janjac

oups, j'avais oublié le rapport pardon UsbFix.txt ############################## [ UsbFix V3.029 | Scan ] # User : JJ (Administrateurs) # DOUBLE_J # Update on 05/06/09 by Chiquitine29, C_XX & Chimay8 # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html # Start at: 02:48:45 | 2009-06-10 # AMD Athlon 64 X2 Dual Core Processor 4800+ # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 8.0.6001.18702 # Windows Firewall Status : Enabled # AV : AntiVirus Firewall 7.03 7.03 [ (!) Disabled | Updated ] # FW : AntiVirus Firewall 7.03[ Enabled ]7.03 # C:\ # Disque fixe local # 22.75 Go (7.74 Go free) [sYSTEM_JJ] # NTFS # D:\ # Disque fixe local # 16.04 Go (13.97 Go free) [EMULE_JJ] # NTFS # E:\ # Disque fixe local # 194.09 Go (96.99 Go free) [DATA_JJ] # NTFS # V:\ # Disque amovible # W:\ # Disque amovible # X:\ # Disque amovible # Y:\ # Disque amovible # Z:\ # Disque CD-ROM ############################## [ Processus actifs ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe D:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe D:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE D:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe D:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\AntivirusFirewall\Common\FCH32.EXE

Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2246 Windows 5.1.2600 Service Pack 3 2009-06-10 06:00:11 mbam-log-2009-06-10 (06-00-11).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 137545 Temps écoulé: 27 minute(s), 8 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\system volume information\_restore{9d2298a7-d4d7-41a8-a27f-95766d22b4df}\RP383\A0048114.dll (Rogue.Trace) -> Quarantined and deleted successfully.

info.txt logfile of random's system information tool 1.06 2009-06-08 18:01:32 ======Uninstall list====== -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"D:\Program Files\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} AntiVirus Firewall-->"D:\Program Files\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} DVD Decoder Pak for Windows XP-->MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635} eMule-->"E:\Program Files\eMule\Uninstall.exe" Gamesurround Muse Pocket-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{994FF32C-6CAD-467D-986B-A01D27BCE0AF}\Setup.exe" -l0x40c Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2-->"E:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PC Connectivity Solution-->MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D} VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" =====HijackThis Backups===== O2 - BHO: (no name) - {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - (no file) [2008-06-02] O2 - BHO: (no name) - {3BE16D5A-4CBF-4565-8F21-421075C7A74E} - (no file) [2008-06-02] O2 - BHO: (no name) - {F1AD130B-5CB5-4027-8906-0049FC658C90} - (no file) [2008-06-02] O2 - BHO: (no name) - {CB7712FA-FFB3-488C-A426-8626404401FE} - (no file) [2008-06-02] O2 - BHO: {09afeed3-2cdb-2209-1d74-40f88c7bb633} - {336bb7c8-8f04-47d1-9022-bdc23deefa90} - (no file) [2008-06-02] O2 - BHO: (no name) - {5530FEA0-7251-4BBC-A544-5803404B5E46} - (no file) [2008-06-02] O20 - Winlogon Notify: vtUklLBq - C:\WINDOWS\ [2008-06-02] O2 - BHO: (no name) - {18258533-bc60-4079-bf8b-4b31481545a5} - (no file) [2008-06-02] O2 - BHO: (no name) - {CA82732B-2A3F-4CE2-B81B-60CDB1D7C5CD} - (no file) [2008-06-02] O2 - BHO: (no name) - {A531A366-B0F5-44CB-B225-ECD82D1A52E7} - (no file) [2008-06-02] O2 - BHO: (no name) - {149EC686-B962-4115-B4AB-01410E621DE9} - (no file) [2008-06-02] O2 - BHO: (no name) - {C4738E5F-DA63-4D9A-A10B-F300EC417EAD} - (no file) [2008-06-02] O2 - BHO: (no name) - {A5C90641-D580-4312-A667-88D1AA691B30} - (no file) [2008-06-02] O2 - BHO: (no name) - {EA182CA7-F818-483F-A6F5-48E663C018A4} - (no file) [2008-06-02] O2 - BHO: (no name) - {AA8768EA-C63A-4BC1-9D07-855D3FFBEF75} - (no file) [2008-06-04] O2 - BHO: (no name) - {8DD8F86C-426D-4EEA-A8D3-70C97AF7434B} - (no file) [2008-06-04] O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file) [2008-06-04] O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [2008-06-04] O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-06-04] O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab [2008-06-04] O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file) [2008-06-04] O16 - DPF: CabBuilder - [2008-06-19] O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - [2008-06-20] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AntiVirus Firewall 7.03 FW: AntiVirus Firewall 7.03 ======System event log====== Computer Name: DOUBLE_J Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications. Record Number: 10476 Source Name: Service Control Manager Time Written: 20090224010815.000000+060 Event Type: Informations User: DOUBLE_J\JJ Computer Name: DOUBLE_J Event Code: 7036 Message: Le service Windows Installer est entré dans l'état : en cours d'exécution. Record Number: 10475 Source Name: Service Control Manager Time Written: 20090224010738.000000+060 Event Type: Informations User: Computer Name: DOUBLE_J Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Windows Installer. Record Number: 10474 Source Name: Service Control Manager Time Written: 20090224010738.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: DOUBLE_J Event Code: 20 Message: Échec de l'installation : l'installation de la mise à jour suivante a échoué avec l'erreur 0x8007f0f1 : Mise à jour de sécurité pour Internet Explorer 7 pour Windows XP (KB938127). Record Number: 10473 Source Name: Windows Update Agent Time Written: 20090224005155.000000+060 Event Type: erreur User: Computer Name: DOUBLE_J Event Code: 107 Message: Le service Restauration du système a été interrompu en raison d'un manque de place sur le lecteur \\?\Volume{cef17dac-4957-11dc-9541-806d6172696f}\. La restauration du système reprendra automatiquement dès que 200 Mo (ou plus) seront disponibles sur le lecteur système. Record Number: 10472 Source Name: SRService Time Written: 20090224005128.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: DOUBLE_J Event Code: 0 Message: Record Number: 13720 Source Name: MSCamSvc Time Written: 20090302193912.000000+060 Event Type: Informations User: Computer Name: DOUBLE_J Event Code: 0 Message: Record Number: 13719 Source Name: gusvc Time Written: 20090302193912.000000+060 Event Type: Informations User: Computer Name: DOUBLE_J Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 13718 Source Name: SecurityCenter Time Written: 20090302190826.000000+060 Event Type: Informations User: Computer Name: DOUBLE_J Event Code: 0 Message: Record Number: 13717 Source Name: MSCamSvc Time Written: 20090302190822.000000+060 Event Type: Informations User: Computer Name: DOUBLE_J Event Code: 0 Message: Record Number: 13716 Source Name: MSCamSvc Time Written: 20090302190822.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by JJ at 2009-06-08 22:55:15 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 8 GB (34%) free of 23 GB Total RAM: 2046 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:55, on 2009-06-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe D:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE D:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe D:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\WINDOWS\vVX3000.exe D:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE D:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe D:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe D:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe D:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe D:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe D:\Program Files\AntivirusFirewall\FSAUA\program\fsus.exe D:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe E:\Program Files\eMule\emule.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\QSKC0YXU\RSIT[2].exe E:\Program Files\Trend Micro\HijackThis\JJ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Translate with &Babylon - res://E:\Babylon\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7956 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\GlaryOneClickOptimizer.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1637723038-725345543-1003.job C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job C:\WINDOWS\tasks\User_Feed_Synchronization-{BCB17805-FA28-416D-9B9E-47EB5B1CF003}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776] "VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-06 707360] "F-Secure TNB"=D:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe [2008-04-23 744032] "F-Secure Manager"=D:\Program Files\AntivirusFirewall\Common\FSM32.EXE [2008-04-23 182936] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Google Update"=C:\Documents and Settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] C:\WINDOWS\vVX3000.exe [2006-12-06 707360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin200.exe.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JJ^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "sdCoreService"=3 "sdAuxService"=3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "E:\Program Files\eMule\emule.exe"="E:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ac3803f-3d42-11de-9581-001731f47dd8}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a33bd932-0ef0-11dd-9611-001731f47dd8}] shell\AutoRun\command - F:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-06-08 18:01:17 ----DC---- C:\rsit 2009-06-08 09:02:57 ----DC---- C:\Documents and Settings\JJ\Application Data\Malwarebytes 2009-06-08 09:02:51 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-06-08 09:02:50 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware 2009-06-07 22:22:06 ----DC---- C:\Program Files\Guitar Pro 5 2009-06-06 19:36:07 ----DC---- C:\Documents and Settings\JJ\Application Data\U3 2009-05-27 14:59:06 ----DC---- C:\Documents and Settings\JJ\Application Data\WinRAR ======List of files/folders modified in the last 1 months====== 2009-06-08 22:55:21 ----DC---- C:\WINDOWS\TEMP 2009-06-08 22:54:01 ----DC---- C:\WINDOWS\Prefetch 2009-06-08 16:22:35 ----SHDC---- C:\WINDOWS\Installer 2009-06-08 09:49:24 ----DC---- C:\WINDOWS\system32\CatRoot2 2009-06-08 09:49:16 ----DC---- C:\WINDOWS 2009-06-08 09:48:40 ----DC---- C:\WINDOWS\system32\drivers 2009-06-08 09:47:06 ----SDC---- C:\WINDOWS\Tasks 2009-06-08 09:47:06 ----DC---- C:\WINDOWS\system32 2009-06-08 09:02:50 ----DC---- C:\Program Files 2009-06-08 08:58:55 ----DC---- C:\Documents and Settings\JJ\Application Data\F-Secure 2009-06-07 22:22:10 ----RSDC---- C:\WINDOWS\Fonts 2009-05-31 22:40:29 ----DC---- C:\WINDOWS\Debug 2009-05-30 21:21:14 ----DC---- C:\Documents and Settings\JJ\Application Data\dvdcss 2009-05-24 03:03:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-14 05:03:17 ----DC---- C:\Config.Msi 2009-05-14 05:03:16 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-05-14 05:02:26 ----RSDC---- C:\WINDOWS\assembly 2009-05-10 16:35:57 ----HDC---- C:\WINDOWS\inf ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968] R1 F-Secure HIPS;F-Secure HIPS; \??\D:\Program Files\AntivirusFirewall\HIPS\fshs.sys [] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-08-30 165376] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-08-30 18048] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\D:\Program Files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-16 4156416] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-09-12 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-06 1964064] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744] S3 MPUSens;MPUSens; C:\WINDOWS\system32\drivers\MPUSens.sys [2004-04-26 381056] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\PCAMPR5.sys [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2005-09-12 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\WINDOWS\system32\drivers\ZSMC301b.sys [] S4 F-Secure Filter;F-Secure File System Filter; \??\D:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\D:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 F-Secure Gatekeeper Handler Starter;FSGKHS; D:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe [2008-04-23 47800] R2 FSMA;F-Secure Management Agent; D:\Program Files\AntivirusFirewall\Common\FSMA32.EXE [2008-04-23 113304] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-25 138680] R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 240408] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 FSAUA;F-Secure Automatic Update Agent; D:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe [2008-04-23 461408] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; D:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe [2008-04-23 453216] R3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-30 355584] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Bonjour, je me permets de vous contacter car mon ordi est infecté par des trojans...je vous joins le rapport hjt... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:01, on 2009-06-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe D:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE D:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe D:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\WINDOWS\vVX3000.exe D:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE D:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe D:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe D:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe D:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe D:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe D:\Program Files\AntivirusFirewall\FSAUA\program\fsus.exe D:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Translate with &Babylon - res://E:\Babylon\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7803 bytes Je vous remercie de l'intérêt que vous porterez à mon soucis, cordialement janjac

