Aller au contenu

spaversu

Membres
  • Compteur de contenus

    41
  • Inscription

  • Dernière visite

Réputation sur la communauté

0 Neutral

À propos de spaversu

  • Rang
    Member
  1. Bonjour, Voilà mon (petit) problème : Je n'arrive pas à utiliser mes logiciels de P2P qui au bout de quelques minutes bloquent mes téléchargements( 0,0 Ko/s ) puis "freezent" (ils ne répondent plus). Je parle d'Emule, Utorrent ou Azureus/Vuze (qui lui ne "freeze" pas mais carrément disparait...). Emule indique un problème de "mappage" dans son journal des connections. Utorrent semble indiquer qu'il faille configurer l'ouverture des ports dans mon routeur. L'ennui c'est que c'est déjà fait ! En effet, je précise que ce problème existe malgré la configuration de mon routeur ( Alice box ) et l'ouverture des ports utilisés par mes logiciels de P2P comme indiqué dans les tutoriels concernant ces logiciels. D'ailleurs les premières minutes tout va bien, les voyants sont au vert et les téléchargements à hauteur de ma connexion... D'autre part ma connexion internet fonctionne normalement pour ce qui est de la navigation etc. Je n'ai pas trouvé sur Zébulon un sujet comportant la solution (du moins je crois) ni sur d'autres forums. Quelqu'un aurait il la gentillesse (et la patience) de se pencher sur mon problème ? Peut-être l'un de vous à été confronté au même ennui ? Merci d'avance...
  2. Oups j'avais pas vu ton message... Il semblerait donc que les virus / problèmes ont été effacés... Merci beaucoup pour le temps passé sur mon problème et ta patience ... Comment marquer le sujet comme résolu ? En tout cas merci et à bientôt peut-être...
  3. HA HA HA j'ai trouvé.... C'était super simple en fait : Pour je ne sais quelle raison Internet explorer s'était remis en navigateur par défaut au détriment de FF sans que je m'en rende compte. Le problème s'est que IE est défaillant ou partiellement enlevé de mon PC (je ne sais pas pourquoi, peut-être une erreur il y a longtemps..). Et le message: "aucun programme n'est associé à ce fichier pour exécuter cette action". ne correspondait pas aux fichiers Alice, Nvidia firewall etc. mais à IE. Reste que mon ordinateur est infecté...
  4. Entre temps Antivir a détecté ( une mise à jour ou un scan auto s'est declenché..) à nouveau le virus "TR/Monderb". Antivir ne l'avait pas efficacement mis en quarantaine semble t il...
  5. Voici le scan Avira: Avira AntiVir Personal Report file date: mardi 4 novembre 2008 16:50 Scanning for 1005296 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: julien Computer name: JULIEN-2BD4071C Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 01:11:18 ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 17:03:02 ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 17:03:03 ANTIVIR3.VDF : 7.1.0.30 69120 Bytes 03/11/2008 01:31:44 Engineversion : 8.2.0.10 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 12:03:43 AESCRIPT.DLL : 8.1.1.9 319867 Bytes 17/10/2008 13:36:53 AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 12:03:39 AERDL.DLL : 8.1.1.2 438644 Bytes 10/10/2008 15:32:47 AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 12:03:37 AEOFFICE.DLL : 8.1.0.29 196988 Bytes 23/10/2008 16:03:30 AEHEUR.DLL : 8.1.0.63 1479032 Bytes 23/10/2008 16:03:28 AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 12:03:32 AEGEN.DLL : 8.1.0.42 319861 Bytes 24/10/2008 16:05:29 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 12:03:28 AECORE.DLL : 8.1.2.9 172407 Bytes 30/10/2008 01:11:24 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 12:03:23 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 10/10/2008 15:32:22 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 4 novembre 2008 16:50 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '58' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Qoobox\Quarantine\C\WINDOWS\system32\awtqNghe.dll.vir [DETECTION] Is the TR/Monderb.wkt Trojan [NOTE] A backup was created as '49847049.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRLdDTk.dll.vir [DETECTION] Is the TR/Monderb.wkt Trojan [NOTE] A backup was created as '49627043.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <D> D:\jeux jean do\Crysis\Levels2.cab [0] Archive type: CAB (Microsoft) --> _AFAD19B01E0D4AE98E466E571FFA318F [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: mardi 4 novembre 2008 17:29 Used time: 39:05 Minute(s) The scan has been done completely. 3565 Scanning directories 367261 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 2 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 367257 Files not concerned 3130 Archives were scanned 4 Warnings 2 Notes
  6. Salut cher ami... Voilà anfin ce rapport : ComboFix 08-11-03.06 - julien 2008-11-04 15:53:16.6 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2832 [GMT 1:00] Lancé depuis: c:\documents and settings\julien\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\julien\Bureau\CFScript.txt FILE :: C:\1687864310 c:\windows\NV38563876.TMP c:\windows\system32\ksaf83hfd.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\1687864310 c:\windows\system32\ksaf83hfd.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 )))))))))))))))))))))))))))))))))))) . 2008-11-04 15:13 . 2008-11-04 15:13 1,374 --a------ c:\windows\imsins.BAK 2008-11-03 23:58 . 2008-11-04 15:00 <REP> d-------- c:\documents and settings\julien\Application Data\uTorrent 2008-11-03 00:45 . 2008-11-03 00:45 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-11-02 22:42 . 2008-11-02 22:42 <REP> d-------- c:\windows\SxsCaPendDel 2008-11-01 05:16 . 2008-11-01 05:16 <REP> d-------- c:\program files\Java 2008-11-01 05:16 . 2008-11-01 05:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-01 05:09 . 2008-11-01 05:11 <REP> d-------- c:\documents and settings\julien\.SunDownloadManager 2008-10-30 19:51 . 2008-10-30 19:51 <REP> d-------- c:\program files\Microsoft Silverlight 2008-10-30 02:04 . 2008-11-03 16:58 2,920 --a------ c:\windows\system32\tmp.reg 2008-10-30 01:56 . 2008-10-30 02:00 <REP> d-------- C:\ToolBar SD 2008-10-29 21:19 . 2008-10-29 21:19 <REP> d-------- C:\rsit 2008-10-29 21:19 . 2008-10-29 21:19 <REP> d-------- c:\program files\trend micro 2008-10-29 02:59 . 2008-11-03 23:55 <REP> d-------- c:\documents and settings\julien\Application Data\Azureus 2008-10-29 02:59 . 