Aller au contenu

benschen

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Anglais, français, espagnol

benschen's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. benschen
    Bonjour, Je crois que c'est bon, merci beaucoup pour le nettoyage! D'après kasparky, les virus sont dans les dossiers de quarantaine. Voici le log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, April 21, 2008 1:42:19 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 21/04/2008 Kaspersky Anti-Virus database records: 718179 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ D:\ Scan Statistics: Total number of scanned objects: 154295 Number of viruses found: 8 Number of infected objects: 20 Number of suspicious objects: 0 Duration of the scan process: 02:08:27 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_5a8.dat Object is locked skipped C:\WINDOWS\TEMP\spnserv.dat Object is locked skipped C:\WINDOWS\TEMP\spserv.dat Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\RetroExp\operations_log.utx Object is locked skipped C:\Documents and Settings\All Users\Application Data\RetroExp\config10.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\user\Local Settings\Historique\History.IE5\MSHist012008042120080422\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Contacts\benoit.dael@aufildesmots.com\real\members.stg Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Contacts\benoit.dael@aufildesmots.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\RetroExpress.exe.ef08464a.ini.inuse Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF1D1.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF1DB.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_ccc.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF3C59.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF3D02.tmp Object is locked skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/Documents and Settings/user/Application Data/SpeedRunner/SpeedRunner.exe.vir Infected: Trojan-Downloader.Win32.Agent.ndt skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/Program Files/JavaCore/JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/Program Files/MBOLS~1/?xplorer.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/Program Files/Outerinfo/FF/components/FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/WINDOWS/b153.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/WINDOWS/b156.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.f skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/ayv.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip/DOCUME~1/user/Bureau/Upload_Me/QooBox.zip Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped C:\Documents and Settings\user\Bureau\Upload_Me.zip ZIP: infected - 8 skipped C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\index2.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\profile4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat8192.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\voicemail256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user16384.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\transfer1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\callmember256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\call256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat512.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\transfer512.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg2048.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\transfer256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg1024.dbb Object is locked skipped C:\Documents and Settings\user\ntuser.dat Object is locked skipped C:\Program Files\Twain.MSNFix\Twain.MSNFix Infected: Trojan-Downloader.Win32.Agent.nft skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\System Volume Information\_restore{62048A50-DDC3-4B21-ADA2-F4369DC14894}\RP1\change.log Object is locked skipped C:\QooBox.zip/QooBox/Quarantine/C/Documents and Settings/user/Application Data/SpeedRunner/SpeedRunner.exe.vir Infected: Trojan-Downloader.Win32.Agent.ndt skipped C:\QooBox.zip/QooBox/Quarantine/C/Program Files/JavaCore/JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped C:\QooBox.zip/QooBox/Quarantine/C/Program Files/MBOLS~1/?xplorer.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped C:\QooBox.zip/QooBox/Quarantine/C/Program Files/Outerinfo/FF/components/FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/b153.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/b156.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.f skipped C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/ayv.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped C:\QooBox.zip ZIP: infected - 7 skipped C:\Recycled\Dc1\MSNFix\sam. 19042008_ 7583189.zip/backup/Twain.exe Infected: Trojan-Downloader.Win32.Agent.nft skipped C:\Recycled\Dc1\MSNFix\sam. 19042008_ 7583189.zip ZIP: infected - 1 skipped D:\System Volume Information\_restore{62048A50-DDC3-4B21-ADA2-F4369DC14894}\RP1\change.log Object is locked skipped Scan process completed.
  2. benschen
    Bonjour, En fait, c'est ma grande qui m'a schinté l'analyse Voici le log msnfix: MSNFix 1.708 C:\Documents and Settings\user\Bureau\MSNFix\MSNFix Fix exécuté le dim. 20/04/2008 - 16:22:49,15 By user mode normal ************************ Recherche les fichiers présents ... C:\DOCUME~1\user\APPLIC~1\SpeedRunner\config.cfg ... C:\DOCUME~1\user\APPLIC~1\SpeedRunner\SRUninstall.exe ************************ Recherche les dossiers présents ... C:\DOCUME~1\user\APPLIC~1\SpeedRunner\ ... \TEMP\ ************************ Suppression des fichiers .. OK ... C:\DOCUME~1\user\APPLIC~1\SpeedRunner\config.cfg .. OK ... C:\DOCUME~1\user\APPLIC~1\SpeedRunner\SRUninstall.exe ************************ Suppression des dossiers /!\ ... C:\DOCUME~1\user\APPLIC~1\SpeedRunner\ /!\ ... \TEMP\ ************************ Nettoyage du registre Les fichiers encore présents seront supprimés au prochain redémarrage Aucun Fichier trouvé ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\QooBox.zip] 53A516FA09CF751D5B984B7755A76672 ==> SVP merci d'envoyer le fichier C:\DOCUME~1\user\Bureau\Upload_Me.zip sur http://upload.changelog.fr Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier dim. 20042008_16262857.zip ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- J'ai uploadé le dossier uploadme à l'adresse indiquée dans le log. Merci pour ton aide B