Bonjour, une personne que je ne vois plus m'avait mis une partition magique 3 en un, avec 7,50 gigas sur le disque c, uniquement pour windows...hors celui ci se satture constament...je voudrai, soit, desinstaller la partition magique, soit, grandir au moins le disque c...pouvez-vous m'aider ?cordialement janjac

ok, merci pour tes conseils...Bonne continuation desch...

voilà, tout est fait, merci beaucoup, desch...

introuvable, je ne sais pas où il est.. c'est vraiment grave?

je n'arrive pas à retrouver les traces restantes de java 6.05....je pensais l'avoir bien nettoyé...où puis-je les trouver s'il te plait?.. D'avance merci, janjac..

Bonjour desch, oui effectivement, quand j'ai fait un scan avec malewarebytes, il est de nouveau apparu vundo...j'ai mis navilog au cas où tu me le demandes...j'ai fait la suppression des fichiers...merci desch

et voilà le rapport navilog...windows voulait le fermer pendant l'éxécution... Search Navipromo version 3.5.8 commencé le 2008-06-19 à 1:15:51.35 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "JJ" Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\JJ\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\JJ\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\JJ\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\JJ\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\JJ\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 2008-06-19 à 1:17:37.01 ***

antivir n'arrête pas de rejeter DR/Tool.Reboot.F.99

boonsoir, avec l'aide de desch et du service de sécurité, on avait tout nettoyé, mais malheureusement, les trojans sont toujours là....Si vous voulez bien m'aider de nouveau, je vous joins le rapport male warebytes et htj, d'avance merci, janjac Malwarebytes' Anti-Malware 1.17 Version de la base de données: 863 00:22:25 2008-06-19 mbam-log-6-19-2008 (00-22-25).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 53408 Temps écoulé: 10 minute(s), 43 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\QooBox\Quarantine\C\WINDOWS\system32\apwxcvna.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\cashjpvp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\dhxlpuft.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\hffednio.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\wdhnjtbo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:28, on 2008-06-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\eMule\emule.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450d-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: CabBuilder - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - (no file) -- End of file - 8992 bytes

Bonjour desch, en fait, quand je vais sur un site qui nécessite l'utilisation de java, on me dit de le charger...j'ai essayé de le supprimer en passant par regedit/executer/software...suppression de fichiers ou rechercher dans les fichiers...rien n'y fait...il ne disparait pas complètement, afin de pouvoir le recharger à nouveau...je n'ai pas trouvé dans options internet.... "Restaurer les paramètres par défaut". Merci pour ton aide, janjac

en fait, j'ai trouvé... 1°)aller dans le panneau de configuration 2°)clic sur connexion reseau 3°)clic droit sur une connection (ex:internet ADSL) 4°)propriétés 5°)sous longlet"gestion reseau" decocher le "service client pour netware"puis clic sur desinstaler 6°)faire un redemarage de la becane Et le tour est joué... bonne continuation à tous janjac

suite à des virus, que j'ai pu éliminer grâce à desch et au service de sécurité...je pense que java a du souffrir...j'ai beau l'éliminer et le charger à nouveau...rien n'y fait...il ne fonctionne plus..y aurait-il quelqu'un pour me doner un petit coup de main, d'avance merci...janjac

Bonjour, après le démarrage, j'ai automatiquement ce message qui s'inscrit...selection d'une ouverture de netware, avec : serveur par défaut, arborescence par défaut et éxecuter le sript de connection....Comment faire pour que ce message disparaisse? D'autre part, j'aimerai savoir tous les programmes que je peux enlever au démarrage...et ceux qu'il faut absoluement laisser...D'avance merci janjac

A priori, il fonctionne beaucoup mieux...merci beaucoup à vous tous...comme je le disais plus haut, je suis totallement entrain de revoir ma façon d'approcher le net, et ce que tu viens de dire ne fait que confirmer ce que je pense...encore mille mercis, à bientôt cordialement janjac