2008-10-29 02:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus 2008-10-29 02:18 . 2008-10-29 02:18 <REP> d-------- c:\documents and settings\julien\LocalLow 2008-10-29 02:18 . 2008-10-29 02:18 <REP> d-------- c:\documents and settings\All Users\Application Data\TVU Networks 2008-10-29 00:07 . 2008-10-29 00:07 <REP> d-------- c:\documents and settings\julien\Application Data\Logitech 2008-10-29 00:07 . 2008-10-29 00:07 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-10-29 00:06 . 2007-11-15 10:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-10-29 00:06 . 2007-11-15 10:07 170,512 --a------ c:\windows\system32\kemutb.dll 2008-10-29 00:06 . 2007-11-15 10:07 141,840 --a------ c:\windows\system32\KemUtil.dll 2008-10-29 00:06 . 2007-11-15 10:07 117,264 --a------ c:\windows\system32\KemWnd.dll 2008-10-29 00:06 . 2007-11-15 10:07 76,304 --a------ c:\windows\system32\KemXML.dll 2008-10-29 00:06 . 2008-10-29 00:06 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-29 00:06 . 2008-10-29 00:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-10-29 00:05 . 2008-10-29 00:07 <REP> d-------- c:\program files\Fichiers communs\Logishrd 2008-10-29 00:05 . 2008-10-29 00:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech 2008-10-29 00:05 . 2008-10-29 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-10-28 17:48 . 2008-10-28 17:48 <REP> d-------- c:\program files\Sun 2008-10-28 17:48 . 2008-11-01 05:16 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-27 16:08 . 2008-10-27 16:08 <REP> d-------- c:\program files\TechCity Solutions 2008-10-27 16:06 . 2008-10-27 16:08 <REP> d-------- c:\program files\Alice 2008-10-27 00:09 . 2008-10-29 14:22 <REP> d-------- c:\windows\system32\LogFiles 2008-10-26 23:52 . 2008-10-26 23:52 <REP> d--hs---- c:\windows\ftpcache 2008-10-26 23:51 . 2008-10-26 23:51 319 --a------ c:\windows\game.ini 2008-10-26 19:03 . 2008-10-26 19:03 <REP> d-------- C:\temp 2008-10-26 19:03 . 2008-10-26 19:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Media Center Programs 2008-10-24 00:46 . 2008-10-24 00:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-10-24 00:28 . 2008-10-24 00:28 <REP> d-------- c:\documents and settings\julien\Application Data\DAEMON Tools 2008-10-23 20:08 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 15:16 . 2008-10-21 15:16 <REP> d-------- c:\program files\Fichiers communs\Adobe 2008-10-18 18:01 . 2008-10-30 15:08 <REP> d-------- c:\documents and settings\julien\Application Data\skypePM 2008-10-18 18:01 . 2008-10-18 18:01 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- c:\program files\Skype 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- c:\program files\Fichiers communs\Skype 2008-10-18 17:59 . 2008-10-30 15:35 <REP> d-------- c:\documents and settings\julien\Application Data\Skype 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-10-18 17:48 . 2008-10-18 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative 2008-10-17 18:09 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx 2008-10-17 18:09 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2008-10-17 18:09 . 2003-06-12 22:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2008-10-17 18:08 . 2008-10-17 18:08 <REP> d-------- c:\documents and settings\julien\Application Data\Creative 2008-10-17 18:07 . 2006-08-30 06:10 158,456 --------- c:\windows\system32\pxwma.dll 2008-10-17 18:06 . 2008-10-17 18:06 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies 2008-10-17 18:06 . 2008-10-17 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies 2008-10-17 18:05 . 2008-10-17 18:05 <REP> d-------- c:\program files\SightSpeed 2008-10-17 18:05 . 2008-10-17 18:05 <REP> d-------- c:\documents and settings\julien\Application Data\InstallShield 2008-10-17 18:05 . 1998-11-13 12:16 308,224 --a------ c:\windows\IsUn040c.exe 2008-10-17 18:04 . 2003-03-19 06:19 1,060,864 --------- c:\windows\system32\MFC71.DLL 2008-10-17 18:04 . 2006-08-29 09:11 1,047,552 --------- c:\windows\system32\MFC71u.dll 2008-10-17 17:58 . 2008-04-14 03:34 92,160 --a------ c:\windows\system32\kswdmcap.ax 2008-10-17 17:58 . 2008-04-14 03:34 92,160 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax 2008-10-17 17:58 . 2008-04-14 03:34 61,952 --a------ c:\windows\system32\kstvtune.ax 2008-10-17 17:58 . 2008-04-14 03:34 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax 2008-10-17 17:58 . 2008-04-14 03:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll 2008-10-17 17:58 . 2008-04-14 03:33 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll 2008-10-17 17:58 . 2008-04-14 03:34 43,008 --a------ c:\windows\system32\ksxbar.ax 2008-10-17 17:58 . 2008-04-14 03:34 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax 2008-10-17 17:58 . 2008-04-14 03:34 20,992 --a------ c:\windows\system32\dshowext.ax 2008-10-17 17:58 . 2008-04-14 03:34 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax 2008-10-15 20:00 . 2008-10-19 23:14 <REP> d-------- c:\program files\MSECACHE 2008-10-15 13:05 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 13:04 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 13:04 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 02:40 . 2008-10-15 02:47 <REP> d-------- c:\program files\NOS 2008-10-15 02:40 . 2008-10-15 02:48 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-13 17:45 . 2008-10-13 17:45 <REP> d-------- c:\program files\NVIDIA Corporation 2008-10-13 17:45 . 2008-10-13 17:45 1,024 --a------ C:\.rnd 2008-10-13 17:45 . 2008-10-13 17:45 25 --a------ c:\windows\FileName 2008-10-13 17:44 . 2005-09-28 10:10 466,944 --a------ c:\windows\system32\CapabilityTable.exe 2008-10-13 17:44 . 2006-04-14 15:00 208,896 --------- c:\windows\system32\nvuide.exe 2008-10-13 17:44 . 2006-04-14 15:01 35,840 -ra------ c:\windows\system32\NVCOI.DLL 2008-10-13 17:44 . 2006-02-20 14:00 1,570 --------- c:\windows\system32\nvide.nvu 2008-10-13 17:43 . 2008-10-13 17:43 <REP> d-------- c:\windows\NV38563876.TMP 2008-10-13 17:43 . 2006-02-17 12:28 305,152 -ra------ c:\windows\system32\drivers\nvnrm.sys 2008-10-13 17:43 . 2006-02-17 12:28 222,592 -ra------ c:\windows\system32\drivers\nvsnpu.sys 2008-10-13 17:43 . 2006-04-14 15:00 208,896 -ra------ c:\windows\system32\nvusmb.exe 2008-10-13 17:43 . 2006-04-14 15:00 208,896 -ra------ c:\windows\system32\nvunrm.exe 2008-10-13 17:43 . 