  3. benschen
  4. benschen
    Bonjour Thanos, Voici le log: ComboFix 08-04-16.5 - user 2008-04-19 8:59:00.4 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.649 [GMT 2:00] Endroit: C:\Documents and Settings\user\Mes documents\Mes téléchargements\antivirus\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Mes documents\Mes téléchargements\antivirus\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\user\Application Data\SpeedRunner\SpeedRunner.exe Z:\008 TRADUCTION 2008\ENLASO\04 2008\315 David Oberon 20411\input\game\dinerdash2.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . G:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))))))) . 2008-04-18 07:40 . 2008-04-18 07:40 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 07:40 . 2008-04-18 07:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-16 17:04 . 2008-04-16 17:05 <REP> d-------- C:\Program Files\Avira 2008-04-16 16:08 . 2008-04-16 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-16 15:30 . 2008-04-16 15:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2008-04-16 15:07 . 2006-08-01 18:16 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-04-16 15:07 . 2006-08-01 18:09 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-16 15:07 . 2006-08-01 17:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-04-16 15:07 . 2006-08-01 18:09 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-16 15:07 . 2006-08-01 18:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-04-16 15:07 . 2006-08-01 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-04-16 15:07 . 2008-04-16 15:07 <REP> d-------- C:\Documents and Settings\Administrateur 2008-04-16 14:49 . 2008-04-16 14:49 <REP> d-------- C:\Program Files\Trend Micro 2008-04-16 14:43 . 2008-04-16 14:43 <REP> d-------- C:\Program Files\CCleaner 2008-04-16 12:24 . 2008-04-16 12:24 <REP> d-------- C:\Documents and Settings\user\Application Data\SpeedRunner 2008-04-16 12:07 . 2008-04-16 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-16 12:05 . 2008-04-16 12:05 <REP> d-------- C:\Program Files\PlayFirst 2008-04-16 12:04 . 2008-04-16 12:04 <REP> d-------- C:\Program Files\Twain.MSNFix 2008-04-16 12:00 . 2008-04-16 12:00 <REP> d-------- C:\WINDOWS\Diner Dash 2 2008-04-16 11:50 . 2008-04-16 11:51 <REP> d-------- C:\Documents and Settings\user\Application Data\PlayFirst 2008-04-16 11:50 . 2008-04-16 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-14 13:59 . 2008-04-14 13:59 <REP> d-------- C:\080306_Letter-size_EN_source_to_AR 2008-04-14 07:44 . 2008-04-14 07:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-05 21:41 . 2008-04-05 21:41 <REP> d-------- C:\Documents and Settings\user\Application Data\RTPlayer 2008-04-05 21:22 . 2008-04-05 21:22 <REP> d-------- C:\Program Files\PixiePack Codec Pack 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Program Files\RapidSolution 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Documents and Settings\user\Application Data\Tunebite 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-04-05 21:20 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys 2008-04-05 07:51 . 2008-04-05 07:51 <REP> d-------- C:\Program Files\iPod 2008-03-29 00:46 . 2008-03-29 00:46 <REP> d-------- C:\Program Files\Safari 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 11:41 . 2008-03-28 11:41 <REP> d-------- C:\Program Files\TRADOS65 2008-03-27 10:47 . 2008-03-27 10:47 <REP> d-------- C:\Documents and Settings\user\Application Data\NwDocx 2008-03-23 21:24 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-23 21:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-23 21:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-23 21:24 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-18 23:23 1,512 ----a-w C:\WINDOWS\Fonts\UVBVO___.PFM 2008-09-18 23:23 1,509 ----a-w C:\WINDOWS\Fonts\UVBV____.PFM 2008-09-18 23:23 1,487 ----a-w C:\WINDOWS\Fonts\UVFVO___.PFM 2008-09-18 23:23 1,484 ----a-w C:\WINDOWS\Fonts\UVFV____.PFM 2008-09-18 23:23 1,426 ----a-w C:\WINDOWS\Fonts\UVV_____.PFM 2008-04-16 10:30 10 ----a-w C:\Program Files\.autoreg 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 01:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-11 12:34 --------- d-----w C:\Program Files\Idiom 2008-03-11 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Idiom Technologies, Inc 2008-03-11 12:33 --------- d-----w C:\Documents and Settings\user\Application Data\Idiom Technologies, Inc 2008-03-10 10:16 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-10 10:16 --------- d-----w C:\Program Files\Windows Live 2008-03-10 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-23 07:21 --------- d-----w C:\Program Files\iTunes 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 09:34 --------- d-----w C:\Documents and Settings\user\Application Data\Grisoft 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-17_13.29.46.45 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-17 11:24:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-19 07:02:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-19 05:48:20 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-19 05:49:38 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe + 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2008-04-19 07:02:18 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_528.