Aller au contenu

bastos93

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    17

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais, anglais

bastos93's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. bastos93
    Au fait, ma box est un THOMSON SpeedTouch ST706 WF ... On ne sait jamais ...
  2. bastos93
    Merci pour les tutos ! Je n'ai pas tout fait, j'avoue ne pas être sûr d'avoir bien utilisé zebprotect, je n'ai pas trouvé le tuto correspondant à ma box, j'ai un soucis avec Stripmyrights, dans la mesure où le test pour vérifier la sécu ne marche pas (aucun message quand j'enregistre une image sur c: ou dans le dossier windows, ça l'enregistre c'est tout). Autrement j'ai paramétré antivir et fait presque tout le reste mais j'ai une question : j'utilise ZoneAlarm, dois-je le désinstaller au profit de Keryo ou du Fire Wall de windows ? Est-ce que le fait d'installer Windefender qui est un logiciel résident ne va pas trop ralentir ma bécane ?
  3. bastos93
    volontier, je suis preneur !
  4. bastos93
    Après avoir suivi la manip' j'ai relancé un scan avec Malware et j'ai eu le droit à une "erreur system" avec écran bleu, redémarrage, puis "votre système a récupéré d'un erreur sérieuse". J'ose pas trop recommencer, c'est ma seule bécane et au final, je préfère qu'elle soit légèrement "vérolée" que sérieusement endommagée. A moins peut-être qu'il y est d'autres suggestions ... En tous les cas je vous suis très reconnaissant pour le temps consacré à m'aider, merci !
  5. bastos93
    Après plusieurs essais, j'ai malheureusement le même problème qu'avec l'autre logiciel, Malwarebyte's Anti-Malware bloque sur ce fichier : c:\System Volume Information\MountPointManagerRemoteDatabase La route est longue et semé d'embuches ... Dois-je continuer en lançant Antivir ou dois-je essayer de faire quelque chose ? Prier peut-être ?
  6. bastos93
    ça continue de bloquer ... désolé !
  7. bastos93
    ewido anti-spyware à l'air de bloquer sur un fichier : c:\System Volume Information\tracking.log
  8. bastos93
    Voici le nouveau rapport combofix, merci de votre patience ... Je m'attèle à la suite de la procédure : ComboFix 08-06-04.5 - bob 2008-06-08 14:13:55.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1669 [GMT 2:00] Endroit: C:\Documents and Settings\bob\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\bob\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\Internet Logs\xDB3C.tmp C:\WINDOWS\Internet Logs\xDB3D.tmp C:\WINDOWS\Internet Logs\xDB3E.tmp C:\WINDOWS\Internet Logs\xDB3F.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\abqtarch C:\WINDOWS\Internet Logs\xDB3C.tmp C:\WINDOWS\Internet Logs\xDB3D.tmp C:\WINDOWS\Internet Logs\xDB3E.tmp C:\WINDOWS\Internet Logs\xDB3F.tmp . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))))))) . 2008-06-07 17:55 . 2008-06-07 17:55 <REP> d-------- C:\Program Files\Trend Micro 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Program Files\Avira 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-04 14:15 . 2008-06-04 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb 2008-06-01 21:42 . 2008-06-01 23:19 <REP> d-------- C:\Program Files\Bases 2008-06-01 18:17 . 2008-06-05 14:02 <REP> d-------- C:\Program Files\Frozen-Bubble 2008-06-01 17:29 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-06-01 17:28 . 2008-06-02 20:57 <REP> d-------- C:\Program Files\Postal2STP 2008-05-31 11:29 . 2008-05-31 11:29 <REP> d-------- C:\Documents and Settings\bob\Application Data\ItsLabel 2008-05-30 12:52 . 2008-06-07 20:36 <REP> d-------- C:\Program Files\Steam 2008-05-18 00:20 . 2008-06-08 00:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 00:20 . 2008-05-18 00:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-14 13:00 . 2008-05-14 13:00 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-05-14 12:59 . 2008-05-14 12:59 22,328 --a------ C:\Documents and Settings\bob\Application Data\PnkBstrK.sys 2008-05-14 12:58 . 2008-05-14 12:58 319 --a------ C:\WINDOWS\game.ini 2008-05-14 12:54 . 2008-05-14 12:54 <REP> d-------- C:\Program Files\Activision 2008-05-09 02:59 . 2008-05-09 02:59 <REP> d-------- C:\Program Files\UnH Solutions 2008-05-09 02:55 . 2008-05-09 02:55 <REP> d-------- C:\Program Files\FLV Player . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-08 12:19 57,217,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-08 12:16 674,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-08 12:10 --------- d-----w C:\Documents and Settings\bob\Application Data\OpenOffice.org2 2008-06-08 09:14 1,901,056 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2008-06-07 18:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-07 18:07 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-07 15:38 5,325,816 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-01 21:19 861,432 ----a-w C:\Program Files\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.bak 2008-06-01 21:19 492 ----a-w C:\Program Files\Spell.cfg 2008-06-01 21:19 145 ----a-w C:\Program Files\DicUtilisateur.adu 2008-05-29 10:24 --------- d-----w C:\Documents and Settings\bob\Application Data\gtk-2.0 2008-05-14 11:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-14 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-07 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-05 18:36 --------- d-----w C:\Program Files\MSXML 4.0 2008-05-05 15:03 --------- d-----w C:\Documents and Settings\bob\Application Data\DivX 2008-05-04 21:47 --------- d-----w C:\Program Files\DivX 2008-05-04 21:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-04 21:45 --------- d-----w C:\Program Files\Any Video Converter Professional 2008-05-04 21:44 --------- d-----w C:\Documents and Settings\bob\Application Data\Any Video Converter Professional 2008-05-04 21:38 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-04 20:09 --------- d-----w C:\Program Files\KaraFun 2008-05-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio 2008-05-04 14:29 --------- d-----w C:\Program Files\7-Zip 2008-05-04 14:15 --------- d-----w C:\Program Files\Microsoft Games 2008-05-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-05-03 17:36 --------- d-----w C:\Documents and Settings\bob\Application Data\Free Download Manager 2008-05-02 11:47 --------- d-----w C:\Program Files\Carte Blanche 2008-04-29 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-29 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-04-28 22:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-28 00:51 --------- d-----w C:\Program Files\HD Tune 2008-04-26 17:54 --------- d-----w C:\Program Files\Lucasarts Collection 2008-04-26 17:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-04-25 17:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-04-24 23:08 --------- d-----w C:\Program Files\Rockstar Games 2008-04-22 14:13 --------- d-----w C:\Program Files\Kraken 2008-04-22 13:24 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 13:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-22 13:20 --------- d-----w C:\Documents and Settings\bob\Application Data\DAEMON Tools 2008-04-22 13:00 --------- d-----w C:\Program Files\DOSBox-0.72 2008-04-21 15:55 --------- d-----w C:\Program Files\AXEL 2008-04-21 15:38 --------- d-----w C:\Program Files\Aide mémoire 2008-04-21 13:57 --------- d-----w C:\Program