Aller au contenu

maps

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par maps

  1. maps
    C'est pareil avec ce script aussi. C(est sympa d'essayer de m'aider. Pour aujourd'hui je crois que j'ai eu ma dose. J'ai en plus maintenant un autre petit pb au démarrage de l'ordi il me dit erreur de chargement de winfax32.dll, le module spécifié est introuvable, j'ai du perdre un fichier en cours de route. Je reviendrais demain matin sur le forum. Merci Bonne soirée
  2. maps
    Je confirme la deuxième manip avec le script me fait planter l'ordi.
  3. maps
    J'ai essayé de tout faire à la lettre La première manip s'est faite nickel voici le rapport ComboFix 08-06-01.6 - MARIE-PIERRE 2008-06-02 17:25:43.4 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1434 [GMT 2:00] Endroit: C:\Users\MARIE-PIERRE\Desktop\Combo-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\downld C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\mdelk.exe C:\Windows\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))))))) . 2008-06-02 17:33 . 2008-06-02 17:33 <REP> d-------- C:\Windows\System32\drivers\downld 2008-06-02 13:38 . 2008-06-02 13:38 <REP> d-------- C:\OEMSettings 2008-06-02 13:31 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-06-02 12:50 . 2008-06-02 16:53 <REP> d-------- C:\Muestras 2008-06-02 12:17 . 2008-05-31 11:26 2,359,350 --a------ C:\Windows\FrameShow Wallpaper.BMP 2008-06-02 11:17 . 2008-06-02 11:17 <REP> d-------- C:\Program Files\Alwil Software 2008-06-02 10:35 . 2007-12-28 14:58 289,280 --a------ C:\Windows\System32\drivers\wg111v3.sys 2008-06-02 08:32 . 2005-02-17 03:06 700,416 --ah----- C:\Windows\System32\RtHDVCpl.exe 2008-05-28 09:20 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 09:20 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-05 11:59 . 2008-05-05 11:59 <REP> d-------- C:\Users\FRANCIS\AppData\Roaming\GigaTribe 2008-05-03 16:24 . 2008-05-03 16:24 <REP> d-------- C:\Users\MARIE-PIERRE\TaoUSign 2008-05-02 07:07 . 2008-05-02 07:07 <REP> d-------- C:\Program Files\IDT 2008-05-02 07:07 . 2007-09-05 21:24 1,900,544 --a------ C:\Windows\System32\stlang.dll 2008-05-02 07:07 . 2007-09-05 21:25 204,800 --a------ C:\Windows\System32\stacsv.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 15:32 36,091 ----a-w C:\Windows\system32\drivers\stwrte.log 2008-06-02 14:49 --------- d-----w C:\Program Files\Trend Micro 2008-06-02 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 06:04 --------- d-----w C:\ProgramData\eMule 2008-05-26 14:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 07:37 --------- d-----w C:\Program Files\Windows Mail 2008-04-24 11:58 --------- d-----w C:\Users\FRANCIS\AppData\Roaming\AdobeUM 2008-03-24 11:52 174 --sha-w C:\Program Files\desktop.ini 2008-03-11 18:25 32,390 ----a-w C:\Windows\king-uninstall.exe 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2007-11-09 18:19 0 ----a-w C:\Users\MARIE-PIERRE\AppData\Roaming\wklnhst.dat 2007-11-07 17:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-07 17:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-07 17:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "winfax32"="winfax32.dll" [2004-03-18 10:57 8704 C:\Windows\System32\winfax32.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2005-02-17 03:06 700416 C:\Windows\System32\RtHDVCpl.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-06-02 13:32 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2008-02-22 16:13:14 2506752] PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1798114101-1895918123-1987534085-1000] "EnableNotificationsRef"=dword:00000007 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess "{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess "{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess "{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine "{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia "{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect "{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service "{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician "{C2493304-0383-42E1-BE9C-7D943AE39108}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9D38C0C2-6429-4660-9D66-94E0E2ECFB88}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{BF2428E4-7ADA-44F6-BFEB-3A7C03F2F3D3}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{BB9C1719-2BED-4E7B-84AF-016463DF2C86}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{E5F714C3-B97B-4BD0-B288-C32B0D673128}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{CA3D261F-5164-49CB-9574-1BAD36EDD3B6}C:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:C:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent "UDP Query User{91E554E8-525F-4E21-A76B-124055AE77C8}C:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:C:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent "TCP Query