Aller au contenu

Youcef_51

Membres
  • Compteur de contenus

    11
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

Youcef_51's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Non tout est reglé Merci beaucoup, j'ai une dernière question par contre ce serait pour savoir comment j'ai attrapé ce virus ? est-ce que je dois faire encore attention ?
  2. dsl pour le retard, voici le rapport: Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1097 Windows 5.1.2600 Service Pack 3 19:26:38 30/08/2008 mbam-log-08-30-2008 (19-26-38).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 122359 Temps écoulé: 1 hour(s), 57 minute(s), 11 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\QooBox\Quarantine\C\WINDOWS\system32\blphcg9cj0elc7.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP20\A0001641.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  3. Voici le rapport hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16:29, on 30/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\WINDOWS\explorer.exe C:\Program Files\inKline Global\PC Booster\PCBooster.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray O4 - HKCU\..\Run: [salaatTime] C:\Program Files\Salaat Time\SalaatTime.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: BrSplService BrotherDcomLaunch (BrotherDcomLaunch) - Unknown owner - .exe (file missing) O23 - Service: Bluetooth Support Service BthServwindownetpker (BthServwindownetpker) - Unknown owner - .exe (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Client DHCP DhcpEapHost (DhcpEapHost) - Unknown owner - .exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Google Updater Service gusvcstisvc (gusvcstisvc) - Unknown owner - .exe (file missing) O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcmnmsrvc (mnmsrvcmnmsrvc) - Unknown owner - .exe (file missing) O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcmnmsrvc mnmsrvcmnmsrvcHidServ (mnmsrvcmnmsrvcHidServ) - Unknown owner - .exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutolanmanworkstation (RasAutolanmanworkstation) - Unknown owner - .exe (file missing) O23 - Service: Planificateur de tâches ScheduleCOMSysApp (ScheduleCOMSysApp) - Unknown owner - .exe (file missing) O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: STI Simulator STIAlerter (STIAlerter) - Unknown owner - .exe (file missing) O23 - Service: Service Messenger Sharing Folders USN Journal Reader usnjsvcAlerter (usnjsvcAlerter) - Unknown owner - .exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe -- End of file - 10787 bytes
  4. Pour le rapport de moveIt il s'affiche ceci dans "results" File/Folder c:\documents and settings\khaled zeghouani\application data\ezpinst.exe not found. File/Folder c:\windows\iun6002.exe not found. < C:/WINDOWS/system32/drivers/937.exe > Puis ensuite un message disant error "invalid time flag [937.exe] must be numerical".
  5. comment faire un rapport hijack this?
  6. Bonjour, L'antivirus RAV a trouver que mon ordinateur était saint. Voici le Rapport combofix que vous m'avez demandé. ComboFix 08-08-28.06 - khaled zeghouani 2008-08-30 11:40:50.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.274 [GMT 2:00] Endroit: C:\Documents and Settings\khaled zeghouani\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\khaled zeghouani\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\khaled zeghouani\Application Data\ezpinst.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))))))) . 2008-08-29 17:39 . 2008-08-29 17:39 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-08-29 17:34 . 2008-08-29 17:35 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-29 17:30 . 2008-08-29 18:04 <REP> d-------- C:\SDFix 2008-08-28 22:59 . 2008-08-30 11:53 5,558,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-28 22:59 . 2008-08-30 11:48 66,188 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-28 22:52 . 2008-08-28 22:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-28 22:52 . 2008-08-28 22:56 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-28 22:51 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-08-28 22:51 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-08-28 22:51 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-08-28 22:51 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-08-28 22:51 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-08-28 22:50 . 