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 15:40 20421672] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe"="C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe" [2008-02-01 17:54 22405760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 05:24 110592] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-06 19:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-06 19:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-06 19:40 118784] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 04:23 15961088 C:\WINDOWS\RTHDCPL.exe] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29 569413] "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 09:23 823296] "RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [2004-07-30 15:47 6946816] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-18 23:01 180269] "PDF Converter Registry Controller"="C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe" [2003-08-19 10:06 102400] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ] "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 08:33 45056] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Maxtor\\OneTouch\\Utils\\MaxUtilities.exe"= "C:\\Program Files\\LionLinguist\\LionLinguist.exe"= "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "D:\\ClickcatP2H\\Database\\Bin\\mysqld-nt.exe"= "C:\\Program Files\\CGS\\ORIS Certified Proof\\CertProof.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\WINDOWS\\EXPLORER.EXE"= "C:\\Program Files\\Alchemy Software\\Catalyst 7\\Alchemy.exe"= "C:\\Program Files\\Alchemy Software\\Catalyst 7\\lmgrd.exe"= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"= "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\MSOffice2003FR\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule-TCP "4672:UDP"= 4672:UDP:emule-UDP "21976:TCP"= 21976:TCP:BitComet 21976 TCP "21976:UDP"= 21976:UDP:BitComet 21976 UDP R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Projetex 2006 Server\Firebird Server\bin\fbguard.exe [2006-01-17 01:05] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Projetex 2006 Server\Firebird Server\bin\fbserver.exe [2006-01-17 01:05] S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{583cccf3-7ad6-11db-9b59-001302334f18}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-19 05:48:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 09:02:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BIN\BTWDINS.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTSMLBIZ\BINN\SQLSERVR.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\SAFENET SENTINEL\SENTINEL PROTECTION SERVER\WINNT\SPNSRVNT.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRAM FILES\MAXTOR\ONETOUCH\UTILS\ONETOUCH.EXE C:\PROGRAM FILES\DANTZ\RETROSPECT EXPRESS HD\RETROEXPRESS.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe C:\PROGRAM FILES\DANTZ\RETROSPECT EXPRESS HD\RETRORUN.EXE . ************************************************************************** . Temps d'accomplissement: 2008-04-19 9:08:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-19 07:08:30 ComboFix4.txt 2008-04-17 11:30:18 ComboFix3.txt 2008-04-18 01:21:32 ComboFix2.txt 2008-04-19 06:51:02 Pre-Run: 9,113,337,856 octets libres Post-Run: 9,099,608,064 octets libres . 2008-04-14 11:35:06 --- E O F --- Ca semble bon, non? Pour l'exe suspect, virustotal indique que le fichier a analyser est trop volumineux.
  5. benschen
    Bonsoir, j'ai suivi la pocédure et voici les rapports: ComboFix 08-04-16.5 - user 2008-04-18 3:12:10.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.572 [GMT 2:00] Endroit: C:\Documents and Settings\user\Mes documents\Mes téléchargements\antivirus\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Mes documents\Mes téléchargements\antivirus\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\user\Application Data\Microsoft\Windows\rayiou.exe C:\Documents and Settings\user\Application Data\Microsoft\Windows\yqgvty.exe C:\WINDOWS\geBrqnoP.dll C:\WINDOWS\mrofinu1381.exe C:\WINDOWS\system32\geBrqnoP.dll C:\WINDOWS\system32\opnnlMCT.dll C:\WINDOWS\system32\opnnlMCT.VIR C:\WINDOWS\Tasks\Norton Security Scan.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\user\Application Data\Microsoft\Windows\yqgvty.exe C:\Documents and Settings\user\Local Settings\Temporary Internet Files\bestwiner.stt C:\Program Files\Inet_Get_2 C:\Program Files\Norton Security Scan C:\Program Files\Norton Security Scan\ccL60U.dllw C:\Program Files\Norton Security Scan\ccScanw.dll C:\Program Files\Norton Security Scan\ccVrTrst.dll C:\Program Files\Norton Security Scan\dec_abi.dll C:\Program Files\Norton Security Scan\DefUtDCD.dll C:\Program Files\Norton Security Scan\ecmldr32.dll C:\Program Files\Norton Security Scan\help.htm C:\Program Files\Norton Security Scan\msl.dll C:\Program Files\Norton Security Scan\msvcp71.dll C:\Program Files\Norton Security Scan\msvcr71.dll C:\Program Files\Norton Security Scan\Nss.exe C:\Program Files\Norton Security Scan\NSS.exe.replace C:\Program Files\Norton Security Scan\patch25d.dll C:\Program Files\Norton Security Scan\SAUpdt.dll C:\Program Files\Norton Security Scan\ScanCore.dll C:\Program Files\Norton Security Scan\ScanRes.dll C:\Program Files\Norton Security Scan\SKURes.dll C:\WINDOWS\system32\opnnlMCT.VIR C:\WINDOWS\Tasks\Norton Security Scan.job G:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))))))) . 2008-04-16 17:04 . 2008-04-16 17:05 <REP> d-------- C:\Program Files\Avira 2008-04-16 16:08 . 2008-04-16 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-16 15:30 . 2008-04-16 15:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2008-04-16 15:07 . 2006-08-01 18:16 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-04-16 15:07 . 2006-08-01 18:09 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-16 15:07 . 2006-08-01 17:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-04-16 15:07 . 2006-08-01 18:09 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-16 15:07 . 2006-08-01 18:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-04-16 15:07 . 2006-08-01 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-04-16 15:07 . 2008-04-16 15:07 <REP> d-------- C:\Documents and Settings\Administrateur 2008-04-16 14:49 . 2008-04-16 14:49 <REP> d-------- C:\Program Files\Trend Micro 2008-04-16 14:43 . 2008-04-16 14:43 <REP> d-------- C:\Program Files\CCleaner 2008-04-16 12:24 . 2008-04-16 12:24 <REP> d-------- C:\Documents and Settings\user\Application Data\SpeedRunner 2008-04-16 12:07 . 2008-04-16 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-16 12:05 . 2008-04-16 12:05 <REP> d-------- C:\Program Files\PlayFirst 2008-04-16 12:04 . 2008-04-16 12:04 <REP> d-------- C:\Program Files\Twain 2008-04-16 12:00 . 