Voilà la suite... j'ai été obligé de remettre une souris, la mienne ne fonctionne plus....depuis le passage sur combofix... merci encore pour ta patience... DiagHelp version v1.4 - http://www.malekal.com excute le 2008-06-04 à 18:00:37.40 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-06-04 18:00:29 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-06-04 18:00:26 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2008-06-04 17:59:28 C:\WINDOWS\prefetch\AVNOTIFY.EXE-32FAE179.pf -->2008-06-04 17:57:39 C:\WINDOWS\prefetch\UPDATE.EXE-264167D5.pf -->2008-06-04 17:57:00 C:\WINDOWS\prefetch\PREUPD.EXE-0C5BC219.pf -->2008-06-04 17:56:54 C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->2008-06-04 17:56:54 C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->2008-06-04 17:56:54 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-06-04 14:12:57 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->2008-06-04 14:11:11 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->2008-05-30 01:06:40 C:\WINDOWS\System32\drivers\mbam.sys -->2008-05-30 01:06:36 C:\WINDOWS\System32\drivers\avipbb.sys -->2008-03-04 13:28:53 C:\WINDOWS\System32\drivers\avgntdd.sys -->2008-01-21 18:12:56 C:\WINDOWS\System32\drivers\avgntmgr.sys -->2008-01-21 18:11:28 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 11:51:35 C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-12-04 19:41:00 C:\WINDOWS\System32\wpa.dbl -->2008-06-04 17:55:41 C:\WINDOWS\System32\settings.aaw -->2008-06-04 14:13:50 C:\WINDOWS\System32\history.aaw -->2008-06-04 14:13:50 C:\WINDOWS\System32\clkcnt.txt -->2008-06-01 01:05:30 C:\WINDOWS\System32\PerfStringBackup.INI -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfh00C.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfh009.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfc00C.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfc009.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\CONFIG.NT -->2008-05-28 18:54:27 C:\WINDOWS\System32\nscompat.tlb -->2008-05-18 22:20:42 C:\WINDOWS\System32\amcompat.tlb -->2008-05-18 22:20:42 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->2008-05-13 19:57:13 C:\WINDOWS\System32\FNTCACHE.DAT -->2008-05-13 19:31:12 C:\WINDOWS\System32\nvapps.xml -->2008-05-13 00:26:07 C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log -->2008-05-11 14:40:24 C:\WINDOWS\System32\MRT.exe -->2008-05-09 23:35:04 C:\WINDOWS\System32\regsvr32.exe.log -->2008-05-02 20:06:11 C:\WINDOWS\System32\TuneUpDefragService.exe -->2008-04-30 06:37:37 C:\WINDOWS\System32\msxml3a.dll -->2008-04-05 21:01:08 C:\WINDOWS\System32\uxtuneup.dll -->2008-04-04 14:51:32 C:\WINDOWS\System32\divx.dll -->2008-03-31 23:25:46 C:\WINDOWS\System32\ff_vfw.dll -->2008-03-28 19:41:32 C:\WINDOWS\System32\mswstr10.dll -->2008-03-25 06:51:09 C:\WINDOWS\System32\msjint40.dll -->2008-03-25 06:51:08 C:\WINDOWS\WindowsUpdate.log -->2008-06-04 17:57:31 C:\WINDOWS\0.log -->2008-06-04 17:55:39 C:\WINDOWS\wiadebug.log -->2008-06-04 17:55:03 C:\WINDOWS\wiaservc.log -->2008-06-04 17:55:02 C:\WINDOWS\bootstat.dat -->2008-06-04 17:54:43 C:\WINDOWS\setupapi.log -->2008-06-04 12:24:51 C:\WINDOWS\setupact.log -->2008-06-04 12:24:51 C:\WINDOWS\setuperr.log -->2008-06-04 12:24:50 C:\WINDOWS\system.ini -->2008-06-04 12:08:34 C:\WINDOWS\PSEXESVC.EXE -->2008-06-04 12:06:09 C:\WINDOWS\Sti_Trace.log -->2008-06-04 00:29:54 C:\WINDOWS\BMc31c83fb.txt -->2008-06-01 01:06:49 C:\WINDOWS\wininit.ini -->2008-05-31 20:55:42 C:\WINDOWS\win.ini -->2008-05-04 12:24:54 C:\WINDOWS\KOF_WARS.GIF -->2008-04-29 06:14:30 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 860 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 0x68ef0000 0xf1000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x68ff0000 0x7000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x65e30000 0x37000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll 0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02560000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x66b40000 0x17f000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveMisc.dll 0x027f0000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS\system32\jsproxy.dll 0x6bd10000 0x10000 12.00.4518.1014 D:\Program Files\Microsoft Office\Office12\msohevi.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 668 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01210000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\WINDOWS\system32 2004-08-04 06:54 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 2,040,004,608 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\WINDOWS\Downloaded Program Files 2008-06-04 07:17 <REP> . 2008-06-04 07:17 <REP> .. 2007-08-12 02:27 65 desktop.ini 2008-03-24 19:33 1,527,056 FP_AX_CAB_INSTALLER.exe 2007-12-19 12:35 331,264 GoogleGadgetPluginIEWin.dll 2007-05-16 08:22 399 gp.inf 2008-05-23 18:23 1,570 hardwaredetection.inf 2007-12-19 12:02 360 install.inf 2008-01-18 12:17 204,800 InstallerControl.dll 2007-07-12 04:22 1,055 jinstall-6u2.inf 2008-04-02 15:18 1,060 jinstall-6u5.inf 2006-08-08 11:45 576 kavwebscan.inf 2007-02-23 00:41 304,544 MessengerStatsPAClient.dll 2007-02-28 15:21 131,472 msgrchkr.dll 2006-06-20 15:44 379,704 MsnPUpld.dll 2006-06-19 14:40 393 MsnPUpld.inf 2008-02-04 17:53 361 OGAControl.inf 2006-06-20 15:44 117,560 PURen-us.dll 2007-01-09 08:30 110,592 PURfr-fr.dll 2004-10-15 07:59 110,592 PURfr-xx.dll 2008-03-24 19:18 247 swflash.inf 19 fichier(s) 3,223,670 octets Total des fichiers listés : 19 fichier(s) 3,223,670 octets 2 Rép(s) 2,040,004,608 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 18:00:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 428 - avgnt.exe 452 - ctfmon.exe 644 - csrss.exe 668 - winlogon.exe 712 - services.exe 724 - lsass.exe 860 - explorer.exe 892 - svchost.exe 940 - svchost.exe 1036 - svchost.exe 1088 - alg.exe 1232 - svchost.exe 1436 - aawservice.exe 1800 - avguard.exe 1836 - GoogleUpdaterSe 1876 - MSCamS32.exe 1904 - nvsvc32.exe 2028 - svchost.exe 2208 - wuauclt.exe 2468 - cmd.exe 2580 - iexplore.exe 2632 - eBayTBDaemon.ex Total number of processes = 23 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7B10000 - \WINDOWS\system32\KDCOM.DLL F7A20000 - \WINDOWS\system32\BOOTVID.dll F74E0000 - ACPI.sys F7B12000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F74CF000 - pci.sys F7610000 - isapnp.sys F7BD8000 - pciide.sys F7890000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7620000 - MountMgr.sys F74B0000 - ftdisk.sys F7B14000 - dmload.sys F748A000 - dmio.sys F7898000 - PartMgr.sys F7630000 - VolSnap.sys F7472000 - atapi.sys F7640000 - disk.sys F7650000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7660000 - avgntmgr.sys F745B000 - KSecDD.sys F73CE000 - Ntfs.sys F73A1000 - NDIS.sys F738F000 - sr.sys F7374000 - Mup.sys F77C0000 - \SystemRoot\system32\DRIVERS\processr.sys F5CEA000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F5CD6000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F79E0000 - \SystemRoot\system32\DRIVERS\usbohci.sys F5CB3000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F79E8000 - \SystemRoot\system32\DRIVERS\usbehci.sys F77D0000 - \SystemRoot\system32\DRIVERS\imapi.sys F77E0000 - \SystemRoot\system32\DRIVERS\cdrom.sys F77F0000 - \SystemRoot\system32\DRIVERS\redbook.sys F5C90000 - \SystemRoot\system32\DRIVERS\ks.sys F5C6B000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7AF0000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys F5C21000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS F5BEA000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS F79F0000 - \SystemRoot\system32\DRIVERS\fdc.sys F79F8000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7D16000 - \SystemRoot\system32\DRIVERS\audstub.sys F7810000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7AF4000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F5BD3000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7820000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7830000 - \SystemRoot\system32\DRIVERS\raspptp.sys F7A00000 - \SystemRoot\system32\DRIVERS\TDI.SYS F5BC2000 - \SystemRoot\system32\DRIVERS\psched.sys F7840000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7A08000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7A10000 - \SystemRoot\system32\DRIVERS\raspti.sys F5B91000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F7850000 - \SystemRoot\system32\DRIVERS\termdd.sys F7A18000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7B34000 - \SystemRoot\system32\DRIVERS\swenum.sys F5B5D000 - \SystemRoot\system32\DRIVERS\update.sys F734C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F69EA000 - \SystemRoot\System32\Drivers\NDProxy.SYS F7720000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7B56000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7760000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys F26E1000 - \SystemRoot\system32\drivers\RtkHDAud.sys F26BD000 - \SystemRoot\system32\drivers\portcls.sys F7780000 - \SystemRoot\system32\drivers\drmk.sys F21AB000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys F7B5A000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C25000 - \SystemRoot\System32\Drivers\Null.SYS F7B5C000 - \SystemRoot\System32\Drivers\Beep.SYS