Aller au contenu

Tibo85

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

Tibo85's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Tibo85
    Bonjour à tous, J'utilise foxmail sous windows xp et je ne peux plus désormais envoyer de messages avec des pièces jointes ou des messages un peu "gros". Il semble que j'ai atteints la taille maximale de ma boite d'envoi (2 Go). Je ne comprends pas car j'ai déjà supprimé de nombreux messages et vider la corbeille de foxmail, mais lorsque je clique droit "Envoyés" puis "Propriétés", foxmail m'indique que la taille de la boite d'envoi est de 2097151 k (je sais , il va falloir que je supprime encore d'autres messages...) mais surtout, et c'est là le problème, que la taille de la corbeille est de 867326 k. Hors ma corbeille est vide. J'en déduis que foxmail doit stocker autre part les messages supprimés et qu'il faut faire une nouvelle manip pour les supprimer définitivement. Malgré mes recherches dans le dossier foxmail, je ne trouve pas où cela est stocké. Deuxième chose, lorsque que j'essaye de compresser à nouveau ma boite, foxmail m'indique qu'il ne reste pas assez de place sur mon disque dur. Hors, il reste 112 Go de libre sur 125 Go. Donc, j'ai deux questions 1) Est ce que quelqu'un sait où "partent" les mails déjà supprimés (visiblement pas dans la corbeille "traditionnelle", qui est bien vide) ? 2) Savez vous d'où vient le problème pour compresser mes mails ? Un grand merci !
  2. Tibo85
    Bonjour, Je n'ai effectivement plus mon problème initial. Je peux l'ouvrir depuis poste de travail...Un grand merci à vous donc ! Par contre, même après avoir coché/décoché "désactiver la restauration", j'ai encore des fichiers infectés. Mais si cela est sans conséquence, ce n'est pas grave. Encore merci
  3. Tibo85
    Bonjour, Malheureusement, le problème sur mon disque dur externe persiste, il y a encore 11 fichiers infectés , tous par Generic PWS.ak sauf 1: A0102570.cmd A0102571.cmd A0068056.cmd A0068057.inf (infecté par Generic! atr) A0070049.cmd A0070051.cmd A0000238.cmd A0000244.cmd A0000324.cmd A0004699.cmd A0005691.cmd 9 de Ces fichiers sont situés dans F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\ XX avec XX qui a différentes valeurs : RP13 , RP14, RP157, RP18 Les 2 autres dans F:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP525 Merci beaucoup. Ci-joint le rapport ComboFix ComboFix 08-11-16.05 - Compaq_Propriétaire 2008-11-22 12:31:19.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.424 [GMT 1:00] Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 )))))))))))))))))))))))))))))))))))) . 2008-11-19 20:30 . 2008-11-22 12:37 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-19 20:30 . 2008-11-19 20:30 1,409 --a------ c:\windows\QTFont.for 2008-11-17 20:53 . 2008-11-17 20:53 <REP> d-------- C:\rsit 2008-11-14 12:56 . 2008-11-14 12:56 <REP> d-------- c:\program files\Trend Micro 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-14 00:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-14 00:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-01 19:53 . 2008-11-01 19:59 90,459 --a------ c:\windows\hpoins06.dat 2008-11-01 19:53 . 2005-06-03 06:53 5,389 --------- c:\windows\hpomdl06.dat 2008-11-01 18:06 . 2008-11-02 23:39 0 --a------ C:\FileOut.Cns 2008-11-01 18:06 . 2008-11-02 23:39 0 --a------ C:\FileIn.Cns 2008-11-01 16:51 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll 2008-11-01 16:49 . 2008-11-01 16:50 98 --a------ c:\windows\hpntwksetup.ini 2008-11-01 16:44 . 2008-11-01 16:52 110,410 --a------ c:\windows\hpoins11.dat 2008-11-01 16:43 . 2006-04-13 01:02 659,456 --a------ c:\windows\system32\hpowiax2.dll 2008-11-01 16:43 . 2006-05-06 03:52 6,947 --a------ c:\windows\hpomdl11.dat 2008-11-01 16:33 . 2008-11-01 16:48 <REP> d-------- C:\temp 2008-11-01 16:26 . 2008-11-01 16:26 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini 2008-11-01 16:02 . 2008-11-01 16:05 121,249 --------- c:\windows\hpoins11.dat.temp 2008-11-01 16:02 . 