2008-04-16 12:00 <REP> d-------- C:\WINDOWS\Diner Dash 2 2008-04-16 11:50 . 2008-04-16 11:51 <REP> d-------- C:\Documents and Settings\user\Application Data\PlayFirst 2008-04-16 11:50 . 2008-04-16 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-14 13:59 . 2008-04-14 13:59 <REP> d-------- C:\080306_Letter-size_EN_source_to_AR 2008-04-14 07:44 . 2008-04-14 07:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-05 21:41 . 2008-04-05 21:41 <REP> d-------- C:\Documents and Settings\user\Application Data\RTPlayer 2008-04-05 21:22 . 2008-04-05 21:22 <REP> d-------- C:\Program Files\PixiePack Codec Pack 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Program Files\RapidSolution 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Documents and Settings\user\Application Data\Tunebite 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-04-05 21:20 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys 2008-04-05 07:51 . 2008-04-05 07:51 <REP> d-------- C:\Program Files\iPod 2008-03-29 00:46 . 2008-03-29 00:46 <REP> d-------- C:\Program Files\Safari 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 11:41 . 2008-03-28 11:41 <REP> d-------- C:\Program Files\TRADOS65 2008-03-27 10:47 . 2008-03-27 10:47 <REP> d-------- C:\Documents and Settings\user\Application Data\NwDocx 2008-03-23 21:24 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-23 21:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-23 21:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-23 21:24 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-18 23:23 1,512 ----a-w C:\WINDOWS\Fonts\UVBVO___.PFM 2008-09-18 23:23 1,509 ----a-w C:\WINDOWS\Fonts\UVBV____.PFM 2008-09-18 23:23 1,487 ----a-w C:\WINDOWS\Fonts\UVFVO___.PFM 2008-09-18 23:23 1,484 ----a-w C:\WINDOWS\Fonts\UVFV____.PFM 2008-09-18 23:23 1,426 ----a-w C:\WINDOWS\Fonts\UVV_____.PFM 2008-04-16 10:30 10 ----a-w C:\Program Files\.autoreg 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 01:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-11 12:34 --------- d-----w C:\Program Files\Idiom 2008-03-11 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Idiom Technologies, Inc 2008-03-11 12:33 --------- d-----w C:\Documents and Settings\user\Application Data\Idiom Technologies, Inc 2008-03-10 10:16 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-10 10:16 --------- d-----w C:\Program Files\Windows Live 2008-03-10 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-23 07:21 --------- d-----w C:\Program Files\iTunes 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 09:34 --------- d-----w C:\Documents and Settings\user\Application Data\Grisoft 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-17_13.29.46.45 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-17 11:24:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 01:15:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2003-07-29 04:18:50 3,839 ----a-w C:\WINDOWS\system32\drivers\GETPADD.sys + 2008-04-18 01:15:22 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_50c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 15:40 20421672] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe"="C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe" [2008-02-01 17:54 22405760] "Twain"="C:\Program Files\Twain\Twain.exe" [2008-04-16 12:04 57344] "SpeedRunner"="C:\Documents and Settings\user\Application Data\SpeedRunner\SpeedRunner.exe" [2008-04-16 12:25 181248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 05:24 110592] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-06 19:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-06 19:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-06 19:40 118784] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 04:23 15961088 C:\WINDOWS\RTHDCPL.exe] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29 569413] "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 09:23 823296] "RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [2004-07-30 15:47 6946816] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-18 23:01 180269] "PDF Converter Registry Controller"="C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe" [2003-08-19 10:06 102400] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ] "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 08:33 45056] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Maxtor\\OneTouch\\Utils\\MaxUtilities.exe"= "C:\\Program Files\\LionLinguist\\LionLinguist.exe"= "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "D:\\ClickcatP2H\\Database\\Bin\\mysqld-nt.exe"= "C:\\Program Files\\CGS\\ORIS Certified Proof\\CertProof.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\WINDOWS\\EXPLORER.EXE"= "C:\\Program Files\\Alchemy Software\\Catalyst 7\\Alchemy.exe"= "C:\\Program Files\\Alchemy Software\\Catalyst 7\\lmgrd.exe"= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"= "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\MSOffice2003FR\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule-TCP "4672:UDP"= 4672:UDP:emule-UDP "21976:TCP"= 21976:TCP:BitComet 21976 TCP "21976:UDP"= 21976:UDP:BitComet 21976 UDP R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Projetex 2006 Server\Firebird Server\bin\fbguard.exe [2006-01-17 01:05] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Projetex 2006 Server\Firebird Server\bin\fbserver.exe [2006-01-17 01:05] S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{583cccf3-7ad6-11db-9b59-001302334f18}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-11 21:58:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 03:15:51 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BIN\BTWDINS.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTSMLBIZ\BINN\SQLSERVR.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\SAFENET SENTINEL\SENTINEL PROTECTION SERVER\WINNT\SPNSRVNT.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRAM FILES\MAXTOR\ONETOUCH\UTILS\ONETOUCH.EXE C:\PROGRAM FILES\DANTZ\RETROSPECT EXPRESS HD\RETROEXPRESS.