Files\Real Alternative 2008-04-16 11:08 --------- d-----w C:\Program Files\Investintech.com Inc 2008-04-09 12:17 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL 2008-04-09 12:17 28,672 ----a-w C:\WINDOWS\system32\HLP95EN.DLL 2008-04-09 12:17 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL 2008-04-09 12:17 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL 2008-04-09 12:17 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL 2008-04-09 12:17 1,123,600 ----a-w C:\WINDOWS\system32\FM20.DLL 2008-04-09 12:17 --------- d-----w C:\Program Files\ActiveX Control Pad 2008-04-09 11:58 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-04-09 10:32 --------- d-----w C:\Program Files\a-squared Free 2008-04-09 08:39 --------- d-----w C:\Program Files\AxBx 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2007-12-03 12:42 17,633,792 ----a-w C:\Program Files\ProfNote.exe 2007-12-03 12:40 3,813,376 ----a-w C:\Program Files\NOTE2007FR.dll 2007-11-09 14:08 427,287 ----a-w C:\Program Files\spanish.adm 2007-11-09 14:08 424,833 ----a-w C:\Program Files\italian.adm 2007-11-09 14:08 362,620 ----a-w C:\Program Files\DicProNote.adu 2007-11-09 14:08 322,000 ----a-w C:\Program Files\French.adm 2007-11-09 14:08 320,743 ----a-w C:\Program Files\british.adm 2007-11-09 14:08 23 ----a-w C:\Program Files\Config.lng 2007-11-09 14:02 614,672 ----a-w C:\Program Files\oleaut32.dll 2007-11-09 13:59 443,864 ----a-w C:\Program Files\AidePF2007.chm 2007-11-09 13:59 39,941 ----a-w C:\Program Files\CONTRAT DE LICENCE INDEX EDUCATION ProfNOTE.rtf 2007-04-06 15:46 4,037,888 ----a-w C:\Program Files\Foxit_Reader.exe 2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-04_14.47.28,56 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-04 12:40:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-08 12:17:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys - 2008-06-04 12:43:22 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe + 2008-06-08 12:19:44 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "MSACM.MSNAUDIO"= msnaudio.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^bob^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 11:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-06-28 22:29 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"= "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 04:44] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-04 12:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-08 14:19:12 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\No-IP\DUC20.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-08 14:25:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-08 12:25:14 ComboFix2.txt 2008-06-07 17:16:50 ComboFix3.txt 2008-06-07 15:45:52 ComboFix4.txt 2008-06-05 11:29:28 ComboFix5.txt 2008-06-04 12:47:47 Pre-Run: 148,443,021,312 octets libres Post-Run: 148,423,880,704 octets libres 253 --- E O F --- 2008-05-28 13:35:37
  9. bastos93
    Hop j'ai jeté le dossier emule à la corbeille ! Et voilà le rapport combofix : ComboFix 08-06-04.5 - bob 2008-06-07 19:05:29.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1637 [GMT 2:00] Endroit: C:\Documents and Settings\bob\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\bob\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_28_02_21_28_small.dmp.zip C:\WINDOWS\Internet Logs\xDB40.tmp C:\WINDOWS\Internet Logs\xDB41.tmp C:\WINDOWS\Internet Logs\xDB42.tmp C:\WINDOWS\Internet Logs\xDB43.tmp C:\WINDOWS\Internet Logs\xDB44.tmp C:\WINDOWS\Internet Logs\xDB45.tmp C:\WINDOWS\Internet Logs\xDB46.tmp C:\WINDOWS\Internet Logs\xDB47.tmp C:\WINDOWS\Internet Logs\xDB48.tmp C:\WINDOWS\Internet Logs\xDB49.tmp C:\WINDOWS\Internet Logs\xDB4A.tmp C:\WINDOWS\Internet Logs\xDB4B.tmp C:\WINDOWS\Internet Logs\xDB4C.tmp C:\WINDOWS\Internet Logs\xDB4D.tmp C:\WINDOWS\Internet Logs\xDB4E.tmp C:\WINDOWS\Internet Logs\xDB4F.tmp C:\WINDOWS\Internet Logs\xDB50.tmp C:\WINDOWS\Internet Logs\xDB51.tmp C:\WINDOWS\Internet Logs\xDB52.tmp C:\WINDOWS\Internet Logs\xDB53.tmp C:\WINDOWS\Internet Logs\xDB54.tmp C:\WINDOWS\Internet Logs\xDB55.tmp C:\WINDOWS\Internet Logs\xDB56.tmp C:\WINDOWS\Internet Logs\xDB57.tmp C:\WINDOWS\Internet Logs\xDB58.tmp C:\WINDOWS\Internet Logs\xDB59.tmp C:\WINDOWS\Internet Logs\xDB5A.tmp C:\WINDOWS\Internet Logs\xDB5B.tmp C:\WINDOWS\Internet Logs\xDB5C.tmp C:\WINDOWS\Internet Logs\xDB5D.tmp C:\WINDOWS\Internet Logs\xDB5E.tmp C:\WINDOWS\Internet Logs\xDB5F.tmp C:\WINDOWS\Internet Logs\xDB60.tmp C:\WINDOWS\Internet Logs\xDB61.tmp C:\WINDOWS\Internet Logs\xDB62.tmp C:\WINDOWS\Internet Logs\xDB63.tmp C:\WINDOWS\Internet Logs\xDB64.tmp C:\WINDOWS\Internet Logs\xDB65.tmp C:\WINDOWS\Internet Logs\xDB66.tmp C:\WINDOWS\Internet Logs\xDB67.tmp C:\WINDOWS\Internet Logs\xDB68.tmp C:\WINDOWS\Internet Logs\xDB69.tmp C:\WINDOWS\Internet Logs\xDB6A.tmp C:\WINDOWS\Internet Logs\xDB6B.tmp C:\WINDOWS\Internet Logs\xDB6C.tmp C:\WINDOWS\Internet Logs\xDB6D.tmp C:\WINDOWS\Internet Logs\xDB6E.tmp C:\WINDOWS\Internet Logs\xDB6F.tmp C:\WINDOWS\Internet Logs\xDB70.tmp C:\WINDOWS\Internet Logs\xDB71.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_28_02_21_28_small.dmp.zip C:\WINDOWS\Internet Logs\xDB40.tmp C:\WINDOWS\Internet Logs\xDB41.tmp C:\WINDOWS\Internet Logs\xDB42.tmp C:\WINDOWS\Internet Logs\xDB43.tmp C:\WINDOWS\Internet Logs\xDB44.tmp C:\WINDOWS\Internet Logs\xDB45.tmp C:\WINDOWS\Internet Logs\xDB46.tmp C:\WINDOWS\Internet Logs\xDB47.tmp C:\WINDOWS\Internet Logs\xDB48.tmp C:\WINDOWS\Internet Logs\xDB49.tmp C:\WINDOWS\Internet Logs\xDB4A.tmp C:\WINDOWS\Internet Logs\xDB4B.tmp C:\WINDOWS\Internet Logs\xDB4C.tmp C:\WINDOWS\Internet Logs\xDB4D.tmp C:\WINDOWS\Internet Logs\xDB4E.tmp C:\WINDOWS\Internet Logs\xDB4F.tmp C:\WINDOWS\Internet Logs\xDB50.tmp C:\WINDOWS\Internet Logs\xDB51.tmp C:\WINDOWS\Internet Logs\xDB52.tmp C:\WINDOWS\Internet Logs\xDB53.tmp C:\WINDOWS\Internet Logs\xDB54.tmp C:\WINDOWS\Internet Logs\xDB55.tmp C:\WINDOWS\Internet Logs\xDB56.tmp C:\WINDOWS\Internet Logs\xDB57.tmp C:\WINDOWS\Internet Logs\xDB58.tmp C:\WINDOWS\Internet Logs\xDB59.tmp C:\WINDOWS\Internet Logs\xDB5A.tmp C:\WINDOWS\Internet Logs\xDB5B.tmp C:\WINDOWS\Internet Logs\xDB5C.tmp C:\WINDOWS\Internet Logs\xDB5D.tmp C:\WINDOWS\Internet Logs\xDB5E.tmp C:\WINDOWS\Internet Logs\xDB5F.tmp C:\WINDOWS\Internet Logs\xDB60.tmp C:\WINDOWS\Internet Logs\xDB61.tmp C:\WINDOWS\Internet Logs\xDB62.tmp C:\WINDOWS\Internet Logs\xDB63.tmp C:\WINDOWS\Internet Logs\xDB64.tmp C:\WINDOWS\Internet Logs\xDB65.tmp C:\WINDOWS\Internet Logs\xDB66.tmp C:\WINDOWS\Internet Logs\xDB67.tmp C:\WINDOWS\Internet Logs\xDB68.tmp C:\WINDOWS\Internet Logs\xDB69.tmp C:\WINDOWS\Internet Logs\xDB6A.tmp C:\WINDOWS\Internet Logs\xDB6B.tmp C:\WINDOWS\Internet Logs\xDB6C.tmp C:\WINDOWS\Internet Logs\xDB6D.tmp C:\WINDOWS\Internet Logs\xDB6E.tmp C:\WINDOWS\Internet Logs\xDB6F.tmp C:\WINDOWS\Internet Logs\xDB70.tmp C:\WINDOWS\Internet Logs\xDB71.tmp . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))))))) . 2008-06-07 17:55 . 2008-06-07 17:55 <REP> d-------- C:\Program Files\Trend Micro 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Program Files\Avira 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-04 14:15 . 2008-06-04 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb 2008-06-01 21:42 . 2008-06-01 23:19 <REP> d-------- C:\Program Files\Bases 2008-06-01 18:17 . 