F7C26000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7970000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7978000 - \SystemRoot\System32\drivers\vga.sys F7B5E000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B60000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7980000 - \SystemRoot\System32\Drivers\Msfs.SYS F7988000 - \SystemRoot\System32\Drivers\Npfs.SYS F6406000 - \SystemRoot\system32\DRIVERS\rasacd.sys F213E000 - \SystemRoot\system32\DRIVERS\ipsec.sys F20C3000 - \SystemRoot\system32\DRIVERS\tcpip.sys F209B000 - \SystemRoot\system32\DRIVERS\netbt.sys F207A000 - \SystemRoot\system32\DRIVERS\ipnat.sys F77B0000 - \SystemRoot\system32\DRIVERS\wanarp.sys F2058000 - \SystemRoot\System32\drivers\afd.sys F6A4A000 - \SystemRoot\system32\DRIVERS\netbios.sys F7990000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F202D000 - \SystemRoot\system32\DRIVERS\rdbss.sys F7C31000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS F1FBE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F6A3A000 - \SystemRoot\System32\Drivers\Fips.SYS F1F88000 - \SystemRoot\system32\DRIVERS\avipbb.sys F2267000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F7AE0000 - \SystemRoot\system32\DRIVERS\hidusb.sys F2D5B000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F225F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7AE4000 - \SystemRoot\system32\DRIVERS\usbscan.sys F2247000 - \SystemRoot\system32\DRIVERS\usbprint.sys F223F000 - \SystemRoot\system32\DRIVERS\HPZius12.sys EF655000 - \SystemRoot\system32\DRIVERS\VX3000.sys F2B46000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F2B26000 - \SystemRoot\system32\drivers\usbaudio.sys F7AE8000 - \SystemRoot\system32\DRIVERS\mouhid.sys F2B16000 - \SystemRoot\system32\DRIVERS\HPZid412.sys F4FFA000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F4FE2000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys F7730000 - \SystemRoot\System32\Drivers\Cdfs.SYS EB4E8000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B54000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys EB508000 - \SystemRoot\System32\drivers\Dxapi.sys F2277000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7CF1000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BAD9A000 - \SystemRoot\system32\DRIVERS\nwlnkipx.sys EF8EB000 - \SystemRoot\system32\DRIVERS\nwlnknb.sys EB51C000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BACD2000 - \SystemRoot\system32\DRIVERS\nwrdr.sys BAC7E000 - \SystemRoot\system32\DRIVERS\mrxdav.sys ED87A000 - \SystemRoot\system32\DRIVERS\nwlnkspx.sys BAC2D000 - \SystemRoot\system32\DRIVERS\atksgt.sys EF96B000 - \SystemRoot\system32\DRIVERS\lirsgt.sys BAB8B000 - \SystemRoot\system32\DRIVERS\srv.sys BAA5E000 - \SystemRoot\system32\drivers\wdmaud.sys F6A6A000 - \SystemRoot\system32\drivers\sysaudio.sys F2257000 - \SystemRoot\System32\Drivers\TDTCP.SYS BA76D000 - \SystemRoot\System32\Drivers\RDPWD.SYS F7C2F000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 127 Liste des programmes installes Avira AntiVir Personal – Free Antivirus CCleaner (remove only) Foxit Reader Galerie de photos Windows Live HijackThis 2.0.2 Kaspersky On-line Scanner Kaspersky Online Scanner Malwarebytes' Anti-Malware Windows Live installer Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\Program Files 2008-06-01 16:55 <REP> . 2008-06-01 16:55 <REP> .. 2008-04-23 01:14 <REP> Adobe 2008-05-29 23:27 <REP> Alwil Software 2008-05-29 16:25 <REP> Avira 2008-04-23 01:05 <REP> eBay 2008-05-31 20:29 <REP> Fichiers communs 2008-06-01 16:55 <REP> Foxit Software 2008-03-28 22:49 <REP> Google 2007-08-19 23:04 <REP> HP 2008-04-09 12:01 <REP> Internet Explorer 2008-05-18 22:28 <REP> Java 2008-05-04 11:51 <REP> K-Lite Codec Pack 2007-08-12 02:29 <REP> microsoft frontpage 2008-05-02 20:02 <REP> Microsoft LifeCam 2007-11-16 13:57 <REP> Microsoft SQL Server Compact Edition 2008-04-23 06:58 <REP> Microsoft Visual Studio 2008-05-22 21:16 <REP> Microsoft Visual Studio 8 2008-04-23 06:59 <REP> Microsoft Works 2008-04-23 06:57 <REP> Microsoft.NET 2007-08-12 02:29 <REP> movie maker 2008-05-29 14:40 <REP> Mozilla Firefox 2008-04-23 06:58 <REP> MSBuild 2007-08-12 02:29 <REP> msn gaming zone 2008-01-30 09:42 <REP> Navilog1 2007-08-12 02:26 <REP> NetMeeting 2007-08-13 23:01 <REP> Outlook Express 2008-04-27 09:57 <REP> Paint.NET 2007-08-13 06:41 <REP> PowerQuest 2008-05-22 21:16 <REP> PROMT5 2008-02-18 07:43 <REP> QuickTime 2008-02-18 22:20 <REP> Spybot - Search & Destroy 2007-12-12 00:00 <REP> Trend Micro 2008-05-30 00:35 <REP> TuneUp Utilities 2008 2008-06-02 23:40 <REP> Windows Live 2008-05-29 23:27 <REP> Windows Live Favorites 2008-05-02 20:02 <REP> Windows Live Toolbar 2008-05-02 20:02 <REP> Windows Media Connect 2 2008-05-22 21:16 <REP> Windows Media Player 2007-08-12 02:29 <REP> Windows NT 2007-12-31 07:58 <REP> WinRAR 2007-08-12 02:29 <REP> xerox 2008-05-17 09:19 <REP> Yahoo! 0 fichier(s) 0 octets 43 Rép(s) 2,010,222,592 octets libres Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\Program Files\fichiers communs 2008-05-31 20:29 <REP> . 2008-05-31 20:29 <REP> .. 2008-04-18 23:23 <REP> Adobe 2008-04-23 07:11 <REP> DESIGNER 2007-08-19 23:05 <REP> Hewlett-Packard 2008-02-18 00:40 <REP> InstallShield 2008-05-02 20:18 <REP> Java 2008-05-04 12:22 <REP> Microsoft Shared 2007-08-12 02:25 <REP> MSSoap 2007-08-12 02:26 <REP> Services 2007-08-12 02:29 <REP> speechengines 2008-04-23 07:06 <REP> System 2008-05-13 22:55 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 13 Rép(s) 2,010,222,592 octets libres Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-05-04 12:25 <REP> . 2008-05-04 12:25 <REP> .. 2007-08-12 04:09 <REP> 1033 2008-04-23 07:06 <REP> 1036 2007-08-28 23:55 973,168 MSONSEXT.DLL 2006-10-26 20:12 40,256 MSOSV.DLL 1999-06-03 12:09 122,937 MSOWS409.DLL 2001-03-07 07:00 127,033 MSOWS40c.DLL 2003-07-11 02:25 80,448 PKMWS.DLL 5 fichier(s) 1,343,842 octets 4 Rép(s) 2,010,222,592 octets libres Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\ c:\Documents and Settings\JJ\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\JJ\Bureau\mplayerc.exe c:\Documents and Settings\JJ\Bureau\vlc.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\diff.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\find2.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\grep.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\streams.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\tar.exe c:\Documents and Settings\JJ\Bureau\TOOLS\RegCleanr.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\catchme.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\cliptext.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\download.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\ERUNT.EXE c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\FixPath.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\grep.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\isadmin.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\LS.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\MD5File.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Process.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\procs.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\psservice.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\RestartIt!.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\sc.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\sed.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\SF.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\shutdown.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\swreg.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\swsc.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\unzip.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\vfind.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\WINMSG.EXE c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\zip.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Replace\regedit.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Replace\XP.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\RegCleaner\Uninstall.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\Trojan.Remover.v6.6.5.Incl-Crack\trsetup.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\Trojan.Remover.v6.6.5.Incl-Crack\Crack\Rmvtrjan.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\Trojan.Remover.v6.6.5.Incl-Crack\Crack\Trjscan.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TrojanHunter.v4.5.924.Incl-Crack\setup.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TrojanHunter.v4.5.924.Incl-Crack\Crack\TrojanHunter.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TuneUp.Utilities.2008.v7.0.7992.FR.Incl-Keygen\TU2008TrialFR.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TuneUp.Utilities.2008.v7.0.7992.FR.Incl-Keygen\Keygen\keygen.exe c:\Documents and Settings\JJ\Mes documents\keyfinder.exe c:\Documents and Settings\JJ\Mes documents\klcodec375f.exe c:\Documents and Settings\JJ\Mes documents\Preparation-Messenger-BOM.exe c:\Documents and Settings\JJ\Mes documents\WLinstaller.exe c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\JJ\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_DOUBLE_J.tar.gz a l'adresse http://upload.malekal.com