2006-05-06 05:15 6,947 --------- c:\windows\hpomdl11.dat.temp 2008-11-01 15:54 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.1 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 11:38 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org2 2008-11-21 10:31 --------- d-----w c:\program files\eMule 2008-11-13 12:53 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-13 12:41 --------- d-----w c:\program files\KONAMI 2008-11-02 15:56 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\FileZilla 2008-11-01 16:20 --------- d-----w c:\program files\Microsoft Games 2008-10-21 22:23 --------- d-----w c:\program files\Cyanide 2008-10-21 22:19 --------- d-----w c:\program files\EA SPORTS 2008-10-21 22:03 --------- d-----w c:\program files\Ubisoft 2008-10-21 22:02 --------- d-----w c:\program files\Codemasters 2008-10-04 13:58 --------- d-----w c:\program files\Audacity 2008-10-04 10:45 --------- d-----w c:\program files\Apple Software Update 2008-09-28 20:57 --------- d-----w c:\program files\FileZilla FTP Client 2008-09-27 14:50 --------- d-----w c:\program files\K!TV . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 68856] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-16 180269] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\PPMate\\ppmate.exe"= "c:\\Program Files\\PPMate\\ppmnet.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\Compaq_Propriétaire\\Application Data\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox 2 Beta 2\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2001-04-30 4512] R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560] R2 AvSynMgr;AVSync Manager;"c:\program files\Network Associates\VirusScan\Avsynmgr.exe" [2001-04-30 155665] R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-03-24 472644] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2006-10-19 163328] S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;c:\windows\system32\DRIVERS\emBDA.sys [2006-10-20 209408] S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-10-20 17792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11038368-d34e-11dc-b52e-001731dab75e}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{951c12b4-b880-11db-b26f-001731dab75e}] \Shell\AutoRun\command - j:\setup\rsrc\autorun.exe \Shell\dinstall\command - j:\directx\dxsetup.exe . Contenu du dossier 'Tâches planifiées' 2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-22 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 12:37:39 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Sygate\SPF\Smc.exe c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\windows\system32\nvsvc32.exe c:\program files\Network Associates\VirusScan\VSStat.exe c:\program files\Network Associates\VirusScan\vshwin32.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program files\Fichiers communs\Network Associates\McShield\Mcshield.exe c:\program files\Network Associates\VirusScan\Avconsol.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.2\program\soffice.exe c:\program files\OpenOffice.org 2.2\program\soffice.bin c:\program files\Logitech\Video\FxSvr2.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system\hpsysdrv.exe . ************************************************************************** . Heure de fin: 2008-11-22 12:44:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-22 11:44:37 ComboFix2.txt 2008-11-19 19:34:11 ComboFix3.txt 2008-11-17 10:43:37 Avant-CF: 34 782 285 824 octets libres Après-CF: 34,770,436,096 octets libres 190
  4. Tibo85
    Bonsoir, Je ne sais pas à quoi exactement correspondent ces fichiers, mais le J:\ est un lecteur virtuel de CD (j'utilise daemon tools). Quant à Sunny.exe...ça ne me dit rien non plus, désolé. Ci-joint le rapport après ComboFix : Merci ComboFix 08-11-16.05 - Compaq_Propriétaire 2008-11-19 20:20:23.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.420 [GMT 1:00] Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-19 au 2008-11-19 )))))))))))))))))))))))))))))))))))) . 2008-11-17 20:53 . 2008-11-17 20:53 <REP> d-------- C:\rsit 2008-11-14 12:56 . 2008-11-14 12:56 <REP> d-------- c:\program files\Trend Micro 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-14 00:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-14 00:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-01 19:53 . 2008-11-01 19:59 90,459 --a------ c:\windows\hpoins06.dat 2008-11-01 19:53 . 2005-06-03 06:53 5,389 --------- c:\windows\hpomdl06.dat 2008-11-01 18:06 . 2008-11-02 23:39 0 --a------ C:\FileOut.Cns 2008-11-01 18:06 . 2008-11-02 23:39 0 --a------ C:\FileIn.Cns 2008-11-01 16:51 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll 2008-11-01 16:49 . 2008-11-01 16:50 98 --a------ c:\windows\hpntwksetup.ini 2008-11-01 16:44 . 