2008-08-28 22:50 <REP> d-------- C:\Program Files\Zone Labs 2008-08-28 21:31 . 2008-08-28 21:31 <REP> d-------- C:\Documents and Settings\khaled zeghouani\Application Data\Viewpoint 2008-08-28 19:30 . 2008-08-28 19:30 160,288 --a------ C:\WINDOWS\nod32_v3.0.621.0_Fr Uninstaller.exe 2008-08-28 19:24 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-08-28 18:42 . 2008-08-28 18:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-28 18:40 . 2008-08-28 18:40 <REP> d-------- C:\Program Files\ESET 2008-08-28 18:03 . 2008-08-28 18:03 61,440 --a------ C:\WINDOWS\system32\drivers\937.exe 2008-08-28 17:47 . 2008-08-28 17:47 61,440 --a------ C:\WINDOWS\system32\drivers\796.exe 2008-08-28 12:21 . 2008-08-28 12:21 32 --a-s---- C:\WINDOWS\system32\3565636821.dat 2008-08-27 09:40 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-27 09:39 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-27 02:37 . 2008-08-27 02:37 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-27 02:37 . 2008-08-27 02:37 <REP> d-------- C:\WINDOWS\system32\bits 2008-08-27 02:37 . 2008-08-27 02:37 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-27 02:30 . 2008-08-27 02:38 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-08-27 02:13 . 2008-08-27 02:13 <REP> d-------- C:\WINDOWS\EHome 2008-08-19 01:57 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-19 01:57 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-08-19 01:57 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-08-19 01:57 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-08-19 01:56 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-07-07 22:28 . 2008-07-07 22:28 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-30 07:55 1,011,610 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-08-29 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-29 11:41 --------- d-----w C:\Program Files\Brother 2008-08-29 11:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-29 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-29 11:30 --------- d-----w C:\Documents and Settings\khaled zeghouani\Application Data\OpenOffice.org2 2008-08-29 11:18 --------- d-----w C:\Program Files\Steam 2008-08-29 10:40 --------- d-----w C:\Program Files\RomStation 2008-08-28 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-08-28 16:15 --------- d-----w C:\Program Files\McAfee.com 2008-08-28 16:15 --------- d-----w C:\Program Files\McAfee 2008-08-28 16:09 --------- d-----w C:\Program Files\Google 2008-08-28 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-08-28 15:41 --------- d-----w C:\Program Files\Alwil Software 2008-08-27 00:59 --------- d-----w C:\Documents and Settings\khaled zeghouani\Application Data\Azureus 2008-08-08 09:09 --------- d-----w C:\Program Files\eMule 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-02 18:00 --------- d-----w C:\Program Files\Azureus 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-17 22:20 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-13 08:49 81,920 ----a-w C:\Documents and Settings\khaled zeghouani\Application Data\ezpinst.exe 2008-05-13 08:49 47,360 ----a-w C:\Documents and Settings\khaled zeghouani\Application Data\pcouffin.sys 2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:55 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll 2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:55 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll 2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 10:55 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll 2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-06 18:47 10,086,069 ----a-w C:\WINDOWS\ALLAH.scr 2008-05-01 14:36 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll 2006-03-30 19:27 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-09-17 20:15 104 -csh--r C:\WINDOWS\system32\144CAADCE4.sys 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll 2006-09-17 20:15 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-12 03:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll . ------- Sigcheck ------- 2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp3gdr\tcpip.sys 2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-29_16.17.40.