2008-06-05 14:02 <REP> d-------- C:\Program Files\Frozen-Bubble 2008-06-01 17:29 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-06-01 17:28 . 2008-06-02 20:57 <REP> d-------- C:\Program Files\Postal2STP 2008-05-31 11:29 . 2008-05-31 11:29 <REP> d-------- C:\Documents and Settings\bob\Application Data\ItsLabel 2008-05-30 12:52 . 2008-06-03 19:13 <REP> d-------- C:\Program Files\Steam 2008-05-18 00:20 . 2008-06-04 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 00:20 . 2008-05-18 00:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-14 13:00 . 2008-05-14 13:00 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-05-14 12:59 . 2008-05-14 12:59 22,328 --a------ C:\Documents and Settings\bob\Application Data\PnkBstrK.sys 2008-05-14 12:58 . 2008-05-14 12:58 319 --a------ C:\WINDOWS\game.ini 2008-05-14 12:54 . 2008-05-14 12:54 <REP> d-------- C:\Program Files\Activision 2008-05-09 02:59 . 2008-05-09 02:59 <REP> d-------- C:\Program Files\UnH Solutions 2008-05-09 02:55 . 2008-05-09 02:55 <REP> d-------- C:\Program Files\FLV Player 2008-05-07 12:58 . 2008-05-07 12:58 <REP> d-------- C:\WINDOWS\Downloaded Installations . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 17:12 57,081,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-07 17:08 673,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-07 15:38 5,325,816 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-07 09:00 --------- d-----w C:\Documents and Settings\bob\Application Data\OpenOffice.org2 2008-06-01 21:19 861,432 ----a-w C:\Program Files\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.bak 2008-06-01 21:19 492 ----a-w C:\Program Files\Spell.cfg 2008-06-01 21:19 145 ----a-w C:\Program Files\DicUtilisateur.adu 2008-06-01 09:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-29 10:24 --------- d-----w C:\Documents and Settings\bob\Application Data\gtk-2.0 2008-05-14 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-07 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-05 18:36 --------- d-----w C:\Program Files\MSXML 4.0 2008-05-05 15:03 --------- d-----w C:\Documents and Settings\bob\Application Data\DivX 2008-05-04 21:47 --------- d-----w C:\Program Files\DivX 2008-05-04 21:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-04 21:45 --------- d-----w C:\Program Files\Any Video Converter Professional 2008-05-04 21:44 --------- d-----w C:\Documents and Settings\bob\Application Data\Any Video Converter Professional 2008-05-04 21:38 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-04 20:09 --------- d-----w C:\Program Files\KaraFun 2008-05-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio 2008-05-04 14:29 --------- d-----w C:\Program Files\7-Zip 2008-05-04 14:15 --------- d-----w C:\Program Files\Microsoft Games 2008-05-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-05-03 17:36 --------- d-----w C:\Documents and Settings\bob\Application Data\Free Download Manager 2008-05-02 11:47 --------- d-----w C:\Program Files\Carte Blanche 2008-04-29 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-29 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-04-28 22:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-28 00:51 --------- d-----w C:\Program Files\HD Tune 2008-04-26 17:54 --------- d-----w C:\Program Files\Lucasarts Collection 2008-04-26 17:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-04-25 17:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-04-24 23:08 --------- d-----w C:\Program Files\Rockstar Games 2008-04-22 14:13 --------- d-----w C:\Program Files\Kraken 2008-04-22 13:24 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 13:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-22 13:20 --------- d-----w C:\Documents and Settings\bob\Application Data\DAEMON Tools 2008-04-22 13:00 --------- d-----w C:\Program Files\DOSBox-0.72 2008-04-21 15:55 --------- d-----w C:\Program Files\AXEL 2008-04-21 15:38 --------- d-----w C:\Program Files\Aide mémoire 2008-04-21 13:57 --------- d-----w C:\Program Files\Real Alternative 2008-04-16 11:08 --------- d-----w C:\Program Files\Investintech.com Inc 2008-04-09 12:17 --------- d-----w C:\Program Files\ActiveX Control Pad 2008-04-09 11:58 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-04-09 10:32 --------- d-----w C:\Program Files\a-squared Free 2008-04-09 08:39 --------- d-----w C:\Program Files\AxBx 2008-04-09 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abqtarch 2008-03-08 19:44 913,408 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp 2008-03-08 19:44 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp 2008-03-08 11:31 417,792 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp 2008-03-08 11:31 1,341,952 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp 2007-12-03 12:42 17,633,792 ----a-w C:\Program Files\ProfNote.exe 2007-12-03 12:40 3,813,376 ----a-w C:\Program Files\NOTE2007FR.dll 2007-11-09 14:08 427,287 ----a-w C:\Program Files\spanish.adm 2007-11-09 14:08 424,833 ----a-w C:\Program Files\italian.adm 2007-11-09 14:08 362,620 ----a-w C:\Program Files\DicProNote.adu 2007-11-09 14:08 322,000 ----a-w C:\Program Files\French.adm 2007-11-09 14:08 320,743 ----a-w C:\Program Files\british.adm 2007-11-09 14:08 23 ----a-w C:\Program Files\Config.lng 2007-11-09 14:02 614,672 ----a-w C:\Program Files\oleaut32.dll 2007-11-09 13:59 443,864 ----a-w C:\Program Files\AidePF2007.chm 2007-11-09 13:59 39,941 ----a-w C:\Program Files\CONTRAT DE LICENCE INDEX EDUCATION ProfNOTE.rtf 2007-04-06 15:46 4,037,888 ----a-w C:\Program Files\Foxit_Reader.exe 2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Documents and Settings\All Users\Application Data\abqtarch ---- ((((((((((((((((((((((((((((( snapshot@2008-06-04_14.47.28,56 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-04 12:40:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-07 17:09:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "MSACM.MSNAUDIO"= msnaudio.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^bob^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 11:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-06-28 22:29 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"= "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 04:44] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-04 12:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 19:10:42 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\No-IP\DUC20.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-07 19:16:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-07 17:16:46 ComboFix2.txt 2008-06-07 15:45:52 ComboFix3.txt 2008-06-05 11:29:28 ComboFix4.txt 2008-06-04 12:47:47 ComboFix5.txt 2008-03-07 23:19:39 Pre-Run: 149,520,322,560 octets libres Post-Run: 149,499,916,288 octets libres 320 --- E O F --- 2008-05-28 13:35:37 Et le nouveau rapport Hijackthis pour la route : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:21, on 2008-06-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: WiFi Station.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197141249796 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7087 bytes
  10. bastos93
    heu à vrai dire j'ai bien désinstallé à partir du menu démarrer en cliquant sur l'icône de désinstallation emule je ne savais pas qu'il en resterait une trace dans un dossier !!