2006-02-17 12:27 204,288 -ra------ c:\windows\system32\fdco1.dll 2008-10-13 17:43 . 2006-02-17 12:28 101,632 -ra------ c:\windows\system32\drivers\nvtcp.sys 2008-10-13 17:43 . 2006-02-17 12:28 34,176 -ra------ c:\windows\system32\drivers\NVENETFD.sys 2008-10-13 17:43 . 2006-02-17 12:28 13,056 -ra------ c:\windows\system32\drivers\nvnetbus.sys 2008-10-13 17:43 . 2006-02-17 12:26 9,728 -ra------ c:\windows\system32\bdco1.dll 2008-10-13 17:43 . 2005-12-08 13:06 3,657 --a------ c:\windows\system32\nvnrm.nvu 2008-10-13 17:43 . 2006-02-20 14:00 1,864 -ra------ c:\windows\system32\nvsmb.nvu 2008-10-13 17:40 . 2008-10-13 17:40 <REP> d-------- c:\program files\ASUS 2008-10-13 16:54 . 2008-10-13 16:57 <REP> d-------- c:\documents and settings\julien\Application Data\DeepBurner 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\system32\fr-fr 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\system32\fr 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\system32\bits 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\l2schemas 2008-10-13 14:32 . 2008-10-13 14:34 <REP> d-------- c:\windows\ServicePackFiles 2008-10-13 14:29 . 2008-10-13 14:29 <REP> d-------- c:\windows\EHome 2008-10-13 01:23 . 2008-10-13 01:23 <REP> dr-h----- c:\documents and settings\julien\Application Data\SecuROM 2008-10-13 01:23 . 2008-10-13 01:23 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-10-13 00:59 . 2008-10-13 00:59 45 --a------ c:\windows\system32\initdebug.nfo 2008-10-12 21:50 . 2001-01-09 19:09 12,285 --a------ c:\windows\Cadx3.ini 2008-10-12 21:49 . 2008-10-12 21:49 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2008-10-12 21:22 . 2008-10-12 21:22 <REP> dr------- c:\windows\AsDmiHtm 2008-10-12 20:27 . 2008-10-12 20:27 <REP> d-------- c:\documents and settings\julien\Application Data\dvdcss 2008-10-12 20:26 . 2008-10-12 20:27 <REP> d-------- c:\documents and settings\julien\Application Data\vlc 2008-10-11 16:39 . 2004-08-03 21:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys 2008-10-11 10:37 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-10-11 10:37 . 2008-07-18 21:07 210,976 --a------ c:\windows\system32\muweb.dll 2008-10-11 10:37 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-11 00:33 . 2008-10-11 00:41 <REP> d-------- c:\documents and settings\julien\Contacts 2008-10-11 00:32 . 2008-10-11 00:32 <REP> d----c--- c:\windows\system32\DRVSTORE 2008-10-11 00:24 . 2008-10-11 00:24 <REP> d-------- c:\documents and settings\julien\Application Data\MSNInstaller 2008-10-11 00:20 . 2008-10-11 00:26 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller 2008-10-11 00:19 . 2008-10-11 00:32 <REP> d-------- c:\program files\Windows Live 2008-10-11 00:19 . 2008-10-11 00:25 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-10 17:48 . 2008-10-10 17:48 13,646 --a------ c:\windows\system32\wpa.bak . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-28 23:07 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-10 22:09 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-10-09 17:53 --------- d-----w c:\program files\Realtek 2008-10-09 17:20 --------- d-----w c:\program files\microsoft frontpage 2008-10-09 17:19 --------- d-----w c:\program files\Services en ligne 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( [email protected]_15.10.22,64 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2007-09-21 02:10:20 20,240 ----a-w c:\windows\system32\drivers\L8042Kbd.sys + 2007-09-21 02:11:02 28,432 ----a-w c:\windows\system32\drivers\LUsbFilt.sys + 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll + 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll + 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll + 2008-11-04 14:55:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_61c.dat - 2008-10-31 22:44:56 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2008-11-04 14:55:58 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "LDM"="d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-29 67128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "C0100Mon.exe"="c:\windows\C0100Mon.exe" [2007-04-29 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-29 67128] Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-29 784912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSAV] --a------ 2005-12-16 17:57 81408 c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "d:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "d:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\julien\\Bureau\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6535:TCP"= 6535:TCP:emule1 "7312:UDP"= 7312:UDP:emule2 R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-01 152984] R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe [2008-04-14 14336] S1 61d90150;61d90150;c:\windows\system32\drivers\61d90150.sys [ ] S3 C0100Afx;Provides a software interface to control audio effects of VC0100 camera.;c:\windows\system32\Drivers\C0100Afx.sys [2007-06-07 141376] S3 C0100Aud;Provides a software interface to control noise cancellation of VC0100 camera.;c:\windows\system32\Drivers\C0100Aud.sys [2006-04-18 93440] S3 C0100Aul;Provides a software interface to control audio formats of VC0100 camera.;c:\windows\system32\Drivers\C0100Aul.sys [2007-04-19 5120] S3 C0100Dev;Creative Camera VC0100 Driver;c:\windows\system32\DRIVERS\C0100Dev.sys [2007-05-24 239904] S3 C0100Vfx;Creative Camera VC0100 Video VFX Driver;c:\windows\system32\DRIVERS\C0100Vfx.sys [2006-12-05 7168] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 15:56:06 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe . ************************************************************************** . Heure de fin: 2008-11-04 15:58:18 - La machine a redémarré [julien] ComboFix-quarantined-files.txt 2008-11-04 14:58:16 ComboFix2.txt 2008-11-03 19:21:13 ComboFix3.txt 2008-11-03 18:38:48 ComboFix4.txt 2008-11-03 16:07:20 ComboFix5.txt 2008-11-04 14:37:35 Avant-CF: 2,484,166,656 octets libres Après-CF: 2,470,031,360 octets libres 290 --- E O F --- 2008-10-24 02:02:21 Par contre, dois-je faire ce scan en ligne ? Internet explorer reste introuvable sur mon PC et son installation (depuis le site microsoft) ne fonctionne pas (" l'instalation ne s'est pas terminée correctement..."). Je vais essayer de trouver internet explorer 6 plutôt que le 7 (on sait jamais). Aucune possibilité sur Firefox ? A plus tard...