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-08-29 15:35:24 11,575,296 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-08-29 15:35:24 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-08-29 15:35:08 11,575,296 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-08-29 15:35:09 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-30 22:14 5724184] "Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08 4937512] "SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2008-05-16 04:01 13496320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40 462848] "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 11:45 90112] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-29 21:05 68856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^khaled zeghouani^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\khaled zeghouani\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2007-03-27 17:36 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 19:39 1271032 c:\Program Files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Steam\\SteamApps\\sefyuof51\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a00f395-c8bb-11da-86f7-00032f4210fb}] \Shell\AutoRun\command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5bb76a2-86c7-11dc-8982-00032f4210fb}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 11:50:31 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrotherDcomLaunch] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthServwindownetpker] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpEapHost] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcstisvc] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcmnmsrvc] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcmnmsrvcHidServ] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutolanmanworkstation] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScheduleCOMSysApp] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\STIAlerter] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvcAlerter] "ImagePath"=" srv" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\brss01a.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-30 12:05:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-30 10:04:45 ComboFix2.txt 2008-08-29 14:19:37 Pre-Run: 5,181,964,288 octets libres Post-Run: 5,160,263,680 octets libres 301 --- E O F --- 2008-08-27 14:56:33
  7. Voici l'examination de C:/WINDOWS/system32/drivers/937.exe Fichier 937.exe reçu le 2008.08.29 19:45:15 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 3/36 (8.34%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 2. L'heure estimée de démarrage est entre 42 et 60 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.29 - Authentium 5.1.0.4 2008.08.29 - Avast 4.8.1195.0 2008.08.29 - AVG 8.0.0.161 2008.08.29 - BitDefender 7.2 2008.08.29 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.29 - DrWeb 4.44.0.09170 2008.08.29 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6056 2008.08.29 - Ewido 4.0 2008.08.29 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.29 - Fortinet 3.14.0.0 2008.08.29 W32/PolySmall.BP!tr GData 19 2008.08.29 - Ikarus T3.1.1.34.0 2008.08.29 - K7AntiVirus 7.10.432 2008.08.29 - Kaspersky 7.0.0.125 2008.08.29 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 Trojan:Win32/Busky.EH NOD32v2 3399 2008.08.29 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.29 - PCTools 4.4.2.0 2008.08.29 - Prevx1 V2 2008.08.29 - Rising 20.59.41.00 2008.08.29 - Sophos 4.33.0 2008.08.29 - Sunbelt 3.1.1592.1 2008.08.29 - Symantec 10 2008.08.29 Downloader TheHacker 6.3.0.6.067 2008.08.29 - TrendMicro 8.700.0.1004 2008.08.29 - VBA32 3.12.8.4 2008.08.29 - ViRobot 2008.8.29.1355 2008.08.29 - VirusBuster 4.5.11.0 2008.08.29 - Webwasher-Gateway 6.6.2 2008.08.29 - Information additionnelle File size: 61440 bytes MD5...: ac02f5ddd00fd9e7efaa495887e5d871 SHA1..: 0cc9d135531564aedad090f1353bc85db1a577b7 SHA256: 775f4fa6cd46be04b52a12f0a597b5b8d62383feeff8fa91c371a313843fac41 SHA512: 932d3ac90b38e5ebfa574b497b85a643bf4845060f2061ecca2e9934616b65fd 9231927cf1aeb07af3412450dc269f2b10f942af74175585cefe0ebeedb6b150 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4071dd timedatestamp.....: 0x48b6568f (Thu Aug 28 07:41:03 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xb73a 0xc000 