2008-11-01 16:52 110,410 --a------ c:\windows\hpoins11.dat 2008-11-01 16:43 . 2006-04-13 01:02 659,456 --a------ c:\windows\system32\hpowiax2.dll 2008-11-01 16:43 . 2006-05-06 03:52 6,947 --a------ c:\windows\hpomdl11.dat 2008-11-01 16:36 . 54,156 c:\windows\QTFont.qfn 2008-11-01 16:36 . 1,409 c:\windows\QTFont.for 2008-11-01 16:33 . 2008-11-01 16:48 <REP> d-------- C:\temp 2008-11-01 16:26 . 2008-11-01 16:26 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini 2008-11-01 16:02 . 2008-11-01 16:05 121,249 --------- c:\windows\hpoins11.dat.temp 2008-11-01 16:02 . 2006-05-06 05:15 6,947 --------- c:\windows\hpomdl11.dat.temp 2008-11-01 15:54 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.1 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-19 19:27 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org2 2008-11-19 17:53 --------- d-----w c:\program files\eMule 2008-11-13 12:53 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-13 12:41 --------- d-----w c:\program files\KONAMI 2008-11-02 15:56 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\FileZilla 2008-11-01 16:20 --------- d-----w c:\program files\Microsoft Games 2008-10-21 22:23 --------- d-----w c:\program files\Cyanide 2008-10-21 22:19 --------- d-----w c:\program files\EA SPORTS 2008-10-21 22:03 --------- d-----w c:\program files\Ubisoft 2008-10-21 22:02 --------- d-----w c:\program files\Codemasters 2008-10-04 13:58 --------- d-----w c:\program files\Audacity 2008-10-04 10:45 --------- d-----w c:\program files\Apple Software Update 2008-09-28 20:57 --------- d-----w c:\program files\FileZilla FTP Client 2008-09-27 14:50 --------- d-----w c:\program files\K!TV 2008-09-20 17:55 --------- d-----w c:\program files\Sega . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 68856] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-16 180269] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\PPMate\\ppmate.exe"= "c:\\Program Files\\PPMate\\ppmnet.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\Compaq_Propriétaire\\Application Data\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox 2 Beta 2\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2001-04-30 4512] R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560] R2 AvSynMgr;AVSync Manager;"c:\program files\Network Associates\VirusScan\Avsynmgr.exe" [2001-04-30 155665] R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-03-24 472644] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2006-10-19 163328] S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;c:\windows\system32\DRIVERS\emBDA.sys [2006-10-20 209408] S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-10-20 17792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11038368-d34e-11dc-b52e-001731dab75e}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{951c12b4-b880-11db-b26f-001731dab75e}] \Shell\AutoRun\command - j:\setup\rsrc\autorun.exe \Shell\dinstall\command - j:\directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cacfb334-4f05-11dc-b3c7-001731dab75e}] \Shell\Auto\command - sunny.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sunny.exe . Contenu du dossier 'Tâches planifiées' 2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-19 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-19 20:26:28 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Sygate\SPF\Smc.exe c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\windows\system32\nvsvc32.exe c:\program files\Network Associates\VirusScan\VSStat.exe c:\program files\Network Associates\VirusScan\vshwin32.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program files\Fichiers communs\Network Associates\McShield\Mcshield.exe c:\program files\Network Associates\VirusScan\Avconsol.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.2\program\soffice.exe c:\program files\OpenOffice.org 2.2\program\soffice.bin c:\program files\Logitech\Video\FxSvr2.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system\hpsysdrv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2008-11-19 20:34:09 - La machine a redémarré [Compaq_Propriétaire] ComboFix-quarantined-files.txt 2008-11-19 19:33:55 ComboFix2.txt 2008-11-17 10:43:37 Avant-CF: 33,762,914,304 octets libres Après-CF: 33,753,956,352 octets libres 193
  5. Tibo85