  7. Très bien, merci... A demain donc (et un peu plus tôt qu'aujourd'hui...)
  8. ComboFix 08-11-02.05 - julien 2008-11-03 20:18:14.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2680 [GMT 1:00] Lancé depuis: c:\documents and settings\julien\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 )))))))))))))))))))))))))))))))))))) . 2008-11-03 00:45 . 2008-11-03 00:45 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-11-02 22:42 . 2008-11-02 22:42 <REP> d-------- c:\windows\SxsCaPendDel 2008-11-02 22:34 . 2008-11-03 20:20 105,858 --a------ c:\windows\system32\drivers\61d90150.sys 2008-11-02 22:34 . 2008-11-02 22:34 10,000 --a------ c:\windows\system32\ksaf83hfd.dll 2008-11-02 22:34 . 2008-11-02 22:34 0 --a------ C:\1687864310 2008-11-01 05:16 . 2008-11-01 05:16 <REP> d-------- c:\program files\Java 2008-11-01 05:16 . 2008-11-01 05:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-01 05:09 . 2008-11-01 05:11 <REP> d-------- c:\documents and settings\julien\.SunDownloadManager 2008-10-30 19:51 . 2008-10-30 19:51 <REP> d-------- c:\program files\Microsoft Silverlight 2008-10-30 02:04 . 2008-11-03 16:58 2,920 --a------ c:\windows\system32\tmp.reg 2008-10-30 01:56 . 2008-10-30 02:00 <REP> d-------- C:\ToolBar SD 2008-10-29 21:19 . 2008-10-29 21:19 <REP> d-------- C:\rsit 2008-10-29 21:19 . 2008-10-29 21:19 <REP> d-------- c:\program files\trend micro 2008-10-29 02:59 . 2008-11-01 14:16 <REP> d-------- c:\documents and settings\julien\Application Data\Azureus 2008-10-29 02:59 . 2008-10-29 02:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus 2008-10-29 02:18 . 2008-10-29 02:18 <REP> d-------- c:\documents and settings\julien\LocalLow 2008-10-29 02:18 . 2008-10-29 02:18 <REP> d-------- c:\documents and settings\All Users\Application Data\TVU Networks 2008-10-29 00:07 . 2008-10-29 00:07 <REP> d-------- c:\documents and settings\julien\Application Data\Logitech 2008-10-29 00:07 . 2008-10-29 00:07 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-10-29 00:06 . 2007-11-15 10:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-10-29 00:06 . 2007-11-15 10:07 170,512 --a------ c:\windows\system32\kemutb.dll 2008-10-29 00:06 . 2007-11-15 10:07 141,840 --a------ c:\windows\system32\KemUtil.dll 2008-10-29 00:06 . 2007-11-15 10:07 117,264 --a------ c:\windows\system32\KemWnd.dll 2008-10-29 00:06 . 2007-11-15 10:07 76,304 --a------ c:\windows\system32\KemXML.dll 2008-10-29 00:06 . 2008-10-29 00:06 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-29 00:06 . 2008-10-29 00:06 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-10-29 00:05 . 2008-10-29 00:07 <REP> d-------- c:\program files\Fichiers communs\Logishrd 2008-10-29 00:05 . 2008-10-29 00:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech 2008-10-29 00:05 . 2008-10-29 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-10-28 17:48 . 2008-10-28 17:48 <REP> d-------- c:\program files\Sun 2008-10-28 17:48 . 2008-11-01 05:16 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-27 16:08 . 2008-10-27 16:08 <REP> d-------- c:\program files\TechCity Solutions 2008-10-27 16:06 . 2008-10-27 16:08 <REP> d-------- c:\program files\Alice 2008-10-27 00:09 . 2008-10-29 14:22 <REP> d-------- c:\windows\system32\LogFiles 2008-10-26 23:52 . 2008-10-26 23:52 <REP> d--hs---- c:\windows\ftpcache 2008-10-26 23:51 . 2008-10-26 23:51 319 --a------ c:\windows\game.ini 2008-10-26 19:03 . 2008-10-26 19:03 <REP> d-------- C:\temp 2008-10-26 19:03 . 2008-10-26 19:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Media Center Programs 2008-10-24 00:46 . 2008-10-24 00:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-10-24 00:28 . 2008-10-24 00:28 <REP> d-------- c:\documents and settings\julien\Application Data\DAEMON Tools 2008-10-23 20:08 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 15:16 . 2008-10-21 15:16 <REP> d-------- c:\program files\Fichiers communs\Adobe 2008-10-18 18:01 . 2008-10-30 15:08 <REP> d-------- c:\documents and settings\julien\Application Data\skypePM 2008-10-18 18:01 . 2008-10-18 18:01 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- c:\program files\Skype 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- c:\program files\Fichiers communs\Skype 2008-10-18 17:59 . 2008-10-30 15:35 <REP> d-------- c:\documents and settings\julien\Application Data\Skype 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-10-18 17:48 . 2008-10-18 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative 2008-10-17 18:09 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx 2008-10-17 18:09 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2008-10-17 18:09 . 2003-06-12 22:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2008-10-17 18:08 . 2008-10-17 18:08 <REP> d-------- c:\documents and settings\julien\Application Data\Creative 2008-10-17 18:07 . 2006-08-30 06:10 158,456 --------- c:\windows\system32\pxwma.dll 2008-10-17 18:06 . 2008-10-17 18:06 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies 2008-10-17 18:06 . 2008-10-17 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies 2008-10-17 18:05 . 2008-10-17 18:05 <REP> d-------- c:\program files\SightSpeed 2008-10-17 18:05 . 2008-10-17 18:05 <REP> d-------- c:\documents and settings\julien\Application Data\InstallShield 2008-10-17 18:05 . 1998-11-13 12:16 308,224 --a------ c:\windows\IsUn040c.exe 2008-10-17 18:04 . 2003-03-19 06:19 1,060,864 --------- c:\windows\system32\MFC71.DLL 2008-10-17 18:04 . 2006-08-29 09:11 1,047,552 --------- c:\windows\system32\MFC71u.dll 2008-10-17 17:58 . 2008-04-14 03:34 92,160 --a------ c:\windows\system32\kswdmcap.ax 2008-10-17 17:58 . 2008-04-14 03:34 92,160 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax 2008-10-17 17:58 . 2008-04-14 03:34 61,952 --a------ c:\windows\system32\kstvtune.ax 2008-10-17 17:58 . 2008-04-14 03:34 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax 2008-10-17 17:58 . 2008-04-14 03:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll 2008-10-17 17:58 . 2008-04-14 03:33 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll 2008-10-17 17:58 . 2008-04-14 03:34 43,008 --a------ c:\windows\system32\ksxbar.ax 2008-10-17 17:58 . 2008-04-14 03:34 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax 2008-10-17 17:58 . 2008-04-14 03:34 20,992 --a------ c:\windows\system32\dshowext.ax 2008-10-17 17:58 . 2008-04-14 03:34 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax 2008-10-15 20:00 . 