6.67 93b0fb37b9289cc7387aed0980f16839 .rdata 0xd000 0x762 0x1000 2.91 eff06e84d38aa9f3d20207730da9c90d .data 0xe000 0x3f8 0x1000 0.21 da9e58140b303a97d5d28318080b22b0 ( 4 imports ) > KERNEL32.dll: QueryDosDeviceW, FileTimeToSystemTime, GlobalAddAtomW, lstrcpyW, GetFileSize, ResetEvent, LockResource, GetFileAttributesExW, LoadLibraryA, GetUserDefaultLangID, TerminateThread, GetModuleHandleW, FindFirstChangeNotificationW, CreateEventW, GetLogicalDrives, WriteFile, GetSystemTime, SetLastError, WaitForSingleObject, FindNextChangeNotification, FindResourceExW, GetCurrentProcess, WideCharToMultiByte, GetProcAddress, GetDriveTypeW, CreateProcessW, GetCurrentThread, SizeofResource, GetLocalTime, SetWaitableTimer, GetLastError, FreeResource, Sleep > USER32.dll: SetWindowTextW, GetWindowDC, PostThreadMessageW, AppendMenuW, EnableWindow, SetCapture, RegisterWindowMessageW, UpdateWindow, DefWindowProcW, IsWindow, GetWindowTextW, SendDlgItemMessageW, GetSysColor, LoadCursorW, DestroyMenu, InvalidateRect, SetCursor, SystemParametersInfoW, TrackPopupMenu, SetLayeredWindowAttributes, EndDialog, SetForegroundWindow > GDI32.dll: SetTextColor, Rectangle, BitBlt, CreateCompatibleBitmap, GetObjectW, StretchBlt, CreateRoundRectRgn, MoveToEx > ADVAPI32.dll: LookupPrivilegeValueW, RegOpenKeyExW, RegCreateKeyExW ( 0 exports ) Et Voici l'examination de C:/WINDOWS/system32/drivers/796.exe Fichier 796.exe reçu le 2008.08.29 19:42:17 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 3/34 (8.83%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: ___. L'heure estimée de démarrage est entre ___ et ___ . Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.29 - Authentium 5.1.0.4 2008.08.29 - Avast 4.8.1195.0 2008.08.29 - AVG 8.0.0.161 2008.08.29 - BitDefender 7.2 2008.08.29 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.29 - DrWeb 4.44.0.09170 2008.08.29 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6055 2008.08.29 - Ewido 4.0 2008.08.29 - F-Prot 4.4.4.56 2008.08.29 - Fortinet 3.14.0.0 2008.08.29 W32/PolySmall.BP!tr GData 19 2008.08.29 - Ikarus T3.1.1.34.0 2008.08.29 - K7AntiVirus 7.10.432 2008.08.29 - Kaspersky 7.0.0.125 2008.08.29 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 Trojan:Win32/Busky.EH NOD32v2 3399 2008.08.29 - Panda 9.0.0.4 2008.08.29 - PCTools 4.4.2.0 2008.08.29 - Prevx1 V2 2008.08.29 - Rising 20.59.41.00 2008.08.29 - Sophos 4.33.0 2008.08.29 - Sunbelt 3.1.1592.1 2008.08.29 - Symantec 10 2008.08.29 Downloader TheHacker 6.3.0.6.067 2008.08.29 - TrendMicro 8.700.0.1004 2008.08.29 - VBA32 3.12.8.4 2008.08.29 - ViRobot 2008.8.29.1355 2008.08.29 - VirusBuster 4.5.11.0 2008.08.29 - Webwasher-Gateway 6.6.2 2008.08.29 - Information additionnelle File size: 61440 bytes MD5...: ac02f5ddd00fd9e7efaa495887e5d871 SHA1..: 0cc9d135531564aedad090f1353bc85db1a577b7 SHA256: 775f4fa6cd46be04b52a12f0a597b5b8d62383feeff8fa91c371a313843fac41 SHA512: 932d3ac90b38e5ebfa574b497b85a643bf4845060f2061ecca2e9934616b65fd 9231927cf1aeb07af3412450dc269f2b10f942af74175585cefe0ebeedb6b150 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4071dd timedatestamp.....: 0x48b6568f (Thu Aug 28 07:41:03 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xb73a 0xc000 6.67 93b0fb37b9289cc7387aed0980f16839 .rdata 0xd000 0x762 0x1000 2.91 eff06e84d38aa9f3d20207730da9c90d .data 0xe000 0x3f8 0x1000 0.21 da9e58140b303a97d5d28318080b22b0 ( 4 imports ) > KERNEL32.dll: QueryDosDeviceW, FileTimeToSystemTime, GlobalAddAtomW, lstrcpyW, GetFileSize, ResetEvent, LockResource, GetFileAttributesExW, LoadLibraryA, GetUserDefaultLangID, TerminateThread, GetModuleHandleW, FindFirstChangeNotificationW, CreateEventW, GetLogicalDrives, WriteFile, GetSystemTime, SetLastError, WaitForSingleObject, FindNextChangeNotification, FindResourceExW, GetCurrentProcess, WideCharToMultiByte, GetProcAddress, GetDriveTypeW, CreateProcessW, GetCurrentThread, SizeofResource, GetLocalTime, SetWaitableTimer, GetLastError, FreeResource, Sleep > USER32.dll: SetWindowTextW, GetWindowDC, PostThreadMessageW, AppendMenuW, EnableWindow, SetCapture, RegisterWindowMessageW, UpdateWindow, DefWindowProcW, IsWindow, GetWindowTextW, SendDlgItemMessageW, GetSysColor, LoadCursorW, DestroyMenu, InvalidateRect, SetCursor, SystemParametersInfoW, TrackPopupMenu, SetLayeredWindowAttributes, EndDialog, SetForegroundWindow > GDI32.dll: SetTextColor, Rectangle, BitBlt, CreateCompatibleBitmap, GetObjectW, StretchBlt, CreateRoundRectRgn, MoveToEx > ADVAPI32.dll: LookupPrivilegeValueW, RegOpenKeyExW, RegCreateKeyExW ( 0 exports ) Voici l'examination de C:/WINDOWS/system32/3565636821.dat Fichier 3565636821.dat reçu le 2008.08.29 19:53:03 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/35 (0%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 2. L'heure estimée de démarrage est entre 42 et 60 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.29 - Authentium 5.1.0.4 2008.08.29 - Avast 4.8.1195.0 2008.08.29 - AVG 8.0.0.161 2008.08.29 - BitDefender 7.2 2008.08.29 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.29 - DrWeb 4.44.0.09170 2008.08.29 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6056 2008.08.29 - Ewido 4.0 2008.08.29 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.29 - Fortinet 3.14.0.0 2008.08.29 - GData 19 2008.08.29 - Ikarus T3.1.1.34.0 2008.08.29 - K7AntiVirus 7.10.432 2008.08.29 - Kaspersky 7.0.0.125 2008.08.29 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3399 2008.08.29 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.29 - PCTools 4.4.2.0 2008.08.29 - Prevx1 V2 2008.08.29 - Rising 20.59.41.00 2008.08.29 - Sophos 4.33.0 2008.08.29 - Sunbelt 3.1.1592.1 2008.08.29 - Symantec 10 2008.08.29 - TheHacker 6.3.0.6.067 2008.08.29 - TrendMicro 8.700.0.1004 2008.08.29 - ViRobot 2008.8.29.1355 2008.08.29 - VirusBuster 4.5.11.0 2008.08.29 - Webwasher-Gateway 6.6.2 2008.08.29 - Information additionnelle File size: 32 bytes MD5...: 5e7e954d7eb504af49747a85336da63a SHA1..: c1a385f81c2f3789d7b113599901c4b562491023 SHA256: e8c8ac428fe98b423e983b4251fc6fa45776407223475cc55f03e0d874a9f863 SHA512: b01e7775ffa022f217ebb2bbf7682a7efda47392f649be76ea55edd2c0d16502 9b587dae2f2f27e2c2631e1a602c4f1dfb9aac86eaf12055cb3efa4086866bba PEiD..: - TrID..: File type identification Unknown! PEInfo: -
  8. Merci beaucoup pour votre aide c très gentille. j'ai deja un antivirus et aussi un firewall qui sont ESET NOD 32 antivirus business edition et zone alarm est ce qu'ils sont vraiment performants ou devrait-je les changer ?
  9. voici le rapport: SDFix: Version 1.220 Run by khaled zeghouani on 29/08/2008 at 17:40 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\NHATQU~1.EXE - Deleted C:\WINDOWS\SYSTEM32\TEST1.EXE - Deleted C:\WINDOWS\TMLPWIN.EXE - Deleted C:\WINDOWS\system32\17.tmp - Deleted C:\WINDOWS\system32\18.tmp - Deleted C:\WINDOWS\system32\19.tmp - Deleted C:\WINDOWS\system32\1A.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 17:56:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0008f4000527] "001247b39a95"=hex:9f,4d,7f,f5,79,28,27,62,cd,8f,05,ec,36,70,06,2a "000fde83913c"=hex:cc,72,f0,6d,57,34,73,85,70,32,08,c1,67,63,cb,56 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:73069c43 "s2"=dword:ee6cd70d "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000001 "ujdew"=hex:fe,8a,a1,c2,2b,72,a5,fe,a3,76,ad,6c,5b,9f,69,0d,85,44,5a,61,0f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:35,c4,0e,4c,b6,dd,cf,cf,c9,f6,02,d1,41,d6,60,5e,3a,9e,8d,de,80,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0008f4000527] "001247b39a95"=hex:9f,4d,7f,f5,79,28,27,62,cd,8f,05,ec,36,70,06,2a "000fde83913c"=hex:cc,72,f0,6d,57,34,73,85,70,32,08,c1,67,63,cb,56 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000001 "ujdew"=hex:fe,8a,a1,c2,2b,72,a5,fe,a3,76,ad,6c,5b,9f,69,0d,85,44,5a,61,0f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:35,c4,0e,4c,b6,dd,cf,cf,c9,f6,02,d1,41,d6,60,5e,3a,9e,8d,de,80,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000001 "ujdew"=hex:fe,8a,a1,c2,2b,72,a5,fe,a3,76,ad,6c,5b,9f,69,0d,85,44,5a,61,0f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:35,c4,0e,4c,b6,dd,cf,cf,c9,f6,02,d1,41,d6,60,5e,3a,9e,8d,de,80,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120% Corporate" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Steam\\SteamApps\\sefyuof51\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\sefyuof51\\counter-strike source\\hl2.exe:*:Disabled:hl2" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 30 Mar 2006 56 A.SHR --- "C:\i386\144CAADCE4.sys" Thu 30 Mar 2006 3,766 A.SH. --- "C:\i386\KGyGaAvL.sys" Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg" Mon 