    Bonsoir, Non je n'ai aucun problème avec Windows, c'est uniquement sur mon disque dur externe que je rencontre des soucis. Voilà le contenu du fichier log.txt Logfile of random's system information tool 1.04 (written by random/random) Run by Compaq_Propriétaire at 2008-11-17 20:53:36 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 33 GB (14%) free of 233 GB Total RAM: 958 MB (24% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:53, on 2008-11-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\HP\KBD\KBD.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\eMule\emule.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.com/svs/rdr?TYPE=4&...bd=all&c=63 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 10143 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\HPpromotions journeysoftware.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-08-30 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "PCMService"=C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2006-02-25 147456] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568] "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856] "Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] "SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-06-16 180269] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-30 68856] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema" "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Program Files\PPMate\ppmnet.exe"="C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate" "C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Documents and Settings\Compaq_Propriétaire\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Compaq_Propriétaire\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe"="C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe:*:Enabled:Firefox" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\EA GAMES\MOHDA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11038368-d34e-11dc-b52e-001731dab75e}] shell\Auto\command - cmd /C launch.bat shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ba95422-e2f8-11db-b2dd-001731dab75e}] shell\AutoRun\command - gkbrewsv.com shell\explore\command - gkbrewsv.com shell\open\command - gkbrewsv.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{951c12b4-b880-11db-b26f-001731dab75e}] shell\AutoRun\command - J:\Setup\rsrc\autorun.exe shell\dinstall\command - J:\Directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cacfb334-4f05-11dc-b3c7-001731dab75e}] shell\Auto\command - sunny.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sunny.exe ======List of files/folders created in the last 3 months====== 2008-11-17 20:53:36 ----D---- C:\rsit 2008-11-17 18:15:46 ----D---- C:\Combo-Fix 2008-11-17 18:15:46 ----A---- C:\WINDOWS\system32\CF2380.exe 2008-11-17 12:28:30 ----SHD---- C:\RECYCLER 2008-11-17 11:35:45 ----A---- C:\WINDOWS\zip.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\VFIND.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\SWSC.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\SWREG.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\sed.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\NIRCMD.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\grep.exe 2008-11-17 11:35:45 ----A---- C:\WINDOWS\fdsv.exe 2008-11-17 11:35:40 ----D---- C:\WINDOWS\ERDNT 2008-11-17 11:35:40 ----AD---- C:\Qoobox 2008-11-14 12:56:32 ----D---- C:\Program Files\Trend Micro 2008-11-14 00:12:17 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes 2008-11-14 00:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-14 00:12:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-01 16:51:03 ----A---- C:\WINDOWS\system32\hpz3l054.dll 2008-11-01 16:49:16 ----A---- C:\WINDOWS\hpntwksetup.ini 2008-11-01 16:43:39 ----A---- C:\WINDOWS\system32\hpowiax2.dll 2008-11-01 16:33:24 ----D---- C:\temp 2008-11-01 16:26:37 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini 2008-10-04 14:58:52 ----D---- C:\Program Files\Audacity 2008-10-04 11:45:40 ----D---- C:\Program Files\Apple Software Update 2008-09-28 21:58:38 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla 2008-09-28 21:57:15 ----D---- C:\Program Files\FileZilla FTP Client 2008-09-17 22:21:41 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-09-08 22:33:30 ----R---- C:\WINDOWS\system32\GameuxInstallHelper.dll 2008-08-28 21:52:48 ----A---- C:\WINDOWS\system32\wmv8dmod.dll 2008-08-28 21:52:46 ----A---- C:\WINDOWS\system32\mpg4c32.dll 2008-08-27 