User{0255FCEA-A262-462F-AA65-45071A4EA0BA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{B3072E8A-CCAC-43CB-AE18-EFAD29159719}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{25A60A1D-4A42-41A5-BED7-DE5C87E1C64C}D:\\emule\\emule.exe"= UDP:D:\emule\emule.exe:eMule "UDP Query User{72E0F3C9-A907-422F-92CB-9CAF654DB8C4}D:\\emule\\emule.exe"= TCP:D:\emule\emule.exe:eMule "TCP Query User{4ED9D2C4-1953-4F0D-97F3-B0EFC9EE898A}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows "UDP Query User{8691CDB8-52EB-4BBE-B52E-9097C5AC7FF2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows "TCP Query User{870A53CB-58C6-4209-AB4D-0DA8F9B641F5}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe "UDP Query User{5ADD4B5D-4424-48FA-B93B-C0983FF26609}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe "TCP Query User{CC3F39C4-113B-45C4-8FEB-B9C6BC4DCFB4}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe "UDP Query User{0E072DA0-A15D-48C6-B944-6CE4E08D9BFF}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22] R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 10:50] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04] R2 winfax32;Microsoft Fax API Support DLL;rundll32.exe C:\Windows\system32\winfax32.dll,ytib [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-12-28 14:58] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2007-12-09 13:41] S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 10:51] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 10:51] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 10:51] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 10:51] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 10:51] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 10:51] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 10:51] S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307864cd-8dd2-11dc-b708-001c252bf724}] \shell\AutoRun\command - J:\nideiect.com \shell\explore\Command - J:\nideiect.com \shell\open\Command - J:\nideiect.com . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-02 15:09:27 C:\Windows\Tasks\User_Feed_Synchronization-{8C91362B-D7EF-426C-9096-9F0196925459}.job" - C:\Windows\system32\msfeedssync.exe "2008-06-02 15:35:14 C:\Windows\Tasks\User_Feed_Synchronization-{B21A7B61-7976-4FEF-A4CA-D052BB765820}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 17:33:23 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\wbem\unsecapp.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-02 17:38:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 15:38:19 ComboFix2.txt 2008-06-02 14:15:46 Pre-Run: 173,533,569,024 octets libres Post-Run: 173,499,998,208 octets libres 186 --- E O F --- 2008-05-30 06:03:42 Pour la deuxième manip l'ordi plante ecran noir vidage memoire etc............ Je reessaye quand même
  4. maps
    Voici mon rapport combo avec la manip du script: ComboFix 08-06-01.6 - MARIE-PIERRE 2008-06-02 16:03:03.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1429 [GMT 2:00] Endroit: C:\Users\MARIE-PIERRE\Desktop\Comb-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\downld C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\mdelk.exe C:\Windows\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))))))) . 2008-06-02 16:01 . 2008-05-26 05:55 <REP> d-------- C:\327882R2FWJFW 2008-06-02 13:38 . 2008-06-02 13:38 <REP> d-------- C:\OEMSettings 2008-06-02 13:31 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-06-02 12:50 . 2008-06-02 12:50 <REP> d-------- C:\Muestras 2008-06-02 12:17 . 2008-05-31 11:26 2,359,350 --a------ C:\Windows\FrameShow Wallpaper.BMP 2008-06-02 11:17 . 2008-06-02 11:17 <REP> d-------- C:\Program Files\Alwil Software 2008-06-02 10:35 . 2007-12-28 14:58 289,280 --a------ C:\Windows\System32\drivers\wg111v3.sys 2008-06-02 08:32 . 2005-02-17 03:06 700,416 --ah----- C:\Windows\System32\RtHDVCpl.exe 2008-05-28 09:20 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 09:20 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-05 11:59 . 2008-05-05 11:59 <REP> d-------- C:\Users\FRANCIS\AppData\Roaming\GigaTribe 2008-05-03 16:24 . 2008-05-03 16:24 <REP> d-------- C:\Users\MARIE-PIERRE\TaoUSign 2008-05-02 07:07 . 2008-05-02 07:07 <REP> d-------- C:\Program Files\IDT 2008-05-02 07:07 . 2007-09-05 21:24 1,900,544 --a------ C:\Windows\System32\stlang.dll 2008-05-02 07:07 . 2007-09-05 21:25 204,800 --a------ C:\Windows\System32\stacsv.