27 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll" Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll" Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll" Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll" Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll" Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll" Sun 4 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll" Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll" Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll" Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll" Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll" Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll" Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll" Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll" Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll" Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll" Sat 17 May 2008 72,704 ..SHR --- "C:\Program Files\Salaat Time\Setup.exe" Sun 17 Sep 2006 104 ..SHR --- "C:\WINDOWS\system32\144CAADCE4.sys" Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll" Sun 17 Sep 2006 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Thu 12 Oct 2006 94,208 ..SH. --- "C:\WINDOWS\system32\SalaatTime.dll" Sat 8 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 21 May 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak" Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 8 Apr 2006 4,348 ...H. --- "C:\Documents and Settings\khaled zeghouani\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Sat 8 Apr 2006 20 A..H. --- "C:\Documents and Settings\khaled zeghouani\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sat 8 Apr 2006 400 A.SH. --- "C:\Documents and Settings\khaled zeghouani\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished!
  10. L'ecran du burau de mon ordinateur affichait en grand " Warning! spyware detected on your computer" ensuite jai regarder dans un forum ou quelqu'un disait qu'il fallait utiliser combofix.. voici le rapport: ComboFix 08-08-28.06 - khaled zeghouani 2008-08-29 15:54:33.1 - NTFSx86 Endroit: C:\Documents and Settings\khaled zeghouani\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Starware370 C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findit_music.bmp C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Highlight.bmp C:\Documents and Settings\All Users\Application Data\Starware370\buttons\HighlightHot.bmp C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlighthotxp.png C:\Documents and Settings\All Users\Application Data\Starware370\buttons\highlightxp.png C:\Documents and Settings\All Users\Application Data\Starware370\buttons\lyrics.bmp C:\Documents and Settings\All Users\Application Data\Starware370\buttons\music_search.bmp C:\Documents and Settings\All Users\Application Data\Starware370\buttons\radio.bmp C:\Documents and Settings\All Users\Application Data\Starware370\buttons\starware_toolbar_icon.bmp C:\Documents and Settings\All Users\Application Data\Starware370\contexts\error.xml C:\Documents and Settings\All Users\Application Data\Starware370\contexts\related.xml C:\Documents and Settings\All Users\Application Data\Starware370\contexts\travel.xml C:\Documents and Settings\khaled zeghouani\Application Data\rhcl9cj0elc7 C:\Program Files\Instant Access C:\Program Files\instant access\Center\DIALSEXY.upd C:\Program Files\instant access\Center\GAMES-DESKTOP.COM.upd C:\Program Files\instant access\Center\SERIALPLAYERS.upd C:\Program Files\instant access\Center\tray1.ico C:\Program Files\instant access\Dialer\324652326\es6-external-api.dlv4.com\js\c17feb6b29758d63c01c83a5f9a0a90a C:\Program Files\instant access\Dialer\324652326\es6-scripts.dlv4.com\Common\4528d5bfe27ef4225391110c8fcbdd70.html C:\Program Files\instant access\Dialer\324652326\es6-scripts.dlv4.com\custom\4277\4277_dialer.ico C:\Program Files\instant access\Dialer\324652326\es6-scripts.dlv4.com\custom\4277\FR\button1.gif C:\Program Files\instant access\Dialer\324652326\es6-scripts.dlv4.com\custom\4277\FR\button2.gif C:\Program Files\instant access\Dialer\324652326\es6-scripts.dlv4.com\custom\4277\FR\button3.gif C:\Program Files\instant access\Dialer\324652326\es6-scripts.dlv4.com\custom\4277\FR\button4.gif