10:23:17 ----AC---- C:\WINDOWS\system32\wbhelp2.dll 2008-08-27 10:22:26 ----HDC---- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} 2008-08-27 10:21:55 ----D---- C:\Program Files\Stardock 2008-08-27 10:21:55 ----D---- C:\Documents and Settings\All Users\Application Data\Stardock 2008-08-27 10:21:44 ----HD---- C:\Documents and Settings\All Users\Application Data\{F8C68EDE-B8FE-4310-97A9-BF1BF0722E5E} 2008-08-27 10:20:44 ----D---- C:\Program Files\Stardock Games 2008-08-22 21:23:55 ----D---- C:\Program Files\Microsoft Silverlight 2008-08-20 23:30:13 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Summer Athletics 2008 2008-08-20 23:29:59 ----D---- C:\Program Files\ProtectDisc Driver Installer 2008-08-20 23:29:55 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\ProtectDisc 2008-08-20 23:29:06 ----AC---- C:\WINDOWS\system32\XAudio2_1.dll 2008-08-20 23:29:06 ----AC---- C:\WINDOWS\system32\XAPOFX1_0.dll 2008-08-20 23:29:05 ----AC---- C:\WINDOWS\system32\xactengine3_1.dll 2008-08-20 23:29:05 ----AC---- C:\WINDOWS\system32\X3DAudio1_4.dll 2008-08-20 23:29:03 ----AC---- C:\WINDOWS\system32\d3dx10_38.dll 2008-08-20 23:29:03 ----AC---- C:\WINDOWS\system32\D3DCompiler_38.dll 2008-08-20 23:29:02 ----AC---- C:\WINDOWS\system32\D3DX9_38.dll 2008-08-20 23:29:01 ----AC---- C:\WINDOWS\system32\XAudio2_0.dll 2008-08-20 23:29:00 ----AC---- C:\WINDOWS\system32\xactengine3_0.dll 2008-08-20 23:29:00 ----AC---- C:\WINDOWS\system32\X3DAudio1_3.dll 2008-08-20 23:28:59 ----AC---- C:\WINDOWS\system32\d3dx10_37.dll 2008-08-20 23:28:59 ----AC---- C:\WINDOWS\system32\D3DCompiler_37.dll 2008-08-20 23:28:58 ----AC---- C:\WINDOWS\system32\D3DX9_37.dll 2008-08-20 23:28:57 ----AC---- C:\WINDOWS\system32\xactengine2_10.dll 2008-08-20 23:28:55 ----AC---- C:\WINDOWS\system32\d3dx10_36.dll 2008-08-20 23:28:55 ----AC---- C:\WINDOWS\system32\D3DCompiler_36.dll 2008-08-20 23:28:54 ----AC---- C:\WINDOWS\system32\d3dx9_36.dll 2008-08-20 23:28:53 ----AC---- C:\WINDOWS\system32\xactengine2_9.dll 2008-08-20 23:28:52 ----AC---- C:\WINDOWS\system32\d3dx10_35.dll 2008-08-20 23:28:52 ----AC---- C:\WINDOWS\system32\D3DCompiler_35.dll 2008-08-20 23:28:52 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2008-08-20 23:26:36 ----D---- C:\WINDOWS\Logs ======List of files/folders modified in the last 3 months====== 2008-11-17 20:53:35 ----D---- C:\WINDOWS\Prefetch 2008-11-17 19:22:38 ----D---- C:\Program Files\eMule 2008-11-17 18:21:56 ----D---- C:\Program Files\Mozilla Firefox 2008-11-17 18:20:14 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-17 18:19:38 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2 2008-11-17 18:19:14 ----D---- C:\WINDOWS\system32\Lang 2008-11-17 18:18:12 ----D---- C:\WINDOWS\Temp 2008-11-17 18:17:53 ----D---- C:\WINDOWS\Minidump 2008-11-17 18:17:53 ----AD---- C:\WINDOWS 2008-11-17 18:16:17 ----D---- C:\WINDOWS\system32 2008-11-17 18:16:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-17 18:15:48 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-17 11:42:37 ----A---- C:\WINDOWS\system.ini 2008-11-17 11:38:29 ----D---- C:\WINDOWS\system32\drivers 2008-11-17 11:38:28 ----D---- C:\WINDOWS\AppPatch 2008-11-17 11:38:28 ----D---- C:\Program Files\Fichiers communs 2008-11-16 16:34:55 ----D---- C:\Films 2008-11-14 12:56:32 ----D---- C:\Program Files 2008-11-13 13:53:03 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-13 13:52:28 ----SHD---- C:\WINDOWS\Installer 2008-11-13 13:52:28 ----HD---- C:\Config.Msi 2008-11-13 13:41:12 ----D---- C:\Program Files\KONAMI 2008-11-09 20:42:23 ----HD---- C:\WINDOWS\inf 2008-11-02 16:16:14 ----D---- C:\Matthieu 2008-11-01 20:01:37 ----D---- C:\WINDOWS\Tasks 2008-11-01 19:59:35 ----A---- C:\WINDOWS\win.ini 2008-11-01 17:21:57 ----RSD---- C:\WINDOWS\Fonts 2008-11-01 17:20:52 ----D---- C:\Program Files\Microsoft Games 2008-11-01 17:07:57 ----D---- C:\jeux 2008-11-01 16:52:05 ----D---- C:\WINDOWS\twain_32 2008-11-01 16:37:31 ----A---- C:\WINDOWS\imsins.BAK 2008-11-01 16:33:58 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-11-01 16:33:58 ----D---- C:\WINDOWS\system32\dllcache 2008-11-01 16:33:32 ----HD---- C:\hp 2008-11-01 16:02:16 ----AC---- C:\WINDOWS\WININIT.INI 2008-10-26 10:50:49 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-21 23:23:03 ----D---- C:\Program Files\Cyanide 2008-10-21 23:19:26 ----D---- C:\Program Files\EA SPORTS 2008-10-21 23:03:23 ----D---- C:\Program Files\Ubisoft 2008-10-21 23:02:38 ----D---- C:\Program Files\Codemasters 2008-09-27 15:50:06 ----D---- C:\Program Files\K!TV 2008-09-20 18:55:22 ----D---- C:\Program Files\Sega 2008-09-08 23:32:18 ----A---- C:\WINDOWS\avisplitter.INI 2008-09-08 22:42:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-09-08 22:32:37 ----RSD---- C:\WINDOWS\assembly 2008-08-27 20:04:38 ----D---- C:\WINDOWS\Microsoft.NET 2008-08-25 22:41:38 ----D---- C:\WINDOWS\Help 2008-08-25 22:41:36 ----D---- C:\WINDOWS\nview 2008-08-25 20:17:02 ----AC---- C:\WINDOWS\system32\CmdLineExt.dll 2008-08-25 20:16:27 ----D---- C:\WINDOWS\system32\DirectX 2008-08-21 22:00:20 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe 2008-08-18 22:50:39 ----D---- C:\Tibo ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys [] R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys [] R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568] R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568] R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568] R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472] R3 NaiFiltr;NaiFiltr; \??\C:\Program Files\Fichiers communs\Network Associates\McShield\NaiFiltr.sys [] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [] S3 asaicum4;asaicum4; C:\WINDOWS\system32\drivers\asaicum4.sys [] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys [] S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-16 38422] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 209408] S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 17792] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] R2 AvSynMgr;AVSync Manager; C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe [2001-04-30 155665] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2006-02-25 266338] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2006-02-25 114784] R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [2006-02-25 1073152] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] R3 McShield;McShield; C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe [2001-04-30 229499] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] S2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] Et d'info.txt : info.txt logfile of random's system information tool 1.04 2008-11-17 20:53:53 ======Uninstall list====== Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Train Simulator-->"C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c Questions pour un Champion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x40c WhenU Save-->"C:\Program Files\Save\SaveUninst.exe" /w /d"WhenU Save" ======Security center information====== FW: Sygate Personal Firewall (disabled) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip -----------------EOF----------------- Merci.
  6. Tibo85
    ComboFix n'ayant pas eu le temps de terminer son analyse, il n'y a pas de rapport. Lorsque je vais dans outils d'administration, il y a une erreur système avec ceci : Code erreur 1000007f, paramètre 1 0000000d, paramètre 2 00000000, paramètre 3 00000000, paramètre 4 00000000. 0000: 53 79 73 74 65 6d 20 45 System E 0008: 72 72 6f 72 20 20 45 72 rror Er 0010: 72 6f 72 20 63 6f 64 65 ror code 0018: 20 31 30 30 30 30 30 37 1000007 0020: 66 20 20 50 61 72 61 6d f Param 0028: 65 74 65 72 73 20 30 30 eters 00 0030: 30 30 30 30 30 64 2c 20 00000d, 0038: 30 30 30 30 30 30 30 30 00000000 0040: 2c 20 30 30 30 30 30 30 , 000000 0048: 30 30 2c 20 30 30 30 30 00, 0000 0050: 30 30 30 30 0000
  7. Tibo85
    Bonjour, lorsque je recopie Killall:: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11038368-d34e-11dc-b52e-001731dab75e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ba95422-e2f8-11db-b2dd-001731dab75e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cacfb334-4f05-11dc-b3c7-001731dab75e}] dans un fichier txt, que le renomme comme vous le demandez, que je le fais glisser dans combofix et que je lance le tout, combofix commence à marcher et d'un coup, l'ordinateur rédemarre et m'affiche au redémarrage "windows a récupéré d'une erreur sérieuse" Dans tous les cas, Merci du temps que vous avez déjà pris...et de votre patience !
  8. Tibo85
    Rebonjour, pas de trace de launch.bat dans le C:\ (même en faisant une recherche avec démarrer , rechercher), ni même sur le F: (mon disque dur externe) Y'a-t-il un autre moyen de le trouver ?