Merci desch, ça a marché comme tu dis...

Voilà le rapport de combofix, pendant que je le copiais la souris sans fil s'est averrée inutilisable, elle est tombée en panne...Cela arrive parfois, ce type de soucis? ComboFix 08-06-03.1 - JJ 2008-06-04 12:05:07.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.628 [GMT 2:00] Endroit: C:\Documents and Settings\JJ\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMc31c83fb.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\apwxcvna.dll C:\WINDOWS\system32\bldrgxae.ini C:\WINDOWS\system32\cashjpvp.dll C:\WINDOWS\system32\dhxlpuft.dll C:\WINDOWS\system32\ewvvudyk.dll C:\WINDOWS\system32\hffednio.dll C:\WINDOWS\system32\jjykeugc.ini C:\WINDOWS\system32\kdvcdsif.dll C:\WINDOWS\system32\ljvkwbvs.dll C:\WINDOWS\system32\lqhcaomt.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nlhkviyh.dll C:\WINDOWS\system32\nqibvwom.ini C:\WINDOWS\system32\oindeffh.ini C:\WINDOWS\system32\pubxeaqx.dll C:\WINDOWS\system32\pvpjhsac.ini C:\WINDOWS\system32\QXGjknpo.ini C:\WINDOWS\system32\QXGjknpo.ini2 C:\WINDOWS\system32\raxcgtsv.dll C:\WINDOWS\system32\sgkyddgr.dll C:\WINDOWS\system32\UBKkUBeg.ini C:\WINDOWS\system32\UBKkUBeg.ini2 C:\WINDOWS\system32\urkqtbrs.ini C:\WINDOWS\system32\uyckkpgt.dll C:\WINDOWS\system32\vimyiivp.ini C:\WINDOWS\system32\vspgxipd.dll C:\WINDOWS\system32\wbxyljva.dll C:\WINDOWS\system32\wdhnjtbo.dll C:\WINDOWS\system32\xbrpvhtf.ini C:\WINDOWS\system32\xfrwdrjh.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))))))) . 2008-06-03 18:42 . 2008-06-03 18:42 820,232 --a--c--- C:\upload_moi_DOUBLE_J.tar.gz 2008-06-03 12:05 . 2008-06-03 12:05 <REP> d----c--- C:\WINDOWS\system32\Kaspersky Lab 2008-06-02 20:13 . 2008-06-02 20:13 <REP> dr---c--- C:\Documents and Settings\LocalService\Favoris 2008-06-02 19:43 . 2008-06-02 19:43 <REP> d----c--- C:\WINDOWS\ERUNT 2008-06-01 16:55 . 2008-06-01 16:55 <REP> d----c--- C:\Program Files\Foxit Software 2008-06-01 00:02 . 2008-06-01 00:02 <REP> d----c--- C:\Documents and Settings\JJ\Application Data\Malwarebytes 2008-06-01 00:02 . 2008-06-01 00:02 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-31 20:55 . 2008-05-31 20:55 95 --a--c--- C:\WINDOWS\wininit.ini 2008-05-31 01:01 . 2008-05-31 01:01 <REP> dr-h-c--- C:\MSOCache 2008-05-31 01:00 . 2008-05-31 01:00 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-05-30 01:06 . 2008-06-04 12:06 2,608 --a--c--- C:\WINDOWS\system32\settings.aaw 2008-05-30 01:06 . 2008-06-04 12:06 1,088 --a--c--- C:\WINDOWS\system32\history.aaw 2008-05-29 23:27 . 2008-05-29 23:27 <REP> d----c--- C:\Program Files\Windows Live Favorites 2008-05-29 23:27 . 2008-06-02 23:40 <REP> d----c--- C:\Program Files\Windows Live 2008-05-29 23:27 . 2008-06-01 23:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-29 23:27 . 2008-05-29 23:27 <REP> d----c--- C:\Program Files\Alwil Software 2008-05-29 23:27 . 2008-05-29 23:27 <REP> d----c--- C:\FileZilla Client 2008-05-29 16:25 . 2008-05-29 16:25 <REP> d----c--- C:\Program Files\Avira 2008-05-29 06:33 . 2008-05-29 16:04 <REP> d----c--- C:\WINDOWS\system32\ZoneLabs 2008-05-29 06:31 . 2008-05-29 16:03 <REP> d----c--- C:\WINDOWS\Internet Logs 2008-05-28 19:11 . 2008-05-29 16:25 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-28 10:57 . 2008-05-28 11:07 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-05-27 15:06 . 2008-05-30 01:06 34,296 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-27 15:06 . 2008-05-30 01:06 15,864 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-05-22 21:23 . 2008-05-22 21:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-05-18 22:15 . 2008-05-18 22:27 <REP> d----c--- C:\Documents and Settings\JJ\Application Data\BSplayer PRO 2008-05-17 20:28 . 2008-05-18 09:31 <REP> d----c--- C:\WINDOWS\system32\LogFiles 2008-05-15 00:51 . 2008-05-17 09:19 <REP> d----c--- C:\Program Files\Yahoo! 2008-05-13 22:56 . 2008-05-30 00:44 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-13 22:55 . 2008-05-13 22:55 <REP> d----c--- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-11 14:40 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl 2008-05-11 07:01 . 2008-05-11 07:01 <REP> d--h-c--- C:\WINDOWS\system32\GroupPolicy 2008-05-10 18:13 . 2007-12-04 19:41 356,352 -ra--c--- C:\WINDOWS\system32\nvuninst.exe 2008-05-04 22:21 . 2008-05-22 21:16 <REP> d----c--- C:\Program Files\PROMT5 2008-05-04 11:51 . 2008-03-21 22:30 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll 2008-05-04 11:51 . 2008-01-10 14:15 755,027 --a--c--- C:\WINDOWS\system32\xvidcore.dll 2008-05-04 11:51 . 2008-03-31 23:25 682,496 --a--c--- C:\WINDOWS\system32\divx.dll 2008-05-04 11:51 . 2004-01-25 18:18 217,088 --a--c--- C:\WINDOWS\system32\yv12vfw.dll 2008-05-04 11:51 . 2007-09-04 18:56 164,352 --a--c--- C:\WINDOWS\system32\unrar.dll 2008-05-04 11:51 . 2008-01-10 14:16 159,839 --a--c--- C:\WINDOWS\system32\xvidvfw.dll 2008-05-04 11:51 . 2008-03-21 22:28 81,920 --a--c--- C:\WINDOWS\system32\dpl100.dll 2008-05-04 11:51 . 2008-03-28 19:41 7,680 --a--c--- C:\WINDOWS\system32\ff_vfw.dll 2008-05-04 11:51 . 2007-07-10 18:10 547 --a--c--- C:\WINDOWS\system32\ff_vfw.dll.manifest . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 10:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2008-06-03 18:13 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-02 22:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-02 17:57 --------- dc----w C:\Documents and Settings\JJ\Application Data\eBay 2008-06-02 17:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\eBay 2008-05-31 20:44 --------- dc----w C:\Documents and Settings\JJ\Application Data\dvdcss 2008-05-29 22:44 --------- dc----w C:\Documents and Settings\JJ\Application Data\Lavasoft 2008-05-29 22:35 --------- dc----w C:\Program Files\TuneUp Utilities 2008 2008-05-25 04:39 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-22 19:37 --------- dc----w C:\Documents and Settings\JJ\Application Data\LimeWire 2008-05-22 19:37 --------- dc----w C:\Documents and Settings\JJ\Application Data\GetRight Pro 2008-05-22 19:16 --------- dc----w C:\Program Files\Microsoft Visual Studio 8 2008-05-22 19:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7 2008-05-18 20:28 --------- dc----w C:\Program Files\Java 2008-05-15 01:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-04 09:51 --------- dc----w C:\Program Files\K-Lite Codec Pack 2008-05-02 18:18 --------- dc----w C:\Program Files\Fichiers communs\Java 2008-05-02 18:02 --------- dc----w C:\Program Files\Windows Media Connect 2 2008-05-02 18:02 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-05-02 18:02 --------- dc----w C:\Program Files\Microsoft LifeCam 2008-04-29 21:39 --------- dc----w C:\Documents and Settings\JJ\Application Data\AVG7 2008-04-27 07:57 --------- dc----w C:\Program Files\Paint.NET 2008-04-27 07:57 --------- dc----w C:\Documents and Settings\JJ\Application Data\CyberLink 2008-04-26 08:34 --------- dc----w C:\Documents and Settings\JJ\Application Data\GlarySoft 2008-04-23 04:59 --------- dc----w C:\Program Files\Microsoft Works 2008-04-23 04:58 --------- dc----w C:\Program Files\MSBuild 2008-04-23 04:57 --------- dc----w C:\Program Files\Microsoft.NET 2008-04-22 23:12 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-04-22 23:05 --------- dc----w C:\Program Files\eBay 2008-04-18 21:23 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-04-05 19:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\CyberLink . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 19:41 8523776] "nwiz"="nwiz.exe" [2007-12-04 19:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 19:41 81920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:37 44544] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin200.exe.lnk] backup=C:\WINDOWS\pss\TrayMin200.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a--c--- 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a--c--- 2006-02-14 17:17 2809856 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 06:54 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] --a--c--- 2008-06-04 00:48 652528 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] --a--c--- 2007-01-13 03:48 275800 C:\Program Files\Microsoft LifeCam\LifeExp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a--c--- 2007-12-04 19:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a--c--- 2007-12-04 19:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2007-12-04 19:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a--c--- 2006-02-10 19:25 15969280 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sohcmft] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2006-02-14 17:19 86016 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] -----c--- 2007-09-25 12:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] --a--c--- 2006-12-06 01:38 707360 C:\WINDOWS\vVX3000.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=2 (0x2) "ose"=3 (0x3) "TUWinStylerThemeSvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "gusvc"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe "PROMT Integrator"="C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 00:13] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:55] S3 maconfservice;Ma-Config Service;"D:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-30 06:37] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a33bd932-0ef0-11dd-9611-001731f47dd8}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-04 10:08:25 C:\WINDOWS\Tasks\GlaryInitialize.job" - D:\Program Files\Glary Utilities\initialize.exe "2008-06-04 10:08:25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2007-09-28 14:44:50 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job" - C:\Program Files\Microsoft LifeCam\LifeExp.exe "2007-12-18 18:11:17 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job" - C:\WINDOWS\vVX3000.exe "2008-06-04 10:05:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BCB17805-FA28-416D-9B9E-47EB5B1CF003}.job" - C:\WINDOWS\system32\msfeedssync.exe "2008-06-04 09:38:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Thanos, impossible de telecharger combofix, il me dit à chaques fois qu'il ne peut pas être renommé en combofix[1]...Merci pour ton aide...