2008-10-19 23:14 <REP> d-------- c:\program files\MSECACHE 2008-10-15 13:05 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 13:04 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 13:04 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 02:40 . 2008-10-15 02:47 <REP> d-------- c:\program files\NOS 2008-10-15 02:40 . 2008-10-15 02:48 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-13 17:45 . 2008-10-13 17:45 <REP> d-------- c:\program files\NVIDIA Corporation 2008-10-13 17:45 . 2008-10-13 17:45 1,024 --a------ C:\.rnd 2008-10-13 17:45 . 2008-10-13 17:45 25 --a------ c:\windows\FileName 2008-10-13 17:44 . 2005-09-28 10:10 466,944 --a------ c:\windows\system32\CapabilityTable.exe 2008-10-13 17:44 . 2006-04-14 15:00 208,896 --------- c:\windows\system32\nvuide.exe 2008-10-13 17:44 . 2006-04-14 15:01 35,840 -ra------ c:\windows\system32\NVCOI.DLL 2008-10-13 17:44 . 2006-02-20 14:00 1,570 --------- c:\windows\system32\nvide.nvu 2008-10-13 17:43 . 2008-10-13 17:43 <REP> d-------- c:\windows\NV38563876.TMP 2008-10-13 17:43 . 2006-02-17 12:28 305,152 -ra------ c:\windows\system32\drivers\nvnrm.sys 2008-10-13 17:43 . 2006-02-17 12:28 222,592 -ra------ c:\windows\system32\drivers\nvsnpu.sys 2008-10-13 17:43 . 2006-04-14 15:00 208,896 -ra------ c:\windows\system32\nvusmb.exe 2008-10-13 17:43 . 2006-04-14 15:00 208,896 -ra------ c:\windows\system32\nvunrm.exe 2008-10-13 17:43 . 2006-02-17 12:27 204,288 -ra------ c:\windows\system32\fdco1.dll 2008-10-13 17:43 . 2006-02-17 12:28 101,632 -ra------ c:\windows\system32\drivers\nvtcp.sys 2008-10-13 17:43 . 2006-02-17 12:28 34,176 -ra------ c:\windows\system32\drivers\NVENETFD.sys 2008-10-13 17:43 . 2006-02-17 12:28 13,056 -ra------ c:\windows\system32\drivers\nvnetbus.sys 2008-10-13 17:43 . 2006-02-17 12:26 9,728 -ra------ c:\windows\system32\bdco1.dll 2008-10-13 17:43 . 2005-12-08 13:06 3,657 --a------ c:\windows\system32\nvnrm.nvu 2008-10-13 17:43 . 2006-02-20 14:00 1,864 -ra------ c:\windows\system32\nvsmb.nvu 2008-10-13 17:40 . 2008-10-13 17:40 <REP> d-------- c:\program files\ASUS 2008-10-13 16:54 . 2008-10-13 16:57 <REP> d-------- c:\documents and settings\julien\Application Data\DeepBurner 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\system32\fr-fr 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\system32\fr 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\system32\bits 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- c:\windows\l2schemas 2008-10-13 14:32 . 2008-10-13 14:34 <REP> d-------- c:\windows\ServicePackFiles 2008-10-13 14:29 . 2008-10-13 14:29 <REP> d-------- c:\windows\EHome 2008-10-13 01:23 . 2008-10-13 01:23 <REP> dr-h----- c:\documents and settings\julien\Application Data\SecuROM 2008-10-13 01:23 . 2008-10-13 01:23 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-10-13 00:59 . 2008-10-13 00:59 45 --a------ c:\windows\system32\initdebug.nfo 2008-10-12 21:50 . 2001-01-09 19:09 12,285 --a------ c:\windows\Cadx3.ini 2008-10-12 21:49 . 2008-10-12 21:49 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2008-10-12 21:22 . 2008-10-12 21:22 <REP> dr------- c:\windows\AsDmiHtm 2008-10-12 20:27 . 2008-10-12 20:27 <REP> d-------- c:\documents and settings\julien\Application Data\dvdcss 2008-10-12 20:26 . 2008-10-12 20:27 <REP> d-------- c:\documents and settings\julien\Application Data\vlc 2008-10-11 16:39 . 2004-08-03 21:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys 2008-10-11 10:37 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-10-11 10:37 . 2008-07-18 21:07 210,976 --a------ c:\windows\system32\muweb.dll 2008-10-11 10:37 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-11 00:33 . 2008-10-11 00:41 <REP> d-------- c:\documents and settings\julien\Contacts 2008-10-11 00:32 . 2008-10-11 00:32 <REP> d----c--- c:\windows\system32\DRVSTORE 2008-10-11 00:24 . 2008-10-11 00:24 <REP> d-------- c:\documents and settings\julien\Application Data\MSNInstaller 2008-10-11 00:20 . 2008-10-11 00:26 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller 2008-10-11 00:19 . 2008-10-11 00:32 <REP> d-------- c:\program files\Windows Live 2008-10-11 00:19 . 2008-10-11 00:25 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-28 23:07 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-10 22:09 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-10-09 17:53 --------- d-----w c:\program files\Realtek 2008-10-09 17:20 --------- d-----w c:\program files\microsoft frontpage 2008-10-09 17:19 --------- d-----w c:\program files\Services en ligne 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( [email protected]_15.10.22,64 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2007-09-21 02:10:20 20,240 ----a-w c:\windows\system32\drivers\L8042Kbd.sys + 2007-09-21 02:11:02 28,432 ----a-w c:\windows\system32\drivers\LUsbFilt.sys + 2008-11-03 18:44:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3b4.dat - 2008-10-31 22:44:56 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2008-11-03 18:44:25 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "LDM"="d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-29 67128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "C0100Mon.exe"="c:\windows\C0100Mon.exe" [2007-04-29 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-29 67128] Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-29 784912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=zqesto.dll wnoanv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSAV] --a------ 2005-12-16 17:57 81408 c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "d:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "d:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "d:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\winver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6535:TCP"= 6535:TCP:emule1 "7312:UDP"= 7312:UDP:emule2 R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-01 152984] R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe [2008-04-14 14336] S3 C0100Afx;Provides a software interface to control audio effects of VC0100 camera.;c:\windows\system32\Drivers\C0100Afx.sys [2007-06-07 141376] S3 C0100Aud;Provides a software interface to control noise cancellation of VC0100 camera.;c:\windows\system32\Drivers\C0100Aud.sys [2006-04-18 93440] S3 C0100Aul;Provides a software interface to control audio formats of VC0100 camera.;c:\windows\system32\Drivers\C0100Aul.sys [2007-04-19 5120] S3 C0100Dev;Creative Camera VC0100 Driver;c:\windows\system32\DRIVERS\C0100Dev.sys [2007-05-24 239904] S3 C0100Vfx;Creative Camera VC0100 Video VFX Driver;c:\windows\system32\DRIVERS\C0100Vfx.sys [2006-12-05 7168] . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\julien\Application Data\Mozilla\Firefox\Profiles\zdilmalx.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - d:\program files\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - d:\program files\Mozilla Firefox\plugins\nppdf32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 20:20:00 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\61d90150] "ImagePath"="\SystemRoot\System32\drivers\61d90150.sys" . Heure de fin: 2008-11-03 20:21:12 ComboFix-quarantined-files.txt 2008-11-03 19:20:56 ComboFix2.txt 2008-11-03 18:38:48 ComboFix3.txt 2008-11-03 16:07:20 ComboFix4.txt 2008-11-01 14:11:03 Avant-CF: 12 012 032 000 octets libres Après-CF: 11,999,510,528 octets libres 274 --- E O F --- 2008-10-24 02:02:21
  9. Bonsoir, j'étais absent quelque temps... J'ai suivi la procédure Combofix mais je ne trouve pas le fichier après. Ni sur le bureau, ni dans le dossier C:/ combofix. Je poste quand même un rapport en relançant le logiciel (mais normalement cette fois ci):
  10. Salut.... voilà le rapport Combofix: ComboFix 08-10-31.02 - julien 2008-11-01 15:07:19.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2614 [GMT 1:00] Lancé depuis: C:\Documents and Settings\julien\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\julien\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 )))))))))))))))))))))))))))))))))))) . 2008-11-01 05:16 . 2008-11-01 05:16 <REP> d-------- C:\Program Files\Java 2008-11-01 05:16 . 2008-11-01 05:16 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-11-01 05:09 . 2008-11-01 05:11 <REP> d-------- C:\Documents and Settings\julien\.SunDownloadManager 2008-10-30 19:51 . 2008-10-30 19:51 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-10-30 02:04 . 2008-10-30 02:29 3,332 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-30 02:03 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-10-30 02:03 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-10-30 02:03 . 2008-09-08 22:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-10-30 02:03 . 2008-10-01 14:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe 2008-10-30 02:03 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe 2008-10-30 02:03 . 2008-05-18 20:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-10-30 02:03 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-10-30 02:03 . 2008-08-18 11:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-10-30 02:03 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-10-30 02:03 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-10-30 02:03 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-10-30 01:56 . 2008-10-30 02:00 <REP> d-------- C:\ToolBar SD 2008-10-29 21:19 . 2008-10-29 21:19 <REP> d-------- C:\rsit 2008-10-29 21:19 . 2008-10-29 21:19 <REP> d-------- C:\Program Files\trend micro 2008-10-29 02:59 . 2008-11-01 14:16 <REP> d-------- C:\Documents and Settings\julien\Application Data\Azureus 2008-10-29 02:59 . 2008-10-29 02:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-10-29 02:18 . 2008-10-29 02:18 <REP> d-------- C:\Documents and Settings\julien\LocalLow 2008-10-29 02:18 . 2008-10-29 02:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-10-29 00:07 . 2008-10-29 00:07 <REP> d-------- C:\Documents and Settings\julien\Application Data\Logitech 2008-10-29 00:07 . 2008-10-29 00:07 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-10-29 00:06 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-10-29 00:06 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-10-29 00:06 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-10-29 00:06 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-10-29 00:06 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-10-29 00:06 . 2008-10-29 00:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-29 00:06 . 2008-10-29 00:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-10-29 00:05 . 2008-10-29 00:07 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd 2008-10-29 00:05 . 2008-10-29 00:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-10-29 00:05 . 2008-10-29 00:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-10-28 17:48 . 2008-10-28 17:48 <REP> d-------- C:\Program Files\Sun 2008-10-28 17:48 . 2008-11-01 05:16 410,976 --a------ C:\WINDOWS\system32\deploytk.dll 2008-10-27 16:08 . 2008-10-27 16:08 <REP> d-------- C:\Program Files\TechCity Solutions 2008-10-27 16:06 . 2008-10-27 16:08 <REP> d-------- C:\Program Files\Alice 2008-10-27 00:09 . 2008-10-29 14:22 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-10-26 23:52 . 2008-10-26 23:52 <REP> d--hs---- C:\WINDOWS\ftpcache 2008-10-26 23:51 . 2008-10-26 23:51 319 --a------ C:\WINDOWS\game.ini 2008-10-26 19:03 . 2008-10-26 19:03 <REP> d-------- C:\temp 2008-10-26 19:03 . 2008-10-26 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs 2008-10-24 00:46 . 2008-10-24 00:46 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-24 00:28 . 2008-10-24 00:28 <REP> d-------- C:\Documents and Settings\julien\Application Data\DAEMON Tools 2008-10-23 20:08 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-21 15:16 . 2008-10-21 15:16 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-10-18 18:01 . 2008-10-30 15:08 <REP> d-------- C:\Documents and Settings\julien\Application Data\skypePM 2008-10-18 18:01 . 2008-10-18 18:01 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- C:\Program Files\Skype 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- C:\Program Files\Fichiers communs\Skype 2008-10-18 17:59 . 2008-10-30 15:35 <REP> d-------- C:\Documents and Settings\julien\Application Data\Skype 2008-10-18 17:59 . 2008-10-18 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-10-18 17:48 . 2008-10-18 18:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-10-17 18:09 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-10-17 18:09 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-10-17 18:09 . 2003-06-12 22:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2008-10-17 18:08 . 2008-10-17 18:08 <REP> d-------- C:\Documents and Settings\julien\Application Data\Creative 2008-10-17 18:07 . 2006-08-30 06:10 158,456 --------- C:\WINDOWS\system32\pxwma.dll 2008-10-17 18:06 . 