  9. Tibo85
    Bonjour, Désolé mais lorsque je fais démarrer ==> exécuter ==> cmd /C launch.bat , une fenêtre apparaît pendant une seconde et disparait sans que j'ai le temps de lire. Pr ce qui est des fichiers restore sur le F:\ , je ne sais pas exactement leur contenu donc difficile de vous dire s'ils sont indispensables...
  10. Tibo85
    Malheureusement, après nouvelle analyse avec mon anti virus , celui-ci m'indique qu'il reste 13 fichiers infectés, tous situés dans F: \System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\ RP suivi d'un numéro de 15 à 525 Ces fichiers sont infectés par Generic PWS.ak ou Generic!atr Merci de votre aide.
  11. Tibo85
    Bonjour, Après avoir lu votre réponse et le tutoriel, désactivé les pare-feu et l'anti virus , j'ai téléchargé combofix Lorsque j'ai fait glisser le fichier permettant l'installation de la console de récupération de windows sur l'icone de lancement de Combofix (que j'avais renommé en Combo-fix) et après que j'ai accepté les conditions d'utilisation, l'analyse a directement démarré. Je n'ai pas osé suspendre l'éxecution du programme. Ci-joint le rapport : Merci bcp. ComboFix 08-11-16.05 - Compaq_Propriétaire 2008-11-17 11:36:28.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.427 [GMT 1:00] Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf F:\Autorun.inf F:\xih9.cmd F:\yjkjfuo.cmd . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-17 au 2008-11-17 )))))))))))))))))))))))))))))))))))) . 2008-11-14 12:56 . 2008-11-14 12:56 <REP> d-------- c:\program files\Trend Micro 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes 2008-11-14 00:12 . 2008-11-14 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-14 00:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-14 00:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-01 19:53 . 2008-11-01 19:59 90,459 --a------ c:\windows\hpoins06.dat 2008-11-01 19:53 . 2005-06-03 06:53 5,389 --------- c:\windows\hpomdl06.dat 2008-11-01 18:06 . 2008-11-02 23:39 0 --a------ C:\FileOut.Cns 2008-11-01 18:06 . 2008-11-02 23:39 0 --a------ C:\FileIn.Cns 2008-11-01 16:51 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll 2008-11-01 16:49 . 2008-11-01 16:50 98 --a------ c:\windows\hpntwksetup.ini 2008-11-01 16:44 . 2008-11-01 16:52 110,410 --a------ c:\windows\hpoins11.dat 2008-11-01 16:43 . 2006-04-13 01:02 659,456 --a------ c:\windows\system32\hpowiax2.dll 2008-11-01 16:43 . 2006-05-06 03:52 6,947 --a------ c:\windows\hpomdl11.dat 2008-11-01 16:36 . 2008-11-17 09:13 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-01 16:36 . 2008-11-01 16:36 1,409 --a------ c:\windows\QTFont.for 2008-11-01 16:33 . 2008-11-01 16:48 <REP> d-------- C:\temp 2008-11-01 16:26 . 2008-11-01 16:26 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini 2008-11-01 16:02 . 2008-11-01 16:05 121,249 --------- c:\windows\hpoins11.dat.temp 2008-11-01 16:02 . 2006-05-06 05:15 6,947 --------- c:\windows\hpomdl11.dat.temp 2008-11-01 15:54 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.1 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 09:47 --------- d-----w c:\program files\eMule 2008-11-17 08:13 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org2 2008-11-13 12:53 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-13 12:41 --------- d-----w c:\program files\KONAMI 2008-11-02 15:56 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\FileZilla 2008-11-01 16:20 --------- d-----w c:\program files\Microsoft Games 2008-10-21 22:23 --------- d-----w c:\program files\Cyanide 2008-10-21 22:19 --------- d-----w c:\program files\EA SPORTS 2008-10-21 22:03 --------- d-----w c:\program files\Ubisoft 2008-10-21 22:02 --------- d-----w c:\program files\Codemasters 2008-10-04 13:58 --------- d-----w c:\program files\Audacity 2008-10-04 10:45 --------- d-----w c:\program files\Apple Software Update 2008-09-28 20:57 --------- d-----w c:\program files\FileZilla FTP Client 2008-09-27 14:50 --------- d-----w c:\program files\K!TV 2008-09-20 17:55 --------- d-----w c:\program files\Sega 2008-09-17 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime 2008-08-25 19:17 107,888 -c--a-w c:\windows\system32\CmdLineExt.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 68856] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-16 180269] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\PPMate\\ppmate.exe"= "c:\\Program Files\\PPMate\\ppmnet.