cette fois-ci, c'est le bon...merci desch pour ta patience... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:46, on 2008-06-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU) O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU) O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU) O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_31.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 10113 bytes

Bonsoir desch, j'ai refait un scan avec malewarebytes en mode sans échec....il est certain que je ne prends plus de prog cracké...trop risqué.. Malwarebytes' Anti-Malware 1.14 Version de la base de données: 811 00:23:04 2008-06-04 mbam-log-6-4-2008 (00-22-57).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 82713 Temps écoulé: 3 hour(s), 43 minute(s), 55 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\jycfuakk.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\knomlamc.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\micqwwxg.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\qkuuqpnb.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\uthgtjkf.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\vnutsfip.exe (Trojan.LowZones) -> No action taken.

voilà, je viens de tirer le rapport diaghelp DiagHelp version v1.4 - http://www.malekal.com excute le 2008-06-03 à 18:41:51.88 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-06-03 18:41:43 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-06-03 18:41:24 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2008-06-03 18:39:01 C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->2008-06-03 18:38:00 C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->2008-06-03 18:36:51 C:\WINDOWS\prefetch\CATCHME.EXE-099A72E0.pf -->2008-06-03 18:36:28 C:\WINDOWS\prefetch\CATCHME.EXE-16C4E4BB.pf -->2008-06-03 18:34:04 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->2008-06-03 18:31:41 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->2008-06-03 18:31:31 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-06-03 18:19:08 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->2008-05-30 01:06:40 C:\WINDOWS\System32\drivers\mbam.sys -->2008-05-30 01:06:36 C:\WINDOWS\System32\drivers\avipbb.sys -->2008-03-04 13:28:53 C:\WINDOWS\System32\drivers\avgntdd.sys -->2008-01-21 18:12:56 C:\WINDOWS\System32\drivers\avgntmgr.sys -->2008-01-21 18:11:28 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 11:51:35 C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-12-04 19:41:00 C:\WINDOWS\System32\wpa.dbl -->2008-06-02 22:53:20 C:\WINDOWS\System32\settings.aaw -->2008-06-02 22:51:54 C:\WINDOWS\System32\history.aaw -->2008-06-02 22:51:54 C:\WINDOWS\System32\UBKkUBeg.ini -->2008-06-01 01:40:35 C:\WINDOWS\System32\UBKkUBeg.ini2 -->2008-06-01 01:38:50 C:\WINDOWS\System32\bldrgxae.ini -->2008-06-01 01:09:09 C:\WINDOWS\System32\clkcnt.txt -->2008-06-01 01:05:30 C:\WINDOWS\System32\pvpjhsac.ini -->2008-06-01 01:00:30 C:\WINDOWS\System32\PerfStringBackup.INI -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfh00C.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfh009.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfc00C.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\perfc009.dat -->2008-05-31 23:15:52 C:\WINDOWS\System32\QXGjknpo.ini -->2008-05-31 20:30:17 C:\WINDOWS\System32\cashjpvp.dll -->2008-05-31 20:28:51 C:\WINDOWS\System32\nlhkviyh.dll -->2008-05-31 20:28:41 C:\WINDOWS\System32\oindeffh.ini -->2008-05-31 20:28:07 C:\WINDOWS\System32\QXGjknpo.ini2 -->2008-05-31 20:27:57 C:\WINDOWS\System32\hffednio.dll -->2008-05-31 12:22:08 C:\WINDOWS\System32\vspgxipd.dll -->2008-05-31 12:07:47 C:\WINDOWS\System32\micqwwxg.exe -->2008-05-30 19:50:04 C:\WINDOWS\System32\wbxyljva.dll -->2008-05-30 19:43:40 C:\WINDOWS\System32\xfrwdrjh.dll -->2008-05-30 15:51:02 C:\WINDOWS\System32\knomlamc.exe -->2008-05-30 07:11:26 C:\WINDOWS\System32\uyckkpgt.dll -->2008-05-30 07:06:15 C:\WINDOWS\WindowsUpdate.log -->2008-06-03 18:19:19 C:\WINDOWS\wiadebug.log -->2008-06-03 13:12:27 C:\WINDOWS\setupapi.log -->2008-06-03 12:05:04 C:\WINDOWS\wmsetup.log -->2008-06-03 08:20:43 C:\WINDOWS\DirectX.log -->2008-06-02 23:40:47 C:\WINDOWS\0.log -->2008-06-02 22:53:17 C:\WINDOWS\wiaservc.log -->2008-06-02 22:52:58 C:\WINDOWS\bootstat.dat -->2008-06-02 22:52:40 C:\WINDOWS\tsoc.log -->2008-06-02 13:12:21 C:\WINDOWS\ocmsn.log -->2008-06-02 13:12:21 C:\WINDOWS\ntdtcsetup.log -->2008-06-02 13:12:21 C:\WINDOWS\msgsocm.log -->2008-06-02 13:12:21 C:\WINDOWS\iis6.log -->2008-06-02 13:12:21 C:\WINDOWS\FaxSetup.log -->2008-06-02 13:12:20 C:\WINDOWS\msmqinst.log -->2008-06-02 13:11:57 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1432 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 0x68ef0000 0xf1000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x68ff0000 0x7000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x65e30000 0x37000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll 0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x026d0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x66b40000 0x17f000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveMisc.dll 0x02920000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS\system32\jsproxy.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x01b80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x60510000 0x19000 2.00.50727.1433 C:\WINDOWS\system32\dfshim.dll 0x79000000 0x46000 2.00.50727.1433 C:\WINDOWS\system32\mscoree.dll 0x79e70000 0x58f000 2.00.50727.1433 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 0x03d90000 0x1a6000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\1036\GrooveIntlResource.dll 0x044f0000 0x60000 6.14.0011.6921 C:\WINDOWS\system32\nvapi.dll 0x03210000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x00e70000 0x8000 1.00.0000.0000 D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x00ef0000 0x9000 2.00.0000.0004 C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll 0x030e0000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x039b0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll 0x03100000 0x17000 5.00.0008.0000 C:\Program Files\PROMT5\PROMT\prmshell.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x01de0000 0xd000 1.01.0000.0137 D:\PROGRA~1\GLARYU~1\CONTEX~1.DLL 0x40000000 0xc6000 7.00.0004.0453 D:\PROGRA~1\GLARYU~1\rtl70.bpl 0x05550000 0x157000 7.00.0004.0453 D:\PROGRA~1\GLARYU~1\vcl70.bpl 0x6bd10000 0x10000 12.00.4518.1014 D:\Program Files\Microsoft Office\Office12\msohevi.dll ------------------------------------------------------------------------------ explorer.exe pid: 2212 Command line: "C:\WINDOWS\Explorer.EXE" /IDLIST,:1936:1432,/S Base Size Version Path 0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll 0x661c0000 0x21d000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 0x68ef0000 0xf1000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x68ff0000 0x7000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x01150000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS\system32\jsproxy.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x01870000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x65e30000 0x37000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x66b40000 0x17f000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\GrooveMisc.dll 0x017f0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x02b80000 0x1a6000 12.00.6211.1000 D:\Program Files\Microsoft Office\Office12\1036\GrooveIntlResource.dll 0x79000000 0x46000 2.00.50727.1433 C:\WINDOWS\system32\mscoree.dll 0x641f0000 0x1e000 2.00.50727.1433 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll 0x60610000 0x6000 2.00.50727.1433 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll 0x60340000 0x8000 2.00.50727.1433 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll 0x64220000 0x18000 2.00.50727.1433 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll 0x02af0000 0x60000 6.14.0011.6921 C:\WINDOWS\system32\nvapi.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 660 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01210000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\WINDOWS\system32 2004-08-04 06:54 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 1,991,368,704 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\WINDOWS\Downloaded Program Files 2008-06-03 12:05 <REP> . 