2008-10-17 18:06 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies 2008-10-17 18:06 . 2008-10-17 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies 2008-10-17 18:05 . 2008-10-17 18:05 <REP> d-------- C:\Program Files\SightSpeed 2008-10-17 18:05 . 2008-10-17 18:05 <REP> d-------- C:\Documents and Settings\julien\Application Data\InstallShield 2008-10-17 18:05 . 1998-11-13 12:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe 2008-10-17 18:04 . 2003-03-19 06:19 1,060,864 --------- C:\WINDOWS\system32\MFC71.DLL 2008-10-17 18:04 . 2006-08-29 09:11 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll 2008-10-17 17:58 . 2008-04-14 03:34 92,160 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-10-17 17:58 . 2008-04-14 03:34 92,160 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax 2008-10-17 17:58 . 2008-04-14 03:34 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-10-17 17:58 . 2008-04-14 03:34 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax 2008-10-17 17:58 . 2008-04-14 03:33 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-10-17 17:58 . 2008-04-14 03:33 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-10-17 17:58 . 2008-04-14 03:34 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-10-17 17:58 . 2008-04-14 03:34 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax 2008-10-17 17:58 . 2008-04-14 03:34 20,992 --a------ C:\WINDOWS\system32\dshowext.ax 2008-10-17 17:58 . 2008-04-14 03:34 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax 2008-10-15 20:00 . 2008-10-19 23:14 <REP> d-------- C:\Program Files\MSECACHE 2008-10-15 13:05 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 13:05 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 13:04 . 2008-09-15 16:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 13:04 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 02:40 . 2008-10-15 02:47 <REP> d-------- C:\Program Files\NOS 2008-10-15 02:40 . 2008-10-15 02:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-10-13 17:45 . 2008-10-13 17:45 <REP> d-------- C:\Program Files\NVIDIA Corporation 2008-10-13 17:45 . 2008-10-13 17:45 1,024 --a------ C:\.rnd 2008-10-13 17:45 . 2008-10-13 17:45 25 --a------ C:\WINDOWS\FileName 2008-10-13 17:44 . 2005-09-28 10:10 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2008-10-13 17:44 . 2006-04-14 15:00 208,896 --------- C:\WINDOWS\system32\nvuide.exe 2008-10-13 17:44 . 2006-04-14 15:01 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL 2008-10-13 17:44 . 2006-02-20 14:00 1,570 --------- C:\WINDOWS\system32\nvide.nvu 2008-10-13 17:43 . 2008-10-13 17:43 <REP> d-------- C:\WINDOWS\NV38563876.TMP 2008-10-13 17:43 . 2006-02-17 12:28 305,152 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2008-10-13 17:43 . 2006-02-17 12:28 222,592 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2008-10-13 17:43 . 2006-04-14 15:00 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe 2008-10-13 17:43 . 2006-04-14 15:00 208,896 -ra------ C:\WINDOWS\system32\nvunrm.exe 2008-10-13 17:43 . 2006-02-17 12:27 204,288 -ra------ C:\WINDOWS\system32\fdco1.dll 2008-10-13 17:43 . 2006-02-17 12:28 101,632 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys 2008-10-13 17:43 . 2006-02-17 12:28 34,176 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2008-10-13 17:43 . 2006-02-17 12:28 13,056 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2008-10-13 17:43 . 2006-02-17 12:26 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2008-10-13 17:43 . 2005-12-08 13:06 3,657 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-10-13 17:43 . 2006-02-20 14:00 1,864 -ra------ C:\WINDOWS\system32\nvsmb.nvu 2008-10-13 17:40 . 2008-10-13 17:40 <REP> d-------- C:\Program Files\ASUS 2008-10-13 16:54 . 2008-10-13 16:57 <REP> d-------- C:\Documents and Settings\julien\Application Data\DeepBurner 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- C:\WINDOWS\system32\fr 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- C:\WINDOWS\system32\bits 2008-10-13 14:34 . 2008-10-13 14:34 <REP> d-------- C:\WINDOWS\l2schemas 2008-10-13 14:32 . 2008-10-13 14:34 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-10-13 14:29 . 2008-10-13 14:29 <REP> d-------- C:\WINDOWS\EHome 2008-10-13 01:23 . 2008-10-13 01:23 <REP> dr-h----- C:\Documents and Settings\julien\Application Data\SecuROM 2008-10-13 01:23 . 2008-10-13 01:23 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-10-13 00:59 . 2008-10-13 00:59 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-10-12 21:50 . 2001-01-09 19:09 12,285 --a------ C:\WINDOWS\Cadx3.ini 2008-10-12 21:49 . 2008-10-12 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-10-12 21:22 . 2008-10-12 21:22 <REP> dr------- C:\WINDOWS\AsDmiHtm 2008-10-12 20:27 . 2008-10-12 20:27 <REP> d-------- C:\Documents and Settings\julien\Application Data\dvdcss 2008-10-12 20:26 . 2008-10-12 20:27 <REP> d-------- C:\Documents and Settings\julien\Application Data\vlc 2008-10-11 16:39 . 2004-08-03 21:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-10-11 10:37 . 2008-07-18 21:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-11 10:37 . 2008-07-18 21:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-10-11 10:37 . 2008-07-18 21:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-28 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-10 22:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-10-09 17:53 --------- d-----w C:\Program Files\Realtek 2008-10-09 17:20 --------- d-----w C:\Program Files\microsoft frontpage 2008-10-09 17:19 --------- d-----w C:\Program Files\Services en ligne 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-01 09:35 207,872 ----a-w C:\WINDOWS\system32\fdco6.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] "DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-29 67128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-03-23 2173744] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 1953792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 81920] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "C0100Mon.exe"="C:\WINDOWS\C0100Mon.exe" [2007-04-29 32768] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-01 136600] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-12 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-29 67128] Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-29 784912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSAV] --a------ 2005-12-16 17:57 81408 C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "D:\\Program Files\\Vuze\\Azureus.