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 14:09 35,530 ----a-w C:\Windows\system32\drivers\stwrte.log 2008-06-02 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 06:04 --------- d-----w C:\ProgramData\eMule 2008-05-26 14:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 07:37 --------- d-----w C:\Program Files\Windows Mail 2008-04-24 11:58 --------- d-----w C:\Users\FRANCIS\AppData\Roaming\AdobeUM 2008-03-24 11:52 174 --sha-w C:\Program Files\desktop.ini 2008-03-11 18:25 32,390 ----a-w C:\Windows\king-uninstall.exe 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2007-12-28 12:59 342,528 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys 2007-12-28 12:58 289,280 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys 2007-12-28 12:58 289,280 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys 2007-11-27 15:53 63,488 ----a-w C:\Windows\inf\WG111v3\SetDrv64.exe 2007-11-27 15:52 32,768 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe 2007-11-09 18:19 0 ----a-w C:\Users\MARIE-PIERRE\AppData\Roaming\wklnhst.dat 2007-04-23 11:15 31,016 ----a-w C:\Windows\inf\WG111v3\Vista64\RtlProt.sys 2007-04-23 08:50 25,896 ----a-w C:\Windows\inf\WG111v3\Vista\RtlProt.sys 2007-04-19 19:22 75,264 ----a-w C:\Windows\inf\WG111v3\Vista64\rtkbind.exe 2007-04-19 19:22 74,752 ----a-w C:\Windows\inf\WG111v3\Vista\rtkbind.exe 2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe 2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe 2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe 2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe 2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE 2007-11-07 17:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-07 17:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-07 17:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-06-02_11.46.44.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 09:41:58 67,584 ----a-w C:\Windows\bootstat.dat + 2008-06-02 14:09:59 67,584 ----a-w C:\Windows\bootstat.dat - 2008-06-02 08:35:23 86,016 ----a-w C:\Windows\inf\infpub.dat + 2008-06-02 11:38:50 86,016 ----a-w C:\Windows\inf\infpub.dat - 2008-06-02 08:35:22 143,360 ----a-w C:\Windows\inf\infstor.dat + 2008-06-02 11:38:46 143,360 ----a-w C:\Windows\inf\infstor.dat - 2008-06-02 08:35:22 143,360 ----a-w C:\Windows\inf\infstrng.dat + 2008-06-02 11:38:50 143,360 ----a-w C:\Windows\inf\infstrng.dat - 2008-06-02 08:35:05 10,134 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\ARPPRODUCTICON.exe + 2008-06-02 11:38:33 10,134 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\ARPPRODUCTICON.exe - 2008-06-02 08:35:05 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe + 2008-06-02 11:38:33 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe - 2008-06-02 08:35:05 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut2_5396FBD88BD747F992AEF62F13D5A11D.exe + 2008-06-02 11:38:33 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut2_5396FBD88BD747F992AEF62F13D5A11D.exe - 2008-06-02 08:35:05 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe + 2008-06-02 11:38:33 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe - 2008-06-02 08:35:05 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut5_5396FBD88BD747F992AEF62F13D5A11D_1.exe + 2008-06-02 11:38:33 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut5_5396FBD88BD747F992AEF62F13D5A11D_1.exe - 2008-06-02 09:42:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-02 14:10:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-02 14:10:31 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-02 09:42:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-02 14:10:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-02 14:10:31 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-02 09:18:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-02 11:32:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-02 09:18:17 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-02 11:32:10 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-02 09:18:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-02 11:32:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-02 09:35:07 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-02 11:27:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-02 11:27:24 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-04-09 10:15:30 365,648 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-06-02 10:47:22 365,648 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2008-06-02 08:51:53 101,896 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-02 11:46:37 101,896 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-02 08:51:53 124,228 ----a-w C:\Windows\System32\perfc00C.dat + 2008-06-02 11:46:37 124,228 ----a-w C:\Windows\System32\perfc00C.dat - 2008-06-02 08:51:53 589,884 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-02 11:46:37 589,884 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-02 08:51:53 672,096 ----a-w C:\Windows\System32\perfh00C.dat + 2008-06-02 11:46:37 672,096 ----a-w C:\Windows\System32\perfh00C.dat - 2008-06-02 09:21:24 12,652 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1798114101-1895918123-1987534085-1000_UserData.bin + 2008-06-02 13:36:01 13,054 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1798114101-1895918123-1987534085-1000_UserData.bin - 2008-06-02 09:21:24 70,256 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-02 13:36:01 70,478 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-02 09:21:22 58,860 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-02 13:35:57 59,228 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "winfax32"="winfax32.dll" [2004-03-18 10:57 8704 C:\Windows\System32\winfax32.