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe C:\PROGRAM FILES\DANTZ\RETROSPECT EXPRESS HD\RETRORUN.EXE . ************************************************************************** . Temps d'accomplissement: 2008-04-18 3:21:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-18 01:21:20 ComboFix2.txt 2008-04-17 11:30:18 Pre-Run: 9,296,379,904 octets libres Post-Run: 9,379,184,640 octets libres . 2008-04-14 11:35:06 --- E O F --- Et aussi kasperski: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, April 18, 2008 9:02:21 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 18/04/2008 Kaspersky Anti-Virus database records: 713756 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Z:\ Scan Statistics: Total number of scanned objects: 213677 Number of viruses found: 9 Number of infected objects: 11 Number of suspicious objects: 0 Duration of the scan process: 05:11:22 Infected Object Name / Virus Name / Last Action C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped C:\QooBox\Quarantine\C\Program Files\MBOLS~1\еxplorer.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe.vir NSIS: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ayv.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_50c.dat Object is locked skipped C:\WINDOWS\TEMP\spserv.dat Object is locked skipped C:\WINDOWS\TEMP\spnserv.dat Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{91428CEB-8B98-4644-94CC-855324A6E4FF}.bin Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\RetroExp\operations_log.utx Object is locked skipped C:\Documents and Settings\All Users\Application Data\RetroExp\config10.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\user\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Historique\History.IE5\MSHist012008041820080419\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.Word\~WRS0007.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.Word\~WRF0097.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\Outlook31mai2006.pst Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\RetroExpress.exe.ef08464a.ini.inuse Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DFECEF.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF79C4.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DFFBEE.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF1C82.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF1C8B.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\Acr35D5.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DFE91C.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DFE925.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\~DF5523.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_9e8.dat Object is locked skipped C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Microsoft\Word\DÉMARRAGE\TRADOS7.dot Object is locked skipped C:\Documents and Settings\user\Application Data\Microsoft\Word\~WRL1601.tmp Object is locked skipped C:\Documents and Settings\user\Application Data\Microsoft\Word\~WRA0002.wbk Object is locked skipped C:\Documents and Settings\user\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped C:\Documents and Settings\user\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\index2.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\profile4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat8192.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg4096.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\voicemail256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\user16384.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\transfer1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\callmember256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\call256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chat512.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\transfer512.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg2048.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\transfer256.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\Skype\benschen\chatmsg1024.dbb Object is locked skipped C:\Documents and Settings\user\Application Data\SpeedRunner\SpeedRunner.exe Infected: Trojan-Downloader.Win32.Agent.ndt skipped C:\Documents and Settings\user\ntuser.dat Object is locked skipped C:\Program Files\Twain\Twain.exe Infected: Trojan-Downloader.Win32.Agent.nft skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\System Volume Information\_restore{62048A50-DDC3-4B21-ADA2-F4369DC14894}\RP2\change.log Object is locked skipped D:\System Volume Information\_restore{62048A50-DDC3-4B21-ADA2-F4369DC14894}\RP2\change.log Object is locked skipped Z:\008 TRADUCTION 2008\LUZ\04 2008\325 Benoit Label 7521SMI\tm\7521 SMI.mdf Object is locked skipped Z:\008 TRADUCTION 2008\LUZ\04 2008\325 Benoit Label 7521SMI\tm\7521 SMI.mtf Object is locked skipped Z:\008 TRADUCTION 2008\LUZ\04 2008\325 Benoit Label 7521SMI\tm\7521 SMI.mwf Object is locked skipped Z:\008 TRADUCTION 2008\LUZ\04 2008\325 Benoit Label 7521SMI\tm\7521 SMI.tmw Object is locked skipped Z:\008 TRADUCTION 2008\LUZ\04 2008\325 Benoit Label 7521SMI\tm\7521 SMI.iix Object is locked skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\313 Xavier Oberon 20341 Gogo gourmet\input\20341_to_TR&ED\Go-go-gourmet_texts.xls Object is locked skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\315 David Oberon 20411\input\game\dinerdash2.exe/wr-1-1381.exe Infected: Trojan-Downloader.Win32.Small.tnt skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\315 David Oberon 20411\input\game\dinerdash2.exe SetupFactory: infected - 1 skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\324 Adobe EUla\tm\adobe.mdf Object is locked skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\324 Adobe EUla\tm\adobe.mtf Object is locked skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\324 Adobe EUla\tm\adobe.mwf Object is locked skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\324 Adobe EUla\tm\adobe.tmw Object is locked skipped Z:\008 TRADUCTION 2008\ENLASO\04 2008\324 Adobe EUla\tm\adobe.iix Object is locked skipped Scan process completed. Encore une fois merci pour ton aide! Et aussi, j'ai viré AVG et conservé antivir comme tu me l'as suggéré, sauf qu'antivir version free n'analyse pas les fichiers sur le réseau, donc je me tape (m'enfin s'il est plus efficace je crois qu'il vaut mieux que je le garde).