C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\4471\images\FR\index_01.jpg C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\4471\images\FR\index_02.jpg C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\4471\images\index_03.jpg C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\4471\images\index_05.jpg C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\4471\images\index_06.jpg C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\4471\images\index_07.jpg C:\Program Files\instant access\Dialer\324652326\fp.gad-network.com\a069594ae0c6c9d0da27abd724fbd16e.html C:\Program Files\instant access\Dialer\324652326\www.rapid-pass.net\653e32c91f014ebbcdb100950405c204 C:\Program Files\MailSkinner C:\Program Files\mailskinner\anim_0.gif C:\Program Files\mailskinner\anim_help.gif C:\Program Files\Starware370 C:\Program Files\Starware370\brand.bmp C:\Program Files\Starware370\icons\star_16.ico C:\Program Files\Starware370\Setup.exe C:\Program Files\Starware370\Starware370Config.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pack.epk C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\axsetup.dll C:\WINDOWS\system32\blphcg9cj0elc7.scr c:\windows\system32\Drivers\Winhm73.sys C:\WINDOWS\system32\lphcg9cj0elc7.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\phcg9cj0elc7.bmp C:\WINDOWS\system32\pphcg9cj0elc7.exe C:\WINDOWS\system32\SCVHSOT.exe C:\WINDOWS\system32\setting.ini C:\WINDOWS\system32\sgsyaou.dat C:\WINDOWS\system32\sgsyaou.exe C:\WINDOWS\system32\sgsyaou_nav.dat C:\WINDOWS\system32\sgsyaou_navps.dat C:\WINDOWS\system32\vsdatant.sys C:\WINDOWS\system32\WinCtrl32.dll C:\WINDOWS\tmlpcert2007 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VSDATANT -------\Legacy_WINDOWNETPKER -------\Legacy_WINHM73 -------\Service_vsdatant -------\Service_windownetpker -------\Service_Winhm73 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))))))) . 2008-08-28 22:59 . 2008-08-29 16:05 288,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-28 22:59 . 2008-08-29 16:03 4,412 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-28 22:52 . 2008-08-28 22:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-28 22:52 . 2008-08-28 22:56 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-28 22:51 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-08-28 22:51 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-08-28 22:51 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-08-28 22:51 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-08-28 22:51 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-08-28 22:50 . 2008-08-28 22:50 <REP> d-------- C:\Program Files\Zone Labs 2008-08-28 21:31 . 2008-08-28 21:31 <REP> d-------- C:\Documents and Settings\khaled zeghouani\Application Data\Viewpoint 2008-08-28 19:30 . 2008-08-28 19:30 160,288 --a------ C:\WINDOWS\nod32_v3.0.621.0_Fr Uninstaller.exe 2008-08-28 19:24 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-08-28 18:42 . 2008-08-28 18:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-28 18:42 . 2008-08-28 23:01 106,496 --a------ C:\WINDOWS\system32\1A.tmp 2008-08-28 18:42 . 2008-08-28 23:00 106,496 --a------ C:\WINDOWS\system32\19.tmp 2008-08-28 18:42 . 2008-08-28 23:00 106,496 --a------ C:\WINDOWS\system32\18.tmp 2008-08-28 18:42 . 2008-08-28 23:00 106,496 --a------ C:\WINDOWS\system32\17.tmp 2008-08-28 18:40 . 2008-08-28 18:40 <REP> d-------- C:\Program Files\ESET 2008-08-28 18:03 . 2008-08-28 18:03 61,440 --a------ C:\WINDOWS\system32\drivers\937.exe 2008-08-28 17:47 . 2008-08-28 17:47 61,440 --a------ C:\WINDOWS\system32\drivers\796.exe 2008-08-28 12:21 . 2008-08-28 12:21 32 --a-s---- C:\WINDOWS\system32\3565636821.dat 2008-08-27 09:40 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-27 09:39 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-27 02:37 . 2008-08-27 02:37 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-27 02:37 . 2008-08-27 02:37 <REP> d-------- C:\WINDOWS\system32\bits 2008-08-27 02:37 . 2008-08-27 02:37 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-27 02:30 . 2008-08-27 02:38 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-08-27 02:13 . 