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2005-02-17 03:06 700416 C:\Windows\System32\RtHDVCpl.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-06-02 13:32 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2008-02-22 16:13:14 2506752] PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1798114101-1895918123-1987534085-1000] "EnableNotificationsRef"=dword:00000007 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess "{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess "{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess "{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine "{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia "{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect "{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service "{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician "{C2493304-0383-42E1-BE9C-7D943AE39108}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9D38C0C2-6429-4660-9D66-94E0E2ECFB88}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{BF2428E4-7ADA-44F6-BFEB-3A7C03F2F3D3}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{BB9C1719-2BED-4E7B-84AF-016463DF2C86}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{E5F714C3-B97B-4BD0-B288-C32B0D673128}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{CA3D261F-5164-49CB-9574-1BAD36EDD3B6}C:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:C:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent "UDP Query User{91E554E8-525F-4E21-A76B-124055AE77C8}C:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:C:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent "TCP Query User{0255FCEA-A262-462F-AA65-45071A4EA0BA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{B3072E8A-CCAC-43CB-AE18-EFAD29159719}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{25A60A1D-4A42-41A5-BED7-DE5C87E1C64C}D:\\emule\\emule.exe"= UDP:D:\emule\emule.exe:eMule "UDP Query User{72E0F3C9-A907-422F-92CB-9CAF654DB8C4}D:\\emule\\emule.exe"= TCP:D:\emule\emule.exe:eMule "TCP Query User{4ED9D2C4-1953-4F0D-97F3-B0EFC9EE898A}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows "UDP Query User{8691CDB8-52EB-4BBE-B52E-9097C5AC7FF2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows "TCP Query User{870A53CB-58C6-4209-AB4D-0DA8F9B641F5}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe "UDP Query User{5ADD4B5D-4424-48FA-B93B-C0983FF26609}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe "TCP Query User{CC3F39C4-113B-45C4-8FEB-B9C6BC4DCFB4}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe "UDP Query User{0E072DA0-A15D-48C6-B944-6CE4E08D9BFF}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22] R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 10:50] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04] R2 winfax32;Microsoft Fax API Support DLL;rundll32.exe C:\Windows\system32\winfax32.dll,ytib [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-12-28 14:58] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2007-12-09 13:41] S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 10:51] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 10:51] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 10:51] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 10:51] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 10:51] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 10:51] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 10:51] S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307864cd-8dd2-11dc-b708-001c252bf724}] \shell\AutoRun\command - J:\nideiect.com \shell\explore\Command - J:\nideiect.com \shell\open\Command - J:\nideiect.com . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-01 12:56:13 C:\Windows\Tasks\User_Feed_Synchronization-{8C91362B-D7EF-426C-9096-9F0196925459}.job" - C:\Windows\system32\msfeedssync.exe "2008-06-02 14:05:00 C:\Windows\Tasks\User_Feed_Synchronization-{B21A7B61-7976-4FEF-A4CA-D052BB765820}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 16:10:39 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\System32\wbem\unsecapp.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-02 16:15:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 14:14:35 ComboFix2.txt 2008-06-02 10:11:19 ComboFix3.txt 2008-06-02 09:47:53 Pre-Run: 173,519,200,256 octets libres Post-Run: 173,478,240,256 octets libres 254 --- E O F --- 2008-05-30 06:03:42
  5. maps
    Pour la manip des disques et desifector: Je n'ai aucun des fichiers nommés. En ce qui concerne desinfictor: à la fin il me met une belle fenetre avec Done!! je clique sur OK et plus rien, aucun rapport. Donc je ne peux pas poster de rapport.
  6. maps
    J'essaye cependant de faire la manip avec desinfector. A tout de suite.