  11. bastos93
    rapport combofix après le cfscript : ComboFix 08-06-04.5 - bob 2008-06-07 17:33:55.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1618 [GMT 2:00] Endroit: C:\Documents and Settings\bob\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\bob\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Documents and Settings\All Users\Application Data\abqtarch . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\bob\Application Data\EoRezo C:\Documents and Settings\bob\Application Data\EoRezo\cmhost.cyp C:\Documents and Settings\bob\Application Data\EoRezo\ConfMedia.cyp C:\Documents and Settings\bob\Application Data\EoRezo\db\cat.cyp C:\Documents and Settings\bob\Application Data\EoRezo\eoDesktop\config.xml C:\Documents and Settings\bob\Application Data\EoRezo\eoDesktop\eoDesktop.html C:\Documents and Settings\bob\Application Data\EoRezo\eoDesktop\userConfig.xml C:\Documents and Settings\bob\Application Data\EoRezo\host.cyp C:\Documents and Settings\bob\Application Data\EoRezo\user.cyp C:\Program Files\EoRezo C:\Program Files\EoRezo\EoAdv\eoAdv.url C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6459 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))))))) . 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Program Files\Avira 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-04 14:15 . 2008-06-04 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb 2008-06-01 21:42 . 2008-06-01 23:19 <REP> d-------- C:\Program Files\Bases 2008-06-01 18:17 . 2008-06-05 14:02 <REP> d-------- C:\Program Files\Frozen-Bubble 2008-06-01 17:29 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-06-01 17:28 . 2008-06-02 20:57 <REP> d-------- C:\Program Files\Postal2STP 2008-05-31 11:29 . 2008-05-31 11:29 <REP> d-------- C:\Documents and Settings\bob\Application Data\ItsLabel 2008-05-30 12:52 . 2008-06-03 19:13 <REP> d-------- C:\Program Files\Steam 2008-05-18 00:20 . 2008-06-04 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 00:20 . 2008-05-18 00:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-14 13:00 . 2008-05-14 13:00 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-05-14 12:59 . 2008-05-14 12:59 22,328 --a------ C:\Documents and Settings\bob\Application Data\PnkBstrK.sys 2008-05-14 12:58 . 2008-05-14 12:58 319 --a------ C:\WINDOWS\game.ini 2008-05-14 12:54 . 2008-05-14 12:54 <REP> d-------- C:\Program Files\Activision 2008-05-09 02:59 . 2008-05-09 02:59 <REP> d-------- C:\Program Files\UnH Solutions 2008-05-09 02:55 . 2008-05-09 02:55 <REP> d-------- C:\Program Files\FLV Player 2008-05-07 12:58 . 2008-05-07 12:58 <REP> d-------- C:\WINDOWS\Downloaded Installations . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 15:41 57,030,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-07 15:38 5,325,816 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-07 15:37 672,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-07 09:00 --------- d-----w C:\Documents and Settings\bob\Application Data\OpenOffice.org2 2008-06-06 17:33 --------- d-----w C:\Program Files\eMule 2008-06-04 12:02 2,643,968 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp 2008-06-01 21:19 861,432 ----a-w C:\Program Files\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.bak 2008-06-01 21:19 492 ----a-w C:\Program Files\Spell.cfg 2008-06-01 21:19 145 ----a-w C:\Program Files\DicUtilisateur.adu 2008-06-01 09:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-29 10:24 --------- d-----w C:\Documents and Settings\bob\Application Data\gtk-2.0 2008-05-25 17:43 740,352 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp 2008-05-25 17:43 1,744,896 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp 2008-05-24 11:13 2,699,264 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp 2008-05-24 11:13 1,740,800 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp 2008-05-17 14:23 1,738,752 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp 2008-05-14 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-07 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-05 18:36 --------- d-----w C:\Program Files\MSXML 4.0 2008-05-05 15:03 --------- d-----w C:\Documents and Settings\bob\Application Data\DivX 2008-05-04 21:47 --------- d-----w C:\Program Files\DivX 2008-05-04 21:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-04 21:45 --------- d-----w C:\Program Files\Any Video Converter Professional 2008-05-04 21:44 --------- d-----w C:\Documents and Settings\bob\Application Data\Any Video Converter Professional 2008-05-04 21:38 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-04 21:19 1,679,360 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp 2008-05-04 20:09 --------- d-----w C:\Program Files\KaraFun 2008-05-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio 2008-05-04 14:29 2,423,808 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp 2008-05-04 14:29 --------- d-----w C:\Program Files\7-Zip 2008-05-04 14:15 --------- d-----w C:\Program Files\Microsoft Games 2008-05-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-05-03 17:36 --------- d-----w C:\Documents and Settings\bob\Application Data\Free Download Manager 2008-05-02 11:47 --------- d-----w C:\Program Files\Carte Blanche 2008-04-30 15:32 2,702,848 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp 2008-04-30 15:32 1,650,688 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp 2008-04-29 01:45 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp 2008-04-29 01:22 1,643,008 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp 2008-04-29 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-29 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-04-28 22:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-28 00:51 --------- d-----w C:\Program Files\HD Tune 2008-04-26 17:54 --------- d-----w C:\Program Files\Lucasarts Collection 2008-04-26 17:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-04-25 17:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-04-24 23:08 --------- d-----w C:\Program Files\Rockstar Games 2008-04-22 14:13 --------- d-----w C:\Program Files\Kraken 2008-04-22 13:24 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 13:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-22 13:20 --------- d-----w C:\Documents and Settings\bob\Application Data\DAEMON Tools 2008-04-22 13:00 --------- d-----w C:\Program Files\DOSBox-0.72 2008-04-21 18:26 1,574,912 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp 2008-04-21 15:55 --------- d-----w C:\Program Files\AXEL 2008-04-21 15:38 --------- d-----w C:\Program Files\Aide mémoire 2008-04-21 13:57 --------- d-----w C:\Program Files\Real Alternative 2008-04-21 10:33 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp 2008-04-21 10:33 1,551,360 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp 2008-04-21 10:26 94,720 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp 2008-04-21 10:26 1,551,360 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp 2008-04-21 10:20 99,328 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp 2008-04-21 10:20 1,551,360 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp 2008-04-21 10:14 248,320 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp 2008-04-21 09:57 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp 2008-04-21 09:57 1,048,576 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp 2008-04-20 09:39 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp 2008-04-20 09:39 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp 2008-04-20 08:36 499,712 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp 2008-04-20 08:36 1,549,312 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp 2008-04-19 14:35 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp 2008-04-19 14:35 1,546,752 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp 2008-04-19 14:17 2,648,576 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp 2008-04-16 11:08 --------- d-----w C:\Program Files\Investintech.com Inc 2008-04-13 07:49 2,633,216 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp 2008-04-09 12:17 --------- d-----w C:\Program Files\ActiveX Control Pad 2008-04-09 11:58 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-04-09 10:32 --------- d-----w C:\Program Files\a-squared Free 2008-04-09 08:39 --------- d-----w C:\Program Files\AxBx 2008-04-09 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abqtarch 2008-04-07 16:42 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp 2008-04-07 16:42 1,320,448 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp 2008-04-07 04:57 1,485,824 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp 2008-04-05 08:45 464,896 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp 2008-04-05 08:45 1,470,464 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp 2008-04-04 17:26 922,112 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp 2008-04-04 17:26 1,465,856 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp 2008-04-02 23:35 2,757,632 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-04-02 23:35 1,453,568 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp 2008-03-30 00:24 114,350 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_28_02_21_28_small.dmp.zip 2008-03-25 19:54 364,544 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp 2008-03-25 19:54 1,421,312 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp 2008-03-25 14:21 2,929,664 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp 2008-03-25 14:21 1,417,216 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp 2008-03-18 21:07 645,632 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp 2008-03-18 21:07 1,401,344 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp 2008-03-17 18:16 2,270,720 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp 2008-03-17 18:16 1,399,296 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp 2008-03-15 10:30 2,863,104 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp 2008-03-15 10:29 1,396,736 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp 2008-03-09 17:26 1,874,432 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Program Files\Bases ---- 2008-06-01 23:18 915884 --a------ C:\Program Files\Bases\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr 2008-06-01 23:12 910204 --a------ C:\Program Files\Bases\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.tmp 2008-06-01 22:53 892028 --a------ C:\Program Files\Bases\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.bak ((((((((((((((((((((((((((((( snapshot@2008-06-04_14.47.28,56 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-04 12:40:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-07 15:38:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys - 2008-06-04 12:43:22 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe + 2008-06-07 15:39:20 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKEXpn] rqRKEXpn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "MSACM.MSNAUDIO"= msnaudio.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^bob^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 11:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-06-28 22:29 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"= "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 04:44] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-04 12:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 17:39:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-07 17:45:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-07 15:45:48 ComboFix2.txt 2008-06-05 11:29:28 ComboFix3.txt 2008-06-04 12:47:47 ComboFix4.txt 2008-03-07 23:19:39 Pre-Run: 148,904,710,144 octets libres Post-Run: 148,908,134,400 octets libres 270 --- E O F --- 2008-05-28 13:35:37 Rapport hijckthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:55, on 2008-06-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: vnbptxlf - {2A800B4E-351C-4230-B792-D73A5EA9CB31} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: WiFi Station.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197141249796 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: rqRKEXpn - rqRKEXpn.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7367 bytes
  12. bastos93
    Voici à la suite le rapport que j'ai reçu sur virus total. Sinon pour le programme Carte Blanche c'est en fait un jeux de rôle de la société canadienne Absurdus. Fichier iun6002.exe reçu le 2008.06.06 03:23:47 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.5.30.1 2008.06.05 - AntiVir 7.8.0.26 2008.06.05 - Authentium 5.1.0.4 2008.06.05 - Avast 4.8.1195.0 2008.06.05 - AVG 7.5.0.516 2008.06.05 - BitDefender 7.2 2008.06.06 - CAT-QuickHeal 9.50 2008.06.05 - ClamAV 0.92.1 2008.06.06 - DrWeb 4.44.0.09170 2008.06.05 - eSafe 7.0.15.0 2008.06.05 - eTrust-Vet 31.6.5850 2008.06.05 - Ewido 4.0 2008.06.05 - F-Prot 4.4.4.56 2008.06.05 - F-Secure 6.70.13260.0 2008.06.06 - Fortinet 3.14.0.0 2008.06.06 - GData 2.0.7306.1023 2008.06.05 - Ikarus T3.1.1.26.0 2008.06.06 - Kaspersky 7.0.0.125 2008.06.06 - McAfee 5311 2008.06.05 - Microsoft 1.3604 2008.06.06 - NOD32v2 3162 2008.06.05 - Norman 5.80.02 2008.06.05 - Panda 9.0.0.4 2008.06.05 - Prevx1 V2 2008.06.06 - Rising 20.47.32.00 2008.06.05 - Sophos 4.30.0 2008.06.06 - Sunbelt 3.0.1145.1 2008.06.05 - Symantec 10 2008.06.06 - TheHacker 6.2.92.336 2008.06.05 - VBA32 3.12.6.7 2008.06.05 - VirusBuster 4.3.26:9 2008.06.05 - Webwasher-Gateway 6.6.2 2008.06.06 - Information additionnelle File size: 720896 bytes MD5...: 65577ef62a45aa9a29639bec2649fb72 SHA1..: 80836c68ae49434adcbb300ba36c9530f09f81d2 SHA256: ff0b872a6b7dcdab47e13b3dc6cad51934d1923f0e70a84e595fb7dcf300dc7a SHA512: 2e04a1fecd1528b42809b4d0d2ac637a0fc8a7820879b61935ae462feed45e73<br>56390481c5965663ef08e46c61a6a97a64b73b20fb8be489693b2d58c1aad4d1 PEiD..: Armadillo v1.71 PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x45d5dc<br>timedatestamp.....: 0x3c61a751 (Wed Feb 06 21:59:45 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x82196 0x83000 6.49 90ee9c66ba9ac773c7dfd6dc7a8eacd5<br>.rdata 0x84000 0x185de 0x19000 4.37 54f60fa39cc575afeabf63dafb70bdef<br>.data 0x9d000 0xf8bc 0xc000 5.67 2e88876a9c65bdfb1c36b714e620c471<br>.rsrc 0xad000 0x6728 0x7000 3.63 88c17b004aef16783fbb8b94423e6289<br><br>( 14 imports ) <br>> WINMM.dll: waveOutGetNumDevs<br>> VERSION.dll: VerLanguageNameA, VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA<br>> KERNEL32.dll: GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, HeapFree, HeapAlloc, ExitProcess, GlobalFlags, GetCommandLineA, GetTimeZoneInformation, GetSystemTime, GetACP, HeapReAlloc, HeapSize, GetStartupInfoA, GetLocalTime, HeapCreate, VirtualFree, VirtualAlloc, LocalReAlloc, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStringTypeA, GetStringTypeW, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, CreateProcessA, GetPrivateProfileSectionNamesA, EnterCriticalSection, SetErrorMode, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetCurrentThread, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, GetDriveTypeA, MulDiv, InterlockedIncrement, FindNextFileA, FindFirstFileA, FindClose, RemoveDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, WriteFile, ReadFile, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, DeleteFileA, GetTempPathA, GetTempFileNameA, lstrcpyA, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, GetProcessVersion, GetModuleFileNameA, OpenProcess, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, GetCurrentProcessId, FreeLibrary, GetVersionExA, GetLastError, SetLastError, InitializeCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetVersion, GlobalAddAtomA, GetCurrentThreadId, GlobalGetAtomNameA, LockResource, GlobalFindAtomA, GlobalDeleteAtom, SystemTimeToFileTime, FindResourceA, LoadResource, FileTimeToSystemTime, GetFileTime, WideCharToMultiByte, InterlockedDecrement, MoveFileA, GetFullPathNameA, FlushFileBuffers, UnlockFile, LockFile, LocalFileTimeToFileTime, DuplicateHandle, DosDateTimeToFileTime, IsBadStringPtrA, SetFileTime, GetTickCount, lstrcmpiA, FileTimeToLocalFileTime, FileTimeToDosDateTime, LocalUnlock, LocalAlloc, LocalLock, lstrcatA, GlobalReAlloc, IsDBCSLeadByte, TlsFree, TlsGetValue, IsBadReadPtr, TlsSetValue, TlsAlloc, GetPrivateProfileIntA, MultiByteToWideChar, GlobalMemoryStatus, GetSystemDefaultLangID, GetComputerNameA, GetVolumeInformationA, GetPrivateProfileStringA, MoveFileExA, WritePrivateProfileStringA, GetDiskFreeSpaceA, TerminateProcess, Sleep, GetLogicalDriveStringsA, lstrcmpA, GetCurrentDirectoryA, FormatMessageA, GetShortPathNameA, CopyFileA, GetPrivateProfileSectionA, LocalFree, GlobalAlloc, SetUnhandledExceptionFilter, HeapDestroy, IsBadWritePtr<br>> USER32.dll: CheckMenuItem, EnableMenuItem, MapWindowPoints, GetSysColor, GetFocus, SetMenuItemBitmaps, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, GetTopWindow, GetCapture, WinHelpA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, GetWindow, SystemParametersInfoA, GetWindowPlacement, SetActiveWindow, CreateDialogIndirectParamA, GetParent, SetFocus, IsWindowEnabled, ShowWindow, SetWindowPos, MoveWindow, GetMenuState, IsDialogMessageA, LoadBitmapA, ModifyMenuA, ReleaseCapture, GetDlgItem, DrawFocusRect, FillRect, PtInRect, GetCursorPos, ValidateRect, GetMessageA, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, UnhookWindowsHookEx, GetWindowTextLengthA, LoadStringA, WaitForInputIdle, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, GetClassNameA, CharUpperA, OemToCharA, CharNextA, CharPrevA, CharUpperBuffA, SetCursor, IsIconic, DrawIcon, DestroyIcon, ExitWindowsEx, LoadCursorA, UpdateWindow, RedrawWindow, GetDesktopWindow, GetWindowTextA, EnumWindows, GetWindowThreadProcessId, PostMessageA, MessageBoxA, MsgWaitForMultipleObjects, GetSystemMetrics, EnableWindow, InvalidateRect, GetClientRect, GetDC, ReleaseDC, GetWindowRect, LoadIconA, TranslateMessage, DispatchMessageA, PeekMessageA, PostQuitMessage, IsWindow, BeginPaint, GetMenuCheckMarkDimensions, ClientToScreen, DrawTextA, EndPaint, TabbedTextOutA, GrayStringA, DestroyMenu, GetDlgCtrlID, GetWindowLongA, DefWindowProcA, SetWindowLongA, GetClassInfoA, RegisterClassA, CreateWindowExA, SendMessageA, DestroyWindow, wsprintfA, RegisterWindowMessageA, GetSysColorBrush, ShowOwnedPopups, BringWindowToTop, UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, SendDlgItemMessageA, GetNextDlgTabItem, UnregisterClassA<br>> GDI32.dll: DeleteObject, CreateFontIndirectA, GetObjectA, CreateSolidBrush, StretchDIBits, RealizePalette, CreatePalette, DeleteDC, CreateICA, GetTextMetricsA, SetBkMode, SetBkColor, GetStockObject, GetClipBox, GetBkColor, CreateBitmap, SetTextColor, RestoreDC, SelectObject, SaveDC, SetViewportOrgEx, OffsetViewportOrgEx, SetMapMode, ScaleViewportExtEx, SetViewportExtEx, SetWindowExtEx, Rectangle, ScaleWindowExtEx, SelectPalette, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, CreateCompatibleDC, BitBlt, GetDeviceCaps, RemoveFontResourceA, AddFontResourceA<br>> comdlg32.dll: GetSaveFileNameA, GetFileTitleA, GetOpenFileNameA<br>> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA<br>> ADVAPI32.dll: OpenServiceA, LookupPrivilegeValueA, AdjustTokenPrivileges, EnumServicesStatusA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegQueryValueExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegEnumValueA, RegConnectRegistryA, RegCloseKey, LookupAccountSidA, CreateServiceA, CloseServiceHandle, DeleteService, StartServiceA, ControlService, QueryServiceStatus, GetServiceDisplayNameA, OpenSCManagerA, UnlockServiceDatabase, FreeSid, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, OpenThreadToken, GetUserNameA<br>> SHELL32.dll: SHChangeNotify, DragFinish, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHGetPathFromIDListA, SHGetMalloc, SHGetSpecialFolderLocation, DragQueryFileA<br>> COMCTL32.dll: -<br>> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize<br>> OLEAUT32.dll: -, -<br>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> NETAPI32.dll: Netbios<br><br>( 0 exports ) <br> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.5.30.1 2008.06.05 - AntiVir 7.8.0.26 2008.06.05 - Authentium 5.1.0.4 2008.06.05 - Avast 4.8.1195.0 2008.06.05 - AVG 7.5.0.516 2008.06.05 - BitDefender 7.2 2008.06.06 - CAT-QuickHeal 9.50 2008.06.05 - ClamAV 0.92.1 2008.06.06 - DrWeb 4.44.0.09170 2008.06.05 - eSafe 7.0.15.0 2008.06.05 - eTrust-Vet 31.6.5850 2008.06.05 - Ewido 4.0 2008.06.05 - F-Prot 4.4.4.56 2008.06.05 - F-Secure 6.70.13260.0 2008.06.06 - Fortinet 3.14.0.0 2008.06.06 - GData 2.0.7306.1023 2008.06.05 - Ikarus T3.1.1.26.0 2008.06.06 - Kaspersky 7.0.0.125 2008.06.06 - McAfee 5311 2008.06.05 - Microsoft 1.3604 2008.06.06 - NOD32v2 3162 2008.06.05 - Norman 5.80.02 2008.06.05 - Panda 9.0.0.4 2008.06.05 - Prevx1 V2 2008.06.06 - Rising 20.47.32.00 2008.06.05 - Sophos 4.30.0 2008.06.06 - Sunbelt 3.0.1145.1 2008.06.05 - Symantec 10 2008.06.06 - TheHacker 6.2.92.336 2008.06.05 - VBA32 3.12.6.7 2008.06.05 - VirusBuster 4.3.26:9 2008.06.05 - Webwasher-Gateway 6.6.2 2008.06.06 - Information additionnelle File size: 720896 bytes MD5...: 65577ef62a45aa9a29639bec2649fb72 SHA1..: 80836c68ae49434adcbb300ba36c9530f09f81d2 SHA256: ff0b872a6b7dcdab47e13b3dc6cad51934d1923f0e70a84e595fb7dcf300dc7a SHA512: 2e04a1fecd1528b42809b4d0d2ac637a0fc8a7820879b61935ae462feed45e73<br>56390481c5965663ef08e46c61a6a97a64b73b20fb8be489693b2d58c1aad4d1 PEiD..: Armadillo v1.71 PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x45d5dc<br>timedatestamp.....: 0x3c61a751 (Wed Feb 06 21:59:45 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x82196 0x83000 6.49 90ee9c66ba9ac773c7dfd6dc7a8eacd5<br>.rdata 0x84000 0x185de 0x19000 4.37 54f60fa39cc575afeabf63dafb70bdef<br>.data 0x9d000 0xf8bc 0xc000 5.67 2e88876a9c65bdfb1c36b714e620c471<br>.rsrc 0xad000 0x6728 0x7000 3.63 88c17b004aef16783fbb8b94423e6289<br><br>( 14 imports ) <br>> WINMM.dll: waveOutGetNumDevs<br>> VERSION.dll: VerLanguageNameA, VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA<br>> KERNEL32.dll: GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, HeapFree, HeapAlloc, ExitProcess, GlobalFlags, GetCommandLineA, GetTimeZoneInformation, GetSystemTime, GetACP, HeapReAlloc, HeapSize, GetStartupInfoA, GetLocalTime, HeapCreate, VirtualFree, VirtualAlloc, LocalReAlloc, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStringTypeA, GetStringTypeW, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, CreateProcessA, GetPrivateProfileSectionNamesA, EnterCriticalSection, SetErrorMode, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetCurrentThread, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, GetDriveTypeA, MulDiv, InterlockedIncrement, FindNextFileA, FindFirstFileA, FindClose, RemoveDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, WriteFile, ReadFile, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, DeleteFileA, GetTempPathA, GetTempFileNameA, lstrcpyA, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, GetProcessVersion, GetModuleFileNameA, OpenProcess, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, GetCurrentProcessId, FreeLibrary, GetVersionExA, GetLastError, SetLastError, InitializeCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetVersion, GlobalAddAtomA, GetCurrentThreadId, GlobalGetAtomNameA, LockResource, GlobalFindAtomA, GlobalDeleteAtom, SystemTimeToFileTime, FindResourceA, LoadResource, FileTimeToSystemTime, GetFileTime, WideCharToMultiByte, InterlockedDecrement, MoveFileA, GetFullPathNameA, FlushFileBuffers, UnlockFile, LockFile, LocalFileTimeToFileTime, DuplicateHandle, DosDateTimeToFileTime, IsBadStringPtrA, SetFileTime, GetTickCount, lstrcmpiA, FileTimeToLocalFileTime, FileTimeToDosDateTime, LocalUnlock, LocalAlloc, LocalLock, lstrcatA, GlobalReAlloc, IsDBCSLeadByte, TlsFree, TlsGetValue, IsBadReadPtr, TlsSetValue, TlsAlloc, GetPrivateProfileIntA, MultiByteToWideChar, GlobalMemoryStatus, GetSystemDefaultLangID, GetComputerNameA, GetVolumeInformationA, GetPrivateProfileStringA, MoveFileExA, WritePrivateProfileStringA, GetDiskFreeSpaceA, TerminateProcess, Sleep, GetLogicalDriveStringsA, lstrcmpA, GetCurrentDirectoryA, FormatMessageA, GetShortPathNameA, CopyFileA, GetPrivateProfileSectionA, LocalFree, GlobalAlloc, SetUnhandledExceptionFilter, HeapDestroy, IsBadWritePtr<br>> USER32.dll: CheckMenuItem, EnableMenuItem, MapWindowPoints, GetSysColor, GetFocus, SetMenuItemBitmaps, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, GetTopWindow, GetCapture, WinHelpA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, GetWindow, SystemParametersInfoA, GetWindowPlacement, SetActiveWindow, CreateDialogIndirectParamA, GetParent, SetFocus, IsWindowEnabled, ShowWindow, SetWindowPos, MoveWindow, GetMenuState, IsDialogMessageA, LoadBitmapA, ModifyMenuA, ReleaseCapture, GetDlgItem, DrawFocusRect, FillRect, PtInRect, GetCursorPos, ValidateRect, GetMessageA, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, UnhookWindowsHookEx, GetWindowTextLengthA, LoadStringA, WaitForInputIdle, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, GetClassNameA, CharUpperA, OemToCharA, CharNextA, CharPrevA, CharUpperBuffA, SetCursor, IsIconic, DrawIcon, DestroyIcon, ExitWindowsEx, LoadCursorA, UpdateWindow, RedrawWindow, GetDesktopWindow, GetWindowTextA, EnumWindows, GetWindowThreadProcessId, PostMessageA, MessageBoxA, MsgWaitForMultipleObjects, GetSystemMetrics, EnableWindow, InvalidateRect, GetClientRect, GetDC, ReleaseDC, GetWindowRect, LoadIconA, TranslateMessage, DispatchMessageA, PeekMessageA, PostQuitMessage, IsWindow, BeginPaint, GetMenuCheckMarkDimensions, ClientToScreen, DrawTextA, EndPaint, TabbedTextOutA, GrayStringA, DestroyMenu, GetDlgCtrlID, GetWindowLongA, DefWindowProcA, SetWindowLongA, GetClassInfoA, RegisterClassA, CreateWindowExA, SendMessageA, DestroyWindow, wsprintfA, RegisterWindowMessageA, GetSysColorBrush, ShowOwnedPopups, BringWindowToTop, UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, SendDlgItemMessageA, GetNextDlgTabItem, UnregisterClassA<br>> GDI32.dll: DeleteObject, CreateFontIndirectA, GetObjectA, CreateSolidBrush, StretchDIBits, RealizePalette, CreatePalette, DeleteDC, CreateICA, GetTextMetricsA, SetBkMode, SetBkColor, GetStockObject, GetClipBox, GetBkColor, CreateBitmap, SetTextColor, RestoreDC, SelectObject, SaveDC, SetViewportOrgEx, OffsetViewportOrgEx, SetMapMode, ScaleViewportExtEx, SetViewportExtEx, SetWindowExtEx, Rectangle, ScaleWindowExtEx, SelectPalette, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, CreateCompatibleDC, BitBlt, GetDeviceCaps, RemoveFontResourceA, AddFontResourceA<br>> comdlg32.dll: GetSaveFileNameA, GetFileTitleA, GetOpenFileNameA<br>> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA<br>> ADVAPI32.dll: OpenServiceA, LookupPrivilegeValueA, AdjustTokenPrivileges, EnumServicesStatusA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegQueryValueExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegEnumValueA, RegConnectRegistryA, RegCloseKey, LookupAccountSidA, CreateServiceA, CloseServiceHandle, DeleteService, StartServiceA, ControlService, QueryServiceStatus, GetServiceDisplayNameA, OpenSCManagerA, UnlockServiceDatabase, FreeSid, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, OpenThreadToken, GetUserNameA<br>> SHELL32.dll: SHChangeNotify, DragFinish, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHGetPathFromIDListA, SHGetMalloc, SHGetSpecialFolderLocation, DragQueryFileA<br>> COMCTL32.dll: -<br>> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize<br>> OLEAUT32.dll: -, -<br>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> NETAPI32.dll: Netbios<br><br>( 0 exports ) <br>
  13. bastos93
    J'ai mis un moment avant de pouvoir me remettre sur ma bécane et j'ai désinstallé Emule comme conseillé plus haut. Alors pour expliquer un peu mieux la situation, l'ordinateur que j'utilise est collectif : Pronote est utilisé par ma compagne, moi c'est plutôt internet et le jeune garçon un peu tout le reste (j'avoue quand même jouer de temps à autre à des jeux comme enemy territory). Pour le reste ... A mon grand désarroi, je ne parviens pas à télécharger SafeBootKeyRepair.exe ... Le lien est mort et toujours est-il qu'après avoir cherché sur google, je tombe systématiquement sur les deux mêmes sources qui ne fonctionnent pas. Donc je suis coincé à la première étape. Frustrant ! Comment faire ? Merci encore pour l'aide.