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6535:TCP"= 6535:TCP:emule1 "7312:UDP"= 7312:UDP:emule2 R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-01 152984] R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 C0100Afx;Provides a software interface to control audio effects of VC0100 camera.;C:\WINDOWS\system32\Drivers\C0100Afx.sys [2007-06-07 141376] R3 C0100Aud;Provides a software interface to control noise cancellation of VC0100 camera.;C:\WINDOWS\system32\Drivers\C0100Aud.sys [2006-04-18 93440] R3 C0100Aul;Provides a software interface to control audio formats of VC0100 camera.;C:\WINDOWS\system32\Drivers\C0100Aul.sys [2007-04-19 5120] R3 C0100Dev;Creative Camera VC0100 Driver;C:\WINDOWS\system32\DRIVERS\C0100Dev.sys [2007-05-24 239904] R3 C0100Vfx;Creative Camera VC0100 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\C0100Vfx.sys [2006-12-05 7168] *Newly Created Service* - JAVAQUICKSTARTERSERVICE *Newly Created Service* - PROCEXP90 . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Creative Live! Cam Manager - C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\zdilmalx.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\nppdf32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 15:09:40 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-01 15:11:02 ComboFix-quarantined-files.txt 2008-11-01 14:10:45 Avant-CF: 12 217 561 088 octets libres Après-CF: 12,281,413,632 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 256 --- E O F --- 2008-10-24 02:02:21 J'espere que ça nous en dira plus.. à bientôt.
  11. Merci Pear... Bon ok pour le disque dur qui s'est transformé en locomotive, mais mon problème persiste. Les rapport des differents logiciels ont ils révélés un problème ? Peut-être est ce le registre ? En fait Antivir a finalement pu telecharger ses mises à jour, il semble même que ce soit fréquent ( à en croire certains forums )et que la concomittence avec d'autres problèmes était due au hasard. Pourrait il y avoir un rapport avec Emule qui systématiquement se bloque (freeze) et m'oblige même à relancer ma connection internet ? J'ai, il y a quelque temps ouvert 2 nouveaux ports pour son fonctionnement à travers la config. avancée de mon F.A.I et celle de mon firewall... D'autre part j'ai remarqué que Vuze (logiciel torrent) ne fonctionne pas correctement et que Skype bien que "connecté" ne me permet pas de communiquer avec mes contacts (ils et moi apparaissons offline quoique j'y fasse. Ah, bien sûr j'ai déjà désinstallé puis réinstallé mon modem/kit de connection. Enfin bon, si quelqu'un avait une idée pour mon problème... ça serait très sympa...
  12. Rapport après nettoyage : SmitFraudFix v2.368 Rapport fait à 2:29:47,67, 30/10/2008 Executé à partir de C:\Documents and Settings\julien\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{11F04C84-2A02-4618-8FE8-313F6E1A1421}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{11F04C84-2A02-4618-8FE8-313F6E1A1421}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{11F04C84-2A02-4618-8FE8-313F6E1A1421}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin P.S : Lors de l'opération nettoyage en mode sans échec, le nettoyage de disque par windows s'est lancé... De plus mon disque dur fait désormais un sacré bruit, comme s'il bloquait ou que pris d'une fièvre soudaine il se tapait la tête contre la paroi de la tour... En tout cas merci, j'espère à demain pour la solution!
  13. rapport Smitfraudfix: SmitFraudFix v2.368 Rapport fait à 2:04:47,57, 30/10/2008 Executé à partir de C:\Documents and Settings\julien\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\C0100Mon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE D:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\julien »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\julien\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\julien\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{11F04C84-2A02-4618-8FE8-313F6E1A1421}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{11F04C84-2A02-4618-8FE8-313F6E1A1421}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{11F04C84-2A02-4618-8FE8-313F6E1A1421}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  14. Et le deuxième rapport: -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6600 @ 2.40GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : julien ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) Firewall : ActiveArmor Firewall 1.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:24 Go (Free:12 Go) D:\ (Local Disk) - NTFS - Total:208 Go (Free:63 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) F:\ (CD or DVD) G:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [2] ( 30/10/2008| 2:00 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe Supprime! - C:\Program Files\DAEMON Tools Toolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.aliceadsl.fr"'>http://www.aliceadsl.fr" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "First Home Page"="http://www.aliceadsl.fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 30/10/2008| 1:57 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 30/10/2008| 2:00 - Option : [2] -----------\\ Fin du rapport a 2:00:43,35
  15. Ok voici la suite : -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6600 @ 2.40GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : julien ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) Firewall : ActiveArmor Firewall 1.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:24 Go (Free:12 Go) D:\ (Local Disk) - NTFS - Total:208 Go (Free:63 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) F:\ (CD or DVD) G:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [1] ( 30/10/2008| 1:57 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\DAEMON Tools Toolbar C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT C:\Program Files\DAEMON Tools Toolbar\Resources C:\Program Files\DAEMON Tools Toolbar\uninst.exe -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.aliceadsl.fr"'>http://www.aliceadsl.fr" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "First Home Page"="http://www.aliceadsl.fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 30/10/2008| 1:57 - Option : [1] -----------\\ Fin du rapport a 1:57:53,56
×
×
  • Créer...