  6. benschen
    Salut et merci bcp pour ton aide! Voici le log: ComboFix 08-04-16.5 - user 2008-04-17 13:18:38.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.433 [GMT 2:00] Endroit: C:\Documents and Settings\user\Mes documents\Mes téléchargements\antivirus\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\user\Application Data\WinTouch C:\Documents and Settings\user\Application Data\WinTouch\wintouch.cfg C:\Documents and Settings\user\Application Data\WinTouch\WTUninstaller.exe C:\Documents and Settings\user\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\user\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\user\Menu Démarrer\Programmes\Outerinfo C:\Documents and Settings\user\Menu Démarrer\Programmes\Outerinfo\Terms.lnk C:\Documents and Settings\user\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk C:\Documents and Settings\user\Mes documents\ASKS~1 C:\Documents and Settings\user\Mes documents\ASKS~1\?asks\ C:\Program Files\CPV C:\Program Files\CPV\CPV8.dll C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\JavaCore C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\JavaCore\UnInstall.exe C:\Program Files\mbols~1 C:\Program Files\mbols~1\?xplorer.exe C:\Program Files\nvcoi C:\Program Files\nvcoi\mst.stt C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Temporary C:\WINDOWS\b153.exe C:\WINDOWS\b156.exe C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\ayv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\TCMlnnpo.ini C:\WINDOWS\system32\TCMlnnpo.ini2 G:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))))))) . 2008-04-16 17:04 . 2008-04-16 17:05 <REP> d-------- C:\Program Files\Avira 2008-04-16 16:08 . 2008-04-16 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-16 15:30 . 2008-04-16 15:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2008-04-16 15:07 . 2006-08-01 18:16 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-04-16 15:07 . 2006-08-01 18:09 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-16 15:07 . 2006-08-01 17:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-04-16 15:07 . 2006-08-01 18:09 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-04-16 15:07 . 2006-08-01 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-16 15:07 . 2006-08-01 18:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-04-16 15:07 . 2006-08-01 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-04-16 15:07 . 2008-04-16 15:07 <REP> d-------- C:\Documents and Settings\Administrateur 2008-04-16 14:49 . 2008-04-16 14:49 <REP> d-------- C:\Program Files\Trend Micro 2008-04-16 14:43 . 2008-04-16 14:43 <REP> d-------- C:\Program Files\CCleaner 2008-04-16 12:29 . 2008-04-16 12:29 <REP> d-------- C:\Program Files\Inet_Get_2 2008-04-16 12:24 . 2008-04-16 12:24 <REP> d-------- C:\Documents and Settings\user\Application Data\SpeedRunner 2008-04-16 12:07 . 2008-04-16 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-16 12:06 . 2008-04-16 12:06 273,920 --a------ C:\WINDOWS\system32\opnnlMCT.VIR 2008-04-16 12:05 . 2008-04-16 12:05 <REP> d-------- C:\Program Files\PlayFirst 2008-04-16 12:04 . 2008-04-16 12:04 <REP> d-------- C:\Program Files\Twain 2008-04-16 12:00 . 2008-04-16 12:00 <REP> d-------- C:\WINDOWS\Diner Dash 2 2008-04-16 11:50 . 2008-04-16 11:51 <REP> d-------- C:\Documents and Settings\user\Application Data\PlayFirst 2008-04-16 11:50 . 2008-04-16 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-14 13:59 . 2008-04-14 13:59 <REP> d-------- C:\080306_Letter-size_EN_source_to_AR 2008-04-14 07:44 . 2008-04-14 07:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-05 21:41 . 2008-04-05 21:41 <REP> d-------- C:\Documents and Settings\user\Application Data\RTPlayer 2008-04-05 21:22 . 2008-04-05 21:22 <REP> d-------- C:\Program Files\PixiePack Codec Pack 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Program Files\RapidSolution 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Documents and Settings\user\Application Data\Tunebite 2008-04-05 21:20 . 2008-04-05 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-04-05 21:20 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys 2008-04-05 07:51 . 2008-04-05 07:51 <REP> d-------- C:\Program Files\iPod 2008-03-29 00:46 . 2008-03-29 00:46 <REP> d-------- C:\Program Files\Safari 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 11:41 . 2008-03-28 11:41 <REP> d-------- C:\Program Files\TRADOS65 2008-03-27 10:47 . 2008-03-27 10:47 <REP> d-------- C:\Documents and Settings\user\Application Data\NwDocx 2008-03-23 21:24 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-23 21:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-23 21:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-23 21:24 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-18 23:23 1,512 ----a-w C:\WINDOWS\Fonts\UVBVO___.PFM 2008-09-18 23:23 1,509 ----a-w C:\WINDOWS\Fonts\UVBV____.PFM 2008-09-18 23:23 1,487 ----a-w C:\WINDOWS\Fonts\UVFVO___.PFM 2008-09-18 23:23 1,484 ----a-w C:\WINDOWS\Fonts\UVFV____.PFM 2008-09-18 23:23 1,426 ----a-w C:\WINDOWS\Fonts\UVV_____.PFM 2008-04-16 10:30 10 ----a-w C:\Program Files\.autoreg 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 01:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-11 12:34 --------- d-----w C:\Program Files\Idiom 2008-03-11 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Idiom Technologies, Inc 2008-03-11 12:33 --------- d-----w C:\Documents and Settings\user\Application Data\Idiom Technologies, Inc 2008-03-10 10:16 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-10 10:16 --------- d-----w C:\Program Files\Windows Live 2008-03-10 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-23 07:21 --------- d-----w C:\Program Files\iTunes 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 09:34 --------- d-----w C:\Documents and Settings\user\Application Data\Grisoft 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF818AE7-4B1E-460C-9603-68C953CE3F32}] C:\WINDOWS\system32\opnnlMCT.