.dll 2008-03-11 21:39 . 2008-03-11 22:28 2 --a------ C:\74060203 2008-03-11 21:34 . 2008-03-11 21:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin 2008-03-11 13:13 . 2008-03-20 04:21 26,624 --a------ C:\WINDOWS\system32\drivers\Qux36.sys 2008-03-11 13:12 . 2008-03-11 14:47 225,297 --a------ C:\wcbcapm.MSNFix 2008-03-11 13:12 . 2008-03-11 14:47 225,297 --a------ C:\wcbcapm.exe 2008-03-10 21:33 . 2008-03-10 21:33 <REP> d-------- C:\Documents and Settings\Romain\Application Data\MSNInstaller 2008-03-10 21:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-10 21:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-10 21:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-09 23:18 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-09 23:03 . 2008-03-09 23:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-09 23:02 . 2008-03-11 00:36 <REP> d-------- C:\Program Files\Windows Live 2008-03-09 23:02 . 2008-03-20 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-09 22:59 . 2008-03-09 22:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-09 18:45 . 2008-03-09 19:38 183 --a------ C:\Unit‚ DirectCD (E).lnk 2008-03-09 02:27 . 2008-03-09 02:28 684 --a------ C:\WINDOWS\mozver.dat 2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata08.sqm 2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata07.sqm 2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt08.sqm 2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt07.sqm 2008-03-07 18:10 . 2008-03-17 02:02 <REP> d-------- C:\Documents and Settings\Romain\Application Data\LimeWire 2008-02-22 14:36 . 2008-02-22 14:36 268 --ah----- C:\sqmdata05.sqm 2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt06.sqm 2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt05.sqm 2008-02-22 14:36 . 2008-02-22 14:36 136 --ah----- C:\sqmdata06.sqm 2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 13:59 --------- d-----w C:\Program Files\Online_TV 2008-03-17 00:53 --------- d-----w C:\Program Files\eMule 2008-03-11 20:51 8,704 ----a-w C:\WINDOWS\shdocpl.dll 2008-03-11 20:51 24,576 ----a-w C:\WINDOWS\msapasrc.dll 2008-03-11 20:51 17,152 ----a-w C:\WINDOWS\ntnut.exe 2008-03-11 20:51 10,752 ----a-w C:\WINDOWS\msa64chk.dll 2008-03-10 20:27 --------- d-----w C:\Program Files\MSN Messenger 2008-03-09 01:40 --------- d-----w C:\Program Files\Java 2008-03-09 01:28 --------- d-----w C:\Program Files\DivX 2008-02-04 11:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-04 11:16 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FAST Defrag"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StandardInstall"="" [] "Flash Media"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoUserNameInStartMenu"= 1 (0x1) "NoInstrumentation"= 0 (0x0) "NoStartMenuPinnedList"= 0 (0x0) "ForceStartMenuLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32] WLCtrl32.dll 2008-03-21 20:00 11776 C:\WINDOWS\system32\WLCtrl32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced DHTML Enable] C:\WINDOWS\System32\eqdtrn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafeFree] C:\Program Files\ErrorSafe Free\uers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Firewall System] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Windows NT-Session Manager"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\@Last Software\\SketchUp 3.0\\SketchUp.exe"= "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"= "C:\\Program Files\\amsn\\bin\\wish.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "D:\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 Qux36;Qux36;C:\WINDOWS\system32\Drivers\Qux36.sys [2008-03-20 04:21] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-17 18:00] R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40] S0 Rvy36;Rvy36;C:\WINDOWS\system32\Drivers\Rvy36.sys [] S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys [] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [] S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00] S4 Windows NT-Session Manager;Windows NT-Session Manager;"C:\WINDOWS\smss.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a944007d-4dff-11da-92e2-000000000010}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-03-15 19:39:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-21 20:01:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\WLCtrl32.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Completion time: 2008-03-21 20:03:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-21 19:03:52 . 2008-03-12 07:28:06 --- E O F ---
×
×
  • Créer...