  7. maps
    Merci de me répondre, malheureusement je n'ai plus internet sur l'ordi infecté, le virus m'a désactivé ma clé wifi. Y aurait il une autre solution. J'essaye actuellement de faire un rapport Hijackthis mais j'ai l'impression que l'ordi le refuse, ça rame;
  8. maps
    Bonjour, Je suis infectée, pas moi mon ordi par le virus baggle. Ce qui m'a bloqué mon antivirus et impossibilité d'aller sur internet car il m'a désactivée aussi ma clé wifi netgear. J'ai executé un combo fix dont voici le rapport: ComboFix 08-06-01.6 - MARIE-PIERRE 2008-06-02 12:00:03.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1363 [GMT 2:00] Endroit: C:\Users\MARIE-PIERRE\Desktop\Comb-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\downld . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))))))) . 2008-06-02 12:06 . 2008-06-02 12:06 <REP> d-------- C:\Windows\System32\drivers\downld 2008-06-02 11:59 . 2008-06-02 11:59 <REP> d-------- C:\327882R2FWJFW 2008-06-02 11:56 . <REP> C:\Windows\LastGood.Tmp 2008-06-02 11:56 . 2008-06-02 11:56 <REP> d-------- C:\OEMSettings 2008-06-02 11:17 . 2008-06-02 11:17 <REP> d-------- C:\Program Files\Alwil Software 2008-06-02 11:17 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-06-02 10:35 . 2007-12-28 14:58 289,280 --a------ C:\Windows\System32\drivers\wg111v3.sys 2008-06-02 08:32 . 2005-02-17 03:06 700,416 --a------ C:\Windows\System32\RtHDVCpl.exe 2008-05-31 11:26 . 2008-05-31 11:26 <REP> d-------- C:\Users\MARIE-PIERRE\AppData\Roaming\PhotoFrameShow 2008-05-31 11:26 . 2008-05-31 11:37 <REP> d-------- C:\Program Files\FrameShow 2008-05-28 09:20 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 09:20 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-05 11:59 . 2008-05-05 11:59 <REP> d-------- C:\Users\FRANCIS\AppData\Roaming\GigaTribe 2008-05-03 16:24 . 2008-05-03 16:24 <REP> d-------- C:\Users\MARIE-PIERRE\TaoUSign 2008-05-02 07:07 . 2008-05-02 07:07 <REP> d-------- C:\Program Files\IDT 2008-05-02 07:07 . 2007-09-05 21:24 1,900,544 --a------ C:\Windows\System32\stlang.dll 2008-05-02 07:07 . 2007-09-05 21:25 204,800 --a------ C:\Windows\System32\stacsv.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 10:05 33,660 ----a-w C:\Windows\system32\drivers\stwrte.log 2008-06-02 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 06:04 --------- d-----w C:\ProgramData\eMule 2008-05-26 14:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 07:37 --------- d-----w C:\Program Files\Windows Mail 2008-04-24 11:58 --------- d-----w C:\Users\FRANCIS\AppData\Roaming\AdobeUM 2008-03-24 11:52 174 --sha-w C:\Program Files\desktop.ini 2008-03-11 18:25 32,390 ----a-w C:\Windows\king-uninstall.exe 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2007-12-28 12:59 342,528 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys 2007-12-28 12:58 289,280 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys 2007-12-28 12:58 289,280 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys 2007-11-27 15:53 63,488 ----a-w C:\Windows\inf\WG111v3\SetDrv64.exe 2007-11-27 15:52 32,768 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe 2007-11-09 18:19 0 ----a-w C:\Users\MARIE-PIERRE\AppData\Roaming\wklnhst.dat 2007-04-23 11:15 31,016 ----a-w C:\Windows\inf\WG111v3\Vista64\RtlProt.sys 2007-04-23 08:50 25,896 ----a-w C:\Windows\inf\WG111v3\Vista\RtlProt.sys 2007-04-19 19:22 75,264 ----a-w C:\Windows\inf\WG111v3\Vista64\rtkbind.exe 2007-04-19 19:22 74,752 ----a-w C:\Windows\inf\WG111v3\Vista\rtkbind.exe 2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe 2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe 2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe 2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe 2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE 2007-11-07 17:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-07 17:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-07 17:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-06-02_11.46.44.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 09:41:58 67,584 ----a-w C:\Windows\bootstat.dat + 2008-06-02 10:05:28 67,584 ----a-w C:\Windows\bootstat.dat - 2008-06-02 08:35:23 86,016 ----a-w C:\Windows\inf\infpub.dat + 2008-06-02 09:56:27 86,016 ----a-w C:\Windows\inf\infpub.dat - 2008-06-02 08:35:22 143,360 ----a-w C:\Windows\inf\infstor.dat + 2008-06-02 09:56:24 143,360 ----a-w C:\Windows\inf\infstor.dat - 2008-06-02 08:35:22 143,360 ----a-w C:\Windows\inf\infstrng.dat + 2008-06-02 09:56:27 143,360 ----a-w C:\Windows\inf\infstrng.dat - 2008-06-02 08:35:05 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe + 2008-06-02 09:56:12 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe - 2008-06-02 08:35:05 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe + 2008-06-02 09:56:12 45,056 ----a-r C:\Windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe - 2008-06-02 09:42:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-02 10:05:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-02 10:05:54 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-02 09:42:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-02 10:05:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-02 10:05:54 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-02 09:21:24 12,652 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1798114101-1895918123-1987534085-1000_UserData.bin + 2008-06-02 09:54:03 12,914 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1798114101-1895918123-1987534085-1000_UserData.bin - 2008-06-02 09:21:24 70,256 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-02 09:54:03 70,358 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-02 09:21:22 58,860 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-02 09:54:01 58,860 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "winfax32"="winfax32.dll" [2004-03-18 10:57 8704 C:\Windows\System32\winfax32.