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 15:40 20421672] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe"="C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe" [2008-02-01 17:54 22405760] "Twain"="C:\Program Files\Twain\Twain.exe" [2008-04-16 12:04 57344] "SpeedRunner"="C:\Documents and Settings\user\Application Data\SpeedRunner\SpeedRunner.exe" [2008-04-16 12:25 181248] "SfKg6wIP"="C:\Documents and Settings\user\Application Data\Microsoft\Windows\yqgvty.exe" [2008-04-16 12:25 35328] "Jixepk"="C:\Program Files\??mbols\?xplorer.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 05:24 110592] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-06 19:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-06 19:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-06 19:40 118784] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 04:23 15961088 C:\WINDOWS\RTHDCPL.exe] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29 569413] "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 09:23 823296] "RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [2004-07-30 15:47 6946816] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-18 23:01 180269] "PDF Converter Registry Controller"="C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe" [2003-08-19 10:06 102400] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ] "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 08:33 45056] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrqnoP] geBrqnoP.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Maxtor\\OneTouch\\Utils\\MaxUtilities.exe"= "C:\\Program Files\\LionLinguist\\LionLinguist.exe"= "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "D:\\ClickcatP2H\\Database\\Bin\\mysqld-nt.exe"= "C:\\Program Files\\CGS\\ORIS Certified Proof\\CertProof.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\WINDOWS\\EXPLORER.EXE"= "C:\\Program Files\\Alchemy Software\\Catalyst 7\\Alchemy.exe"= "C:\\Program Files\\Alchemy Software\\Catalyst 7\\lmgrd.exe"= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"= "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\MSOffice2003FR\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule-TCP "4672:UDP"= 4672:UDP:emule-UDP "21976:TCP"= 21976:TCP:BitComet 21976 TCP "21976:UDP"= 21976:UDP:BitComet 21976 UDP R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Projetex 2006 Server\Firebird Server\bin\fbguard.exe [2006-01-17 01:05] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Projetex 2006 Server\Firebird Server\bin\fbserver.exe [2006-01-17 01:05] S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{583cccf3-7ad6-11db-9b59-001302334f18}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-11 21:58:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-11 13:02:34 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 13:25:17 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BIN\BTWDINS.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTSMLBIZ\BINN\SQLSERVR.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\SAFENET SENTINEL\SENTINEL PROTECTION SERVER\WINNT\SPNSRVNT.EXE C:\PROGRAM FILES\MAXTOR\ONETOUCH\UTILS\ONETOUCH.EXE C:\PROGRAM FILES\DANTZ\RETROSPECT EXPRESS HD\RETROEXPRESS.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe C:\PROGRAM FILES\DANTZ\RETROSPECT EXPRESS HD\RETRORUN.EXE . ************************************************************************** . Temps d'accomplissement: 2008-04-17 13:30:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-17 11:30:10 Pre-Run: 3,926,753,280 octets libres Post-Run: 9,465,462,784 octets libres . 2008-04-14 11:35:06 --- E O F ---
  7. benschen
  8. benschen
    Bonjour, Mon PC est infecté. J'ai effectué une anaylse avec AVG en mode Sans échec après avoir désactivé la restauration et affiché les fichiers cachés. AVG a détecté et supprimé ceci: ,"","Trojan horse Generic4.PJR","C:\Program Files\7-Zip\7zCon.sfx","18/05/2007 08:56:16","7zCon.sfx","128.5 KB" ,"","Virus identified Obfustat.DEH","C:\Program Files\Filetopia3\Filetopia.exe","30/07/2007 00:10:21","Filetopia.exe","1.2 MB" ,"","Virus identified Obfustat.DEH","C:\System Volume Information\_restore{62048A50-DDC3-4B21-ADA2-F4369DC14894}\RP347\A0088917.exe","30/07/2007 23:41:49","A0088917.exe","1.2 MB" ,"","Trojan horse Generic10.FSU","C:\WINDOWS\System32\geBrqnoP.dll","16/04/2008 14:19:32","geBrqnoP.dll","39.5 KB" ,"","Trojan horse Downloader.Agent.ADSI","C:\Program Files\nvcoi\nvcoi.exe","16/04/2008 14:19:49","nvcoi.exe","56 KB" ,"","Trojan horse Generic9.AFNB","C:\Documents and Settings\USER\Application Data\WinTouch\WinTouch.exe","16/04/2008 14:20:01","WinTouch.exe","177.5 KB" ,"","Trojan horse Downloader.Agent.AAGC","C:\Documents and Settings\USER\Application Data\Microsoft\Windows\rayiou.exe","16/04/2008 14:20:17","rayiou.exe","35 KB" ,"","Trojan horse Downloader.Generic6.AEPH","C:\Documents and Settings\USER\Local Settings\Temp\!update.exe","16/04/2008 14:20:45","!update.exe","69 KB" ,"","Trojan horse Downloader.Generic6.AEPH","C:\Documents and Settings\USER\Local Settings\Temp\!update.exe","16/04/2008 14:26:50","!update.exe","69 KB" ,"","Trojan horse