2008-08-27 02:13 <REP> d-------- C:\WINDOWS\EHome 2008-08-19 01:57 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-19 01:57 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-08-19 01:57 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-08-19 01:57 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-08-19 01:56 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-29 11:41 --------- d-----w C:\Program Files\Brother 2008-08-29 11:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-29 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-29 11:30 --------- d-----w C:\Documents and Settings\khaled zeghouani\Application Data\OpenOffice.org2 2008-08-29 11:18 --------- d-----w C:\Program Files\Steam 2008-08-29 10:40 --------- d-----w C:\Program Files\RomStation 2008-08-28 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-08-28 16:15 --------- d-----w C:\Program Files\McAfee.com 2008-08-28 16:15 --------- d-----w C:\Program Files\McAfee 2008-08-28 16:09 --------- d-----w C:\Program Files\Google 2008-08-28 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-08-28 15:41 --------- d-----w C:\Program Files\Alwil Software 2008-08-27 00:59 --------- d-----w C:\Documents and Settings\khaled zeghouani\Application Data\Azureus 2008-08-08 09:09 --------- d-----w C:\Program Files\eMule 2008-07-02 18:00 --------- d-----w C:\Program Files\Azureus 2008-05-13 08:49 81,920 ----a-w C:\Documents and Settings\khaled zeghouani\Application Data\ezpinst.exe 2008-05-13 08:49 47,360 ----a-w C:\Documents and Settings\khaled zeghouani\Application Data\pcouffin.sys 2006-03-30 19:27 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-09-17 20:15 104 -csh--r C:\WINDOWS\system32\144CAADCE4.sys 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll 2006-09-17 20:15 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-12 03:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll . ------- Sigcheck ------- 2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp3gdr\tcpip.sys 2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-30 22:14 5724184] "Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08 4937512] "SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2008-05-16 04:01 13496320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40 462848] "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 11:45 90112] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-29 21:05 68856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^khaled zeghouani^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\khaled zeghouani\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2007-03-27 17:36 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 19:39 1271032 c:\Program Files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Steam\\SteamApps\\sefyuof51\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a00f395-c8bb-11da-86f7-00032f4210fb}] \Shell\AutoRun\command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5bb76a2-86c7-11dc-8982-00032f4210fb}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - HKLM-Run-sgsyaou - c:\windows\system32\sgsyaou.exe HKLM-Run-lphcg9cj0elc7 - C:\WINDOWS\system32\lphcg9cj0elc7.exe HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/ R0 -: HKLM-Main,Start Page = hxxp://www.01net.com/telecharger/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 16:05:50 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrotherDcomLaunch] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthServwindownetpker] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpEapHost] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcstisvc] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcmnmsrvc] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcmnmsrvcHidServ] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutolanmanworkstation] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScheduleCOMSysApp] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\STIAlerter] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvcAlerter] "ImagePath"=" srv" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\brss01a.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-29 16:19:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-29 14:18:27 Pre-Run: 5,609,558,016 octets libres Post-Run: 5,736,050,688 octets libres 308 --- E O F --- 2008-08-27 14:56:33
  11. Bonjour, J'aimerais avoir de l'aide pour lire le rapport que m'a donner combofix pour desinfecter mon ordinateur
×
×
  • Créer...