  14. bastos93
    J'ai tout suivi à la lettre et voici donc le rapport combofix : ComboFix 08-06-04.5 - bob 2008-06-05 13:26:19.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1574 [GMT 2:00] Endroit: C:\Documents and Settings\bob\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\bob\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))))))) . 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Program Files\Avira 2008-06-04 15:21 . 2008-06-04 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-04 14:15 . 2008-06-04 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb 2008-06-01 21:42 . 2008-06-01 23:19 <REP> d-------- C:\Program Files\Bases 2008-06-01 18:17 . 2008-06-01 18:20 <REP> d-------- C:\Program Files\Frozen-Bubble 2008-06-01 17:29 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-06-01 17:28 . 2008-06-02 20:57 <REP> d-------- C:\Program Files\Postal2STP 2008-05-31 11:29 . 2008-05-31 11:29 <REP> d-------- C:\Documents and Settings\bob\Application Data\ItsLabel 2008-05-30 12:52 . 2008-06-03 19:13 <REP> d-------- C:\Program Files\Steam 2008-05-30 12:51 . 2008-05-30 22:40 <REP> d-------- C:\Program Files\EoRezo 2008-05-30 12:51 . 2008-05-30 22:40 <REP> d-------- C:\Documents and Settings\bob\Application Data\EoRezo 2008-05-18 00:20 . 2008-06-04 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 00:20 . 2008-05-18 00:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-14 13:00 . 2008-05-14 13:00 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-05-14 12:59 . 2008-05-14 12:59 22,328 --a------ C:\Documents and Settings\bob\Application Data\PnkBstrK.sys 2008-05-14 12:58 . 2008-05-14 12:58 319 --a------ C:\WINDOWS\game.ini 2008-05-14 12:54 . 2008-05-14 12:54 <REP> d-------- C:\Program Files\Activision 2008-05-09 02:59 . 2008-05-09 02:59 <REP> d-------- C:\Program Files\UnH Solutions 2008-05-09 02:55 . 2008-05-09 02:55 <REP> d-------- C:\Program Files\FLV Player 2008-05-07 12:58 . 2008-05-07 12:58 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-05-05 20:36 . 2008-05-05 20:36 <REP> d-------- C:\Program Files\MSXML 4.0 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-05 11:28 56,776,736 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-05 11:22 --------- d-----w C:\Documents and Settings\bob\Application Data\OpenOffice.org2 2008-06-04 12:02 667,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-04 12:02 2,643,968 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp 2008-06-01 21:19 861,432 ----a-w C:\Program Files\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.bak 2008-06-01 21:19 492 ----a-w C:\Program Files\Spell.cfg 2008-06-01 21:19 145 ----a-w C:\Program Files\DicUtilisateur.adu 2008-06-01 09:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-01 09:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-30 18:15 --------- d-----w C:\Program Files\eMule 2008-05-29 10:24 --------- d-----w C:\Documents and Settings\bob\Application Data\gtk-2.0 2008-05-25 17:43 740,352 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp 2008-05-25 17:43 1,744,896 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp 2008-05-24 11:13 2,699,264 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp 2008-05-24 11:13 1,740,800 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp 2008-05-17 14:23 1,738,752 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp 2008-05-14 11:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-14 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-07 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-05 15:03 --------- d-----w C:\Documents and Settings\bob\Application Data\DivX 2008-05-04 21:47 --------- d-----w C:\Program Files\DivX 2008-05-04 21:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-04 21:45 --------- d-----w C:\Program Files\Any Video Converter Professional 2008-05-04 21:44 --------- d-----w C:\Documents and Settings\bob\Application Data\Any Video Converter Professional 2008-05-04 21:38 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-04 21:19 1,679,360 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp 2008-05-04 20:09 --------- d-----w C:\Program Files\KaraFun 2008-05-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio 2008-05-04 14:29 2,423,808 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp 2008-05-04 14:29 --------- d-----w C:\Program Files\7-Zip 2008-05-04 14:15 --------- d-----w C:\Program Files\Microsoft Games 2008-05-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-05-03 17:36 --------- d-----w C:\Documents and Settings\bob\Application Data\Free Download Manager 2008-05-02 11:47 --------- d-----w C:\Program Files\Carte Blanche 2008-04-30 15:32 2,702,848 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp 2008-04-30 15:32 1,650,688 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp 2008-04-29 01:45 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp 2008-04-29 01:22 1,643,008 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp 2008-04-29 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-29 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-04-28 22:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-28 00:51 --------- d-----w C:\Program Files\HD Tune 2008-04-26 17:54 --------- d-----w C:\Program Files\Lucasarts Collection 2008-04-26 17:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-04-25 17:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-04-24 23:08 --------- d-----w C:\Program Files\Rockstar Games 2008-04-22 14:13 --------- d-----w C:\Program Files\Kraken 2008-04-22 13:24 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 13:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-22 13:20 --------- d-----w C:\Documents and Settings\bob\Application Data\DAEMON Tools 2008-04-22 13:00 --------- d-----w C:\Program Files\DOSBox-0.72 2008-04-21 18:26 1,574,912 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp 2008-04-21 15:55 --------- d-----w C:\Program Files\AXEL 2008-04-21 15:38 --------- d-----w C:\Program Files\Aide mémoire 2008-04-21 13:57 --------- d-----w C:\Program Files\Real Alternative 2008-04-21 10:33 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp 2008-04-21 10:33 1,551,360 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp 2008-04-21 10:26 94,720 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp 2008-04-21 10:26 1,551,360 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp 2008-04-21 10:20 99,328 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp 2008-04-21 10:20 1,551,360 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp 2008-04-21 10:14 248,320 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp 2008-04-21 09:57 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp 2008-04-21 09:57 1,048,576 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp 2008-04-20 09:39 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp 2008-04-20 09:39 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp 2008-04-20 08:36 499,712 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp 2008-04-20 08:36 1,549,312 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp 2008-04-19 14:35 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp 2008-04-19 14:35 1,546,752 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp 2008-04-19 14:19 3,838,915 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-04-19 14:17 2,648,576 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp 2008-04-16 11:08 --------- d-----w C:\Program Files\Investintech.com Inc 2008-04-13 07:49 2,633,216 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp 2008-04-09 12:17 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL 2008-04-09 12:17 28,672 ----a-w C:\WINDOWS\system32\HLP95EN.DLL 2008-04-09 12:17 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL 2008-04-09 12:17 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL 2008-04-09 12:17 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL 2008-04-09 12:17 1,123,600 ----a-w C:\WINDOWS\system32\FM20.DLL 2008-04-09 12:17 --------- d-----w C:\Program Files\ActiveX Control Pad 2008-04-09 11:58 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-04-09 10:32 --------- d-----w C:\Program Files\a-squared Free 2008-04-09 08:39 --------- d-----w C:\Program Files\AxBx 2008-04-09 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abqtarch 2008-04-07 16:42 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp 2008-04-07 16:42 1,320,448 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp 2008-04-07 04:57 1,485,824 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp 2008-04-05 08:45 464,896 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp 2008-04-05 08:45 1,470,464 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp 2008-04-04 17:26 922,112 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp 2008-04-04 17:26 1,465,856 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp 2008-04-02 23:35 2,757,632 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-04-02 23:35 1,453,568 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-04_14.47.28,56 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] C:\Documents and Settings\bob\Menu D‚marrer\Programmes\D‚marrage\ Aide m‚moire.lnk - C:\Program Files\Aide m‚moire\TrayIcon.exe [2008-04-21 17:37:43 34816] No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2007-12-26 13:23:45 1172992] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2007-12-08 20:48:28 650240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKEXpn] rqRKEXpn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "MSACM.MSNAUDIO"= msnaudio.