2008-06-03 12:05 <REP> .. 2007-08-12 02:27 65 desktop.ini 2008-03-24 19:33 1,527,056 FP_AX_CAB_INSTALLER.exe 2007-12-19 12:35 331,264 GoogleGadgetPluginIEWin.dll 2007-05-16 08:22 399 gp.inf 2008-05-23 18:23 1,570 hardwaredetection.inf 2007-12-19 12:02 360 install.inf 2008-01-18 12:17 204,800 InstallerControl.dll 2007-07-12 04:22 1,055 jinstall-6u2.inf 2008-04-02 15:18 1,060 jinstall-6u5.inf 2006-08-08 11:45 576 kavwebscan.inf 2007-02-23 00:41 304,544 MessengerStatsPAClient.dll 2007-02-28 15:21 131,472 msgrchkr.dll 2006-06-20 15:44 379,704 MsnPUpld.dll 2006-06-19 14:40 393 MsnPUpld.inf 2008-02-04 17:53 361 OGAControl.inf 2008-01-18 12:17 507 OSDED4D.OSD 2006-06-20 15:44 117,560 PURen-us.dll 2007-01-09 08:30 110,592 PURfr-fr.dll 2004-10-15 07:59 110,592 PURfr-xx.dll 2008-03-24 19:18 247 swflash.inf 20 fichier(s) 3,224,177 octets Total des fichiers listés : 20 fichier(s) 3,224,177 octets 2 Rép(s) 1,991,368,704 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\87exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\87exmdnk54.exe:*:Enabled:87exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\13exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\13exmdnk54.exe:*:Enabled:13exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\95exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\95exmdnk54.exe:*:Enabled:95exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\98exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\98exmdnk54.exe:*:Enabled:98exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\60exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\60exmdnk54.exe:*:Disabled:60exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\33exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\33exmdnk54.exe:*:Disabled:33exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\19exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\19exmdnk54.exe:*:Disabled:19exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\45exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\45exmdnk54.exe:*:Disabled:45exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\9exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\9exmdnk54.exe:*:Enabled:9exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\74exmdnk54.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\74exmdnk54.exe:*:Disabled:74exmdnk54" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\Rar$EX04.141\\eMule0.49a\\emule.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\Rar$EX04.141\\eMule0.49a\\emule.exe:*:Enabled:eMule" "C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\Rar$EX03.844\\eMule0.49a\\emule.exe"="C:\\Documents and Settings\\JJ\\Local Settings\\Temp\\Rar$EX03.844\\eMule0.49a\\emule.exe:*:Enabled:eMule" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 update.shareaza.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 18:42:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 260 - msnmsgr.exe 340 - cmd.exe 616 - avgnt.exe 636 - csrss.exe 660 - winlogon.exe 688 - usnsvc.exe 704 - services.exe 716 - lsass.exe 784 - alg.exe 912 - svchost.exe 960 - svchost.exe 1036 - WLSetupSvc.exe 1052 - svchost.exe 1092 - eBayTBDaemon.ex 1260 - svchost.exe 1432 - explorer.exe 1456 - aawservice.exe 1684 - ctfmon.exe 1864 - avguard.exe 1928 - MSCamS32.exe 1988 - nvsvc32.exe 3820 - iexplore.exe Total number of processes = 23 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7B10000 - \WINDOWS\system32\KDCOM.DLL F7A20000 - \WINDOWS\system32\BOOTVID.dll F74E0000 - ACPI.sys F7B12000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F74CF000 - pci.sys F7610000 - isapnp.sys F7BD8000 - pciide.sys F7890000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7620000 - MountMgr.sys F74B0000 - ftdisk.sys F7B14000 - dmload.sys F748A000 - dmio.sys F7898000 - PartMgr.sys F7630000 - VolSnap.sys F7472000 - atapi.sys F7640000 - disk.sys F7650000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7660000 - avgntmgr.sys F745B000 - KSecDD.sys F73CE000 - Ntfs.sys F73A1000 - NDIS.sys F738F000 - sr.sys F7374000 - Mup.sys F77D0000 - \SystemRoot\system32\DRIVERS\processr.sys F5A6A000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F5A56000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F79C0000 - \SystemRoot\system32\DRIVERS\usbohci.sys F5A33000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F79C8000 - \SystemRoot\system32\DRIVERS\usbehci.sys F77E0000 - \SystemRoot\system32\DRIVERS\imapi.sys F77F0000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7800000 - \SystemRoot\system32\DRIVERS\redbook.sys F5A10000 - \SystemRoot\system32\DRIVERS\ks.sys F59EB000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7AF4000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys F59A1000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS F596A000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS F79D0000 - \SystemRoot\system32\DRIVERS\fdc.sys F79D8000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7D0D000 - \SystemRoot\system32\DRIVERS\audstub.sys F7820000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7AF8000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F5953000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7830000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7840000 - \SystemRoot\system32\DRIVERS\raspptp.sys F79E0000 - \SystemRoot\system32\DRIVERS\TDI.SYS F5942000 - \SystemRoot\system32\DRIVERS\psched.sys F7850000 - \SystemRoot\system32\DRIVERS\msgpc.sys F79E8000 - \SystemRoot\system32\DRIVERS\ptilink.sys F79F0000 - \SystemRoot\system32\DRIVERS\raspti.sys F5911000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F6A7A000 - \SystemRoot\system32\DRIVERS\termdd.sys F79F8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7B38000 - \SystemRoot\system32\DRIVERS\swenum.sys F58DD000 - \SystemRoot\system32\DRIVERS\update.sys F734C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F69FA000 - \SystemRoot\System32\Drivers\NDProxy.SYS F7870000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7B56000 - \SystemRoot\system32\DRIVERS\USBD.SYS F76A0000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys F2815000 - \SystemRoot\system32\drivers\RtkHDAud.sys F27F1000 - \SystemRoot\system32\drivers\portcls.sys F76B0000 - \SystemRoot\system32\drivers\drmk.sys F1E24000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys F7B5A000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C2E000 - \SystemRoot\System32\Drivers\Null.SYS F7B5C000 - \SystemRoot\System32\Drivers\Beep.SYS F7C2F000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7960000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7968000 - \SystemRoot\System32\drivers\vga.sys F7B5E000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B60000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7970000 - \SystemRoot\System32\Drivers\Msfs.SYS F7978000 - \SystemRoot\System32\Drivers\Npfs.SYS F6402000 - \SystemRoot\system32\DRIVERS\rasacd.sys F1DF1000 - \SystemRoot\system32\DRIVERS\ipsec.sys F1D98000 - \SystemRoot\system32\DRIVERS\tcpip.sys F1D70000 - \SystemRoot\system32\DRIVERS\netbt.sys F1D4F000 - \SystemRoot\system32\DRIVERS\ipnat.sys F1D2D000 - \SystemRoot\System32\drivers\afd.sys F7700000 - \SystemRoot\system32\DRIVERS\wanarp.sys F7710000 - \SystemRoot\system32\DRIVERS\netbios.sys F7980000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F1D02000 - \SystemRoot\system32\DRIVERS\rdbss.sys F7C3A000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS F1C93000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F7720000 - \SystemRoot\System32\Drivers\Fips.SYS F1C0D000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7AEC000 - \SystemRoot\system32\DRIVERS\hidusb.sys F7790000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F79B8000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F7A18000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7340000 - \SystemRoot\system32\DRIVERS\mouhid.sys EF6CD000 - \SystemRoot\system32\DRIVERS\VX3000.sys F77B0000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F77C0000 - \SystemRoot\system32\drivers\usbaudio.sys