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2005-02-17 03:06 700416 C:\Windows\System32\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2008-02-22 16:13:14 2506752] PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1798114101-1895918123-1987534085-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess "{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess "{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess "{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine "{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia "{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect "{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service "{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician "{C2493304-0383-42E1-BE9C-7D943AE39108}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9D38C0C2-6429-4660-9D66-94E0E2ECFB88}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{BF2428E4-7ADA-44F6-BFEB-3A7C03F2F3D3}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{BB9C1719-2BED-4E7B-84AF-016463DF2C86}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{E5F714C3-B97B-4BD0-B288-C32B0D673128}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{CA3D261F-5164-49CB-9574-1BAD36EDD3B6}C:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= UDP:C:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent "UDP Query User{91E554E8-525F-4E21-A76B-124055AE77C8}C:\\program files\\philips\\intelligent agent\\philips intelligent agent.exe"= TCP:C:\program files\philips\intelligent agent\philips intelligent agent.exe:Philips Intelligent Agent "TCP Query User{0255FCEA-A262-462F-AA65-45071A4EA0BA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{B3072E8A-CCAC-43CB-AE18-EFAD29159719}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{25A60A1D-4A42-41A5-BED7-DE5C87E1C64C}D:\\emule\\emule.exe"= UDP:D:\emule\emule.exe:eMule "UDP Query User{72E0F3C9-A907-422F-92CB-9CAF654DB8C4}D:\\emule\\emule.exe"= TCP:D:\emule\emule.exe:eMule "TCP Query User{4ED9D2C4-1953-4F0D-97F3-B0EFC9EE898A}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows "UDP Query User{8691CDB8-52EB-4BBE-B52E-9097C5AC7FF2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows "TCP Query User{870A53CB-58C6-4209-AB4D-0DA8F9B641F5}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe "UDP Query User{5ADD4B5D-4424-48FA-B93B-C0983FF26609}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe "TCP Query User{CC3F39C4-113B-45C4-8FEB-B9C6BC4DCFB4}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe "UDP Query User{0E072DA0-A15D-48C6-B944-6CE4E08D9BFF}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22] R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 10:50] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04] R2 winfax32;Microsoft Fax API Support DLL;rundll32.exe C:\Windows\system32\winfax32.dll,ytib [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-12-28 14:58] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2007-12-09 13:41] S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 10:51] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 10:51] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 10:51] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 10:51] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 10:51] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 10:51] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 10:51] S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307864cd-8dd2-11dc-b708-001c252bf724}] \shell\AutoRun\command - J:\nideiect.com \shell\explore\Command - J:\nideiect.com \shell\open\Command - J:\nideiect.com . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-01 12:56:13 C:\Windows\Tasks\User_Feed_Synchronization-{8C91362B-D7EF-426C-9096-9F0196925459}.job" - C:\Windows\system32\msfeedssync.exe "2008-06-02 10:10:00 C:\Windows\Tasks\User_Feed_Synchronization-{B21A7B61-7976-4FEF-A4CA-D052BB765820}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 12:06:06 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\wbem\unsecapp.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-02 12:11:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 10:10:54 ComboFix2.txt 2008-06-02 09:47:53 Pre-Run: 167,998,967,808 octets libres Post-Run: 167,541,243,904 octets libres 224 --- E O F --- 2008-05-30 06:03:42 Je suis sous VISTA. Merci par avance à ceux qui pourront m'aider. Je squatte actuellement l'ordi de ma fille et je pense pas qu'elle va apprécier que je garde trop longtemps. Si il y a d'autres manip à faire, je suis toute ouîe. Merci encore.
×
×
  • Créer...