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^bob^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 11:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-06-28 22:29 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"= "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 04:44] *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-04 12:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 13:28:09 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\System32\CSCDLL.dll . Temps d'accomplissement: 2008-06-05 13:29:27 ComboFix-quarantined-files.txt 2008-06-05 11:29:13 ComboFix2.txt 2008-06-04 12:47:47 ComboFix3.txt 2008-03-07 23:19:39 Pre-Run: 149,524,209,664 octets libres Post-Run: 149,492,285,440 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 248 --- E O F --- 2008-05-28 13:35:37
  15. bastos93
    le voici : ComboFix 08-06-03.1 - Administrateur 2008-06-04 14:37:17.2 - NTFSx86 NETWORK Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\qdnkewfa.dll C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\lkRsrqss.ini C:\WINDOWS\system32\lkRsrqss.ini2 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))))))) . 2008-06-04 14:15 . 2008-06-04 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb 2008-06-01 21:42 . 2008-06-01 23:19 <REP> d-------- C:\Program Files\Bases 2008-06-01 18:17 . 2008-06-01 18:20 <REP> d-------- C:\Program Files\Frozen-Bubble 2008-06-01 17:29 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-06-01 17:28 . 2008-06-02 20:57 <REP> d-------- C:\Program Files\Postal2STP 2008-05-31 11:29 . 2008-05-31 11:29 <REP> d-------- C:\Documents and Settings\bob\Application Data\ItsLabel 2008-05-30 12:52 . 2008-06-03 19:13 <REP> d-------- C:\Program Files\Steam 2008-05-30 12:51 . 2008-05-30 22:40 <REP> d-------- C:\Program Files\EoRezo 2008-05-30 12:51 . 2008-05-30 22:40 <REP> d-------- C:\Documents and Settings\bob\Application Data\EoRezo 2008-05-18 00:20 . 2008-06-04 13:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 00:20 . 2008-05-18 00:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-14 13:00 . 2008-05-14 13:00 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-05-14 12:59 . 2008-05-14 12:59 22,328 --a------ C:\Documents and Settings\bob\Application Data\PnkBstrK.sys 2008-05-14 12:58 . 2008-05-14 12:58 319 --a------ C:\WINDOWS\game.ini 2008-05-14 12:54 . 2008-05-14 12:54 <REP> d-------- C:\Program Files\Activision 2008-05-09 02:59 . 2008-05-09 02:59 <REP> d-------- C:\Program Files\UnH Solutions 2008-05-09 02:55 . 2008-05-09 02:55 <REP> d-------- C:\Program Files\FLV Player 2008-05-07 12:58 . 2008-05-07 12:58 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-05-05 20:36 . 2008-05-05 20:36 <REP> d-------- C:\Program Files\MSXML 4.0 2008-05-04 23:44 . 2008-05-04 23:45 <REP> d-------- C:\Program Files\Any Video Converter Professional 2008-05-04 23:44 . 2008-05-04 23:44 <REP> d-------- C:\Documents and Settings\bob\Application Data\Any Video Converter Professional 2008-05-04 23:44 . 2008-05-04 23:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-04 22:08 . 2008-05-04 22:09 <REP> d-------- C:\Program Files\KaraFun 2008-05-04 22:08 . 2008-05-04 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Recisio 2008-05-04 16:15 . 2008-05-04 16:15 <REP> d-------- C:\Program Files\Microsoft Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 12:02 667,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-04 12:02 56,723,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-04 11:41 --------- d-----w C:\Documents and Settings\bob\Application Data\OpenOffice.org2 2008-06-01 21:19 861,432 ----a-w C:\Program Files\BAULES ISABELLE - pronote 2007-2008 28 10 2007 - 12.npr.bak 2008-06-01 21:19 492 ----a-w C:\Program Files\Spell.cfg 2008-06-01 21:19 145 ----a-w C:\Program Files\DicUtilisateur.adu 2008-06-01 09:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-30 18:15 --------- d-----w C:\Program Files\eMule 2008-05-29 10:24 --------- d-----w C:\Documents and Settings\bob\Application Data\gtk-2.0 2008-05-14 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-07 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-05 15:03 --------- d-----w C:\Documents and Settings\bob\Application Data\DivX 2008-05-04 21:47 --------- d-----w C:\Program Files\DivX 2008-05-04 21:38 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-04 14:29 --------- d-----w C:\Program Files\7-Zip 2008-05-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-05-03 17:36 --------- d-----w C:\Documents and Settings\bob\Application Data\Free Download Manager 2008-05-02 11:47 --------- d-----w C:\Program Files\Carte Blanche 2008-04-29 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-29 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-04-28 22:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-28 00:51 --------- d-----w C:\Program Files\HD Tune 2008-04-26 17:54 --------- d-----w C:\Program Files\Lucasarts Collection 2008-04-26 17:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-04-25 17:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-04-24 23:08 --------- d-----w C:\Program Files\Rockstar Games 2008-04-22 14:13 --------- d-----w C:\Program Files\Kraken 2008-04-22 13:24 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 13:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-22 13:20 --------- d-----w C:\Documents and Settings\bob\Application Data\DAEMON Tools 2008-04-22 13:00 --------- d-----w C:\Program Files\DOSBox-0.72 2008-04-21 15:55 --------- d-----w C:\Program Files\AXEL 2008-04-21 15:38 --------- d-----w C:\Program Files\Aide mémoire 2008-04-21 13:57 --------- d-----w C:\Program Files\Real Alternative 2008-04-16 11:08 --------- d-----w C:\Program Files\Investintech.com Inc 2008-04-09 12:17 --------- d-----w C:\Program Files\ActiveX Control Pad 2008-04-09 11:58 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-04-09 10:32 --------- d-----w C:\Program Files\a-squared Free 2008-04-09 08:39 --------- d-----w C:\Program Files\AxBx 2008-04-09 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abqtarch 2007-12-03 12:42 17,633,792 ----a-w C:\Program Files\ProfNote.exe 2007-12-03 12:40 3,813,376 ----a-w C:\Program Files\NOTE2007FR.dll 2007-11-09 14:08 427,287 ----a-w C:\Program Files\spanish.adm 2007-11-09 14:08 424,833 ----a-w C:\Program Files\italian.adm 2007-11-09 14:08 362,620 ----a-w C:\Program Files\DicProNote.adu 2007-11-09 14:08 322,000 ----a-w C:\Program Files\French.adm 2007-11-09 14:08 320,743 ----a-w C:\Program Files\british.adm 2007-11-09 14:08 23 ----a-w C:\Program Files\Config.lng 2007-11-09 14:02 614,672 ----a-w C:\Program Files\oleaut32.dll 2007-11-09 13:59 443,864 ----a-w C:\Program Files\AidePF2007.chm 2007-11-09 13:59 39,941 ----a-w C:\Program Files\CONTRAT DE LICENCE INDEX EDUCATION ProfNOTE.rtf 2007-04-06 15:46 4,037,888 ----a-w C:\Program Files\Foxit_Reader.exe 2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKEXpn] rqRKEXpn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "MSACM.MSNAUDIO"= msnaudio.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^bob^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 11:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-06-28 22:29 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"= "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 04:44] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-02 12:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 14:42:12 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\Program Files\Aide mémoire\TrayIcon.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-04 14:47:47 - machine was rebooted [bob] ComboFix-quarantined-files.txt 2008-06-04 12:47:43 ComboFix2.txt 2008-03-07 23:19:39 Pre-Run: 149,218,959,360 octets libres Post-Run: 149,198,512,128 octets libres 201 --- E O F --- 2008-05-28 13:35:37
×
×
  • Créer...