F4E68000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F76E0000 - \SystemRoot\System32\Drivers\Cdfs.SYS EB5AD000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B16000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys EC2A4000 - \SystemRoot\System32\drivers\Dxapi.sys F79A8000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7CDC000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BAD9A000 - \SystemRoot\system32\DRIVERS\nwlnkipx.sys EF50D000 - \SystemRoot\system32\DRIVERS\nwlnknb.sys BADE4000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BACAA000 - \SystemRoot\system32\DRIVERS\nwrdr.sys BAC7E000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F02E8000 - \SystemRoot\system32\DRIVERS\nwlnkspx.sys BAC05000 - \SystemRoot\system32\DRIVERS\atksgt.sys EF30F000 - \SystemRoot\system32\DRIVERS\lirsgt.sys BAB8B000 - \SystemRoot\system32\DRIVERS\srv.sys BA9E6000 - \SystemRoot\system32\drivers\wdmaud.sys BAA7B000 - \SystemRoot\system32\drivers\sysaudio.sys EE74A000 - \SystemRoot\System32\Drivers\TDTCP.SYS BA605000 - \SystemRoot\System32\Drivers\RDPWD.SYS B8586000 - \SystemRoot\system32\drivers\kmixer.sys F7CC3000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 123 Liste des programmes installes Avira AntiVir Personal – Free Antivirus CCleaner (remove only) Foxit Reader Galerie de photos Windows Live HijackThis 2.0.2 Kaspersky On-line Scanner Kaspersky Online Scanner Malwarebytes' Anti-Malware Windows Live installer Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\Program Files 2008-06-01 16:55 <REP> . 2008-06-01 16:55 <REP> .. 2008-04-23 01:14 <REP> Adobe 2008-05-29 23:27 <REP> Alwil Software 2008-05-29 16:25 <REP> Avira 2008-04-23 01:05 <REP> eBay 2008-05-31 20:29 <REP> Fichiers communs 2008-06-01 16:55 <REP> Foxit Software 2008-03-28 22:49 <REP> Google 2007-08-19 23:04 <REP> HP 2008-04-09 12:01 <REP> Internet Explorer 2008-05-18 22:28 <REP> Java 2008-05-04 11:51 <REP> K-Lite Codec Pack 2007-08-12 02:29 <REP> microsoft frontpage 2008-05-02 20:02 <REP> Microsoft LifeCam 2007-11-16 13:57 <REP> Microsoft SQL Server Compact Edition 2008-04-23 06:58 <REP> Microsoft Visual Studio 2008-05-22 21:16 <REP> Microsoft Visual Studio 8 2008-04-23 06:59 <REP> Microsoft Works 2008-04-23 06:57 <REP> Microsoft.NET 2007-08-12 02:29 <REP> movie maker 2008-05-29 14:40 <REP> Mozilla Firefox 2008-04-23 06:58 <REP> MSBuild 2007-08-12 02:29 <REP> msn gaming zone 2008-01-30 09:42 <REP> Navilog1 2007-08-12 02:26 <REP> NetMeeting 2007-08-13 23:01 <REP> Outlook Express 2008-04-27 09:57 <REP> Paint.NET 2007-08-13 06:41 <REP> PowerQuest 2008-05-22 21:16 <REP> PROMT5 2008-02-18 07:43 <REP> QuickTime 2008-02-18 22:20 <REP> Spybot - Search & Destroy 2007-12-12 00:00 <REP> Trend Micro 2008-05-30 00:35 <REP> TuneUp Utilities 2008 2008-06-02 23:40 <REP> Windows Live 2008-05-29 23:27 <REP> Windows Live Favorites 2008-05-02 20:02 <REP> Windows Live Toolbar 2008-05-02 20:02 <REP> Windows Media Connect 2 2008-05-22 21:16 <REP> Windows Media Player 2007-08-12 02:29 <REP> Windows NT 2007-12-31 07:58 <REP> WinRAR 2007-08-12 02:29 <REP> xerox 2008-05-17 09:19 <REP> Yahoo! 0 fichier(s) 0 octets 43 Rép(s) 1,988,046,848 octets libres Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\Program Files\fichiers communs 2008-05-31 20:29 <REP> . 2008-05-31 20:29 <REP> .. 2008-04-18 23:23 <REP> Adobe 2008-04-23 07:11 <REP> DESIGNER 2007-08-19 23:05 <REP> Hewlett-Packard 2008-02-18 00:40 <REP> InstallShield 2008-05-02 20:18 <REP> Java 2008-05-04 12:22 <REP> Microsoft Shared 2007-08-12 02:25 <REP> MSSoap 2007-08-12 02:26 <REP> Services 2007-08-12 02:29 <REP> speechengines 2008-04-23 07:06 <REP> System 2008-05-13 22:55 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 13 Rép(s) 1,988,046,848 octets libres Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-05-04 12:25 <REP> . 2008-05-04 12:25 <REP> .. 2007-08-12 04:09 <REP> 1033 2008-04-23 07:06 <REP> 1036 2007-08-28 23:55 973,168 MSONSEXT.DLL 2006-10-26 20:12 40,256 MSOSV.DLL 1999-06-03 12:09 122,937 MSOWS409.DLL 2001-03-07 07:00 127,033 MSOWS40c.DLL 2003-07-11 02:25 80,448 PKMWS.DLL 5 fichier(s) 1,343,842 octets 4 Rép(s) 1,987,977,216 octets libres Le volume dans le lecteur C s'appelle SYSTEM_JJ Le numéro de série du volume est C02F-B0C8 Répertoire de C:\ c:\Documents and Settings\JJ\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\JJ\Bureau\emule.exe c:\Documents and Settings\JJ\Bureau\mplayerc.exe c:\Documents and Settings\JJ\Bureau\vlc.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\diff.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\find2.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\grep.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\streams.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\JJ\Bureau\DiagHelp\tar.exe c:\Documents and Settings\JJ\Bureau\TOOLS\RegCleanr.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\catchme.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\cliptext.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\download.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\ERUNT.EXE c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\FixPath.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\grep.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\isadmin.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\LS.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\MD5File.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Process.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\procs.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\psservice.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\RestartIt!.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\sc.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\sed.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\SF.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\shutdown.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\swreg.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\swsc.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\unzip.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\vfind.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\WINMSG.EXE c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\zip.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Replace\regedit.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\JJ\Bureau\TOOLS\sdfix\SDFix\apps\Replace\XP.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\RegCleaner\Uninstall.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\Trojan.Remover.v6.6.5.Incl-Crack\trsetup.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\Trojan.Remover.v6.6.5.Incl-Crack\Crack\Rmvtrjan.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\Trojan.Remover.v6.6.5.Incl-Crack\Crack\Trjscan.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TrojanHunter.v4.5.924.Incl-Crack\setup.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TrojanHunter.v4.5.924.Incl-Crack\Crack\TrojanHunter.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TuneUp.Utilities.2008.v7.0.7992.FR.Incl-Keygen\TU2008TrialFR.exe c:\Documents and Settings\JJ\Bureau\TOOLS\utilities\TuneUp.Utilities.2008.v7.0.7992.FR.Incl-Keygen\Keygen\keygen.exe c:\Documents and Settings\JJ\Local Settings\Temp\WLXPL_DX\dxsetup.exe c:\Documents and Settings\JJ\Local Settings\Temp\~nsu.tmp\Au_.exe c:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\FAAS0LMM\eBayTBCareApp[1].exe c:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\FAAS0LMM\WLinstaller[1].exe c:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\GR4FU7PI\eBayTBBroker[1].exe c:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\GR4FU7PI\Install_Messenger[1].exe c:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\Y8YYSEVH\imsn9[1].exe c:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\ZZ4UEDAR\eBayTBDaemon[1].exe c:\Documents and Settings\JJ\Mes documents\keyfinder.exe c:\Documents and Settings\JJ\Mes documents\klcodec375f.exe c:\Documents and Settings\JJ\Mes documents\Preparation-Messenger-BOM.exe c:\Documents and Settings\JJ\Mes documents\WLinstaller.exe c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\JJ\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_DOUBLE_J.tar.gz a l'adresse http://upload.malekal.com