Downloader.Generic6.AEPH","C:\Documents and Settings\USER\Local Settings\Temp\!update.exe","16/04/2008 14:57:38","!update.exe","69 KB" ,"","Trojan horse Downloader.Generic6.AEPH","C:\Documents and Settings\USER\Local Settings\Temp\!update.exe","16/04/2008 15:56:15","!update.exe","69 KB" ,"","Trojan horse Generic10.KYE","C:\WINDOWS\b155.exe","16/04/2008 23:31:39","b155.exe","66.5 KB" ,"","Trojan horse Downloader.Generic6.ALUV","C:\WINDOWS\b152.exe","16/04/2008 23:31:39","b152.exe","103.5 KB" ,"","Trojan horse Downloader.Agent.ACRG","C:\WINDOWS\b157.exe","16/04/2008 23:31:39","b157.exe","45.5 KB" ,"","Trojan horse Generic10.KOE","C:\WINDOWS\b138.exe","16/04/2008 23:31:39","b138.exe","11 KB" ,"","Trojan horse Generic10.KYE","C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6RGRM7TJ\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip","16/04/2008 23:31:39","93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip","51.21 KB" ,"","Trojan horse Downloader.Generic6.ALUV","C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0M6FKR9E\a537119c47192bc08952189ae8782f08[1].zip","16/04/2008 23:31:39","a537119c47192bc08952189ae8782f08[1].zip","95.22 KB" ,"","Trojan horse Generic10.KOE","C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\89NJZ3SI\8154ff2675af1b6e0677560871425153[1].zip","16/04/2008 23:31:39","8154ff2675af1b6e0677560871425153[1].zip","4.82 KB" ,"","Trojan horse Downloader.Agent.ACRG","C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0ML2JKUE\b433b5a80d2cb00f8f1c54387f9aa332[1].zip","16/04/2008 23:31:39","b433b5a80d2cb00f8f1c54387f9aa332[1].zip","38.14 KB" ,"","Trojan horse Downloader.Generic6.AEPH","C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0ML2JKUE\!update-4495[1].0000","16/04/2008 23:31:40","!update-4495[1].0000","69 KB" ,"","Trojan horse Agent.JKR","C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DT76SYCV\f4d28682d186cc6beb75f106d133f489[1].zip","16/04/2008 23:31:40","f4d28682d186cc6beb75f106d133f489[1].zip","211.39 KB" ,"","Trojan horse Downloader.Purityscan.Z","C:\DOCUME~1\user\MESDOC~1\ASKS~1\notepad.exe","17/04/2008 02:42:02","notepad.exe","67 KB" ,"","Trojan horse Generic9.ARNQ","C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe","17/04/2008 02:42:02","Yazzle1560OinAdmin.exe","137.5 KB" ,"","Trojan horse Downloader.Generic6.ALSN","C:\Program Files\Temporary\InsiDERInst.exe","17/04/2008 02:42:02","InsiDERInst.exe","56 KB" J'ai lancé une analyse en mode normal avec HiJackThis qui donne ceci: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:12:44, on 17/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\Projetex 2006 Server\Firebird Server\bin\fbguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Projetex 2006 Server\Firebird Server\bin\fbserver.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Twain\Twain.exe C:\Program Files\JavaCore\JavaCore.exe C:\Documents and Settings\user\Application Data\SpeedRunner\SpeedRunner.exe C:\Documents and Settings\user\Application Data\Microsoft\Windows\yqgvty.exe C:\Program Files\??mbols\?xplorer.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 62.23.26.34 www.meetic.co.uk.preprod photos.meetic.fr.preprod static.meetic.com.preprod O1 - Hosts: 212.73.212.83 www.ulteem.co.uk.preprod static.ulteem.com.preprod photos.ulteem.com.preprod O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {BF818AE7-4B1E-460C-9603-68C953CE3F32} - C:\WINDOWS\system32\opnnlMCT.dll (file missing) O2 - BHO: (no name) - {CBFE6CFA-D337-85E2-1191-A18F037D2CC1} - C:\WINDOWS\system32\ayv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1381.exe 61A847B5BBF72813319339466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe] C:\Documents and Settings\user\Mes documents\Azureus Downloads\Tunebite CONVERTER Platinum.v5.0.335.30(NEW-with serial key)\Tunebite.Platinum.v5.0.335.30(NEW)\Tunebite.Platinum.v5.0.335.30(NEW)\tunebite.exe O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe O4 - HKCU\..\Run: [speedRunner] C:\Documents and Settings\user\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [sfKg6wIP] C:\Documents and Settings\user\Application Data\Microsoft\Windows\yqgvty.exe O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\user\Application Data\WinTouch\WinTouch.exe O4 - HKCU\..\Run: [sfKg6w] C:\Documents and Settings\user\Application Data\Microsoft\Windows\rayiou.exe O4 - HKCU\..\Run: [Jixepk] "C:\Program Files\??mbols\?xplorer.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://D:\Systran6\\GUIres.dll/lookup.js O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /300 O8 - Extra context menu item: Traduire (SYSTRAN) - res://D:\Systran6\\GUIres.dll/translate.js O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Day%20First%20Home/Images/stg_drm.ocx O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/26.30/uploader2.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://papa-benschen.spaces.live.com//Phot...ad/MsnPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://papa-benschen.spaces.live.com/Photo...ad/MsnPUpld.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Dream%20Day%20Wedding/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: geBrqnoP - geBrqnoP.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Projetex 2006 Server\Firebird Server\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Projetex 2006 Server\Firebird Server\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Assistant Retrospect (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- End of file - 15826 bytes C'est grave docteur? Que dois-je faire. Merci pour votre aide Ben
×
×
  • Créer...