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\Compaq_Propriétaire\\Application Data\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox 2 Beta 2\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2001-04-30 4512] R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560] R2 AvSynMgr;AVSync Manager;"c:\program files\Network Associates\VirusScan\Avsynmgr.exe" [2001-04-30 155665] R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-03-24 472644] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2006-10-19 163328] S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;c:\windows\system32\DRIVERS\emBDA.sys [2006-10-20 209408] S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-10-20 17792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11038368-d34e-11dc-b52e-001731dab75e}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ba95422-e2f8-11db-b2dd-001731dab75e}] \Shell\AutoRun\command - gkbrewsv.com \Shell\explore\Command - gkbrewsv.com \Shell\open\Command - gkbrewsv.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{951c12b4-b880-11db-b26f-001731dab75e}] \Shell\AutoRun\command - j:\setup\rsrc\autorun.exe \Shell\dinstall\command - j:\directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cacfb334-4f05-11dc-b3c7-001731dab75e}] \Shell\Auto\command - sunny.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sunny.exe *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-16 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-PMCS - c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe HKLM-Run-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml HKLM-Run-PMCRemote - c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe HKLM-Run-PCDrProfiler - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\yqsaqb57.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.fr . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 11:42:39 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . Heure de fin: 2008-11-17 11:43:36 ComboFix-quarantined-files.txt 2008-11-17 10:43:14 Avant-CF: 36 350 795 776 octets libres Après-CF: 37,940,670,464 octets libres 192
  12. Tibo85
    Désolé, je pensais qu'il fallait les supprimer. Ci-joint le rapport. Merci bcp -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, November 16, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, November 16, 2008 13:43:47 Records in database: 1387799 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - Folder: F:\ Scan statistics: Files scanned: 21055 Threat name: 5 Infected objects: 23 Suspicious objects: 0 Duration of the scan: 00:53:11 File name / Threat name / Threats count F:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP522\A0102297.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP157\A0068056.cmd Infected: Trojan-GameThief.Win32.Magania.ajjb 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP157\A0068057.inf Infected: Worm.Win32.AutoRun.rja 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP157\A0070049.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP157\A0070050.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP157\A0070051.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP157\A0070052.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP13\A0000238.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP13\A0000239.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP14\A0000244.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP14\A0000245.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP15\A0000324.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP15\A0000325.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP16\A0002433.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP16\A0002434.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP18\A0004699.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP18\A0004700.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP18\A0005691.cmd Infected: Worm.Win32.AutoRun.ryf 1 F:\System Volume Information\_restore{2CD39C24-ECBA-4B3E-B2AF-9FD19E1AE04B}\RP18\A0005692.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\autorun.inf Infected: Worm.Win32.AutoRun.ryf 1 F:\yjkjfuo.cmd Infected: Trojan-GameThief.Win32.Magania.ajjb 1 F:\xih9.cmd Infected: Trojan-GameThief.Win32.Magania.ajjs 1 F:\Nouveau dossier\Outlook Express\Éléments envoyés.dbx Infected: Email-Worm.Win32.Tanatos.b 1 The selected area was scanned.
  13. Tibo85
    Bonsoir , un grand merci de votre aide. L'analyse Malwarebytes' Anti-Malware (MBAM) a détecté 3 malware que j'ai supprimé (ils étaient dans le restore de mon disque dur externe). Mais j'avoue ne pas tout comprendre puisque virus scan détectait lui 13 fichiers infectés. Ci-joint le rapport après analyse et suppresion. Merci beaucoup pour votre aide Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1395 Windows 5.1.2600 Service Pack 2 14/11/2008 23:53:41 mbam-log-2008-11-14 (23-53-41).txt Type de recherche: Examen complet (F:\|) Eléments examinés: 66263 Temps écoulé: 23 minute(s), 37 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté)
  14. Tibo85
    Bonjour, Je me permets de vous solliciter car j'ai un gros souci avec mon disque dur externe. N'arrivant plus à l'ouvrir via poste de travail, je l'ai passé à l'antivirus (viruscan) et il est visiblement infecté par 13 trojan . Ce sont les fichiers de type : A0005691.cmd ,A007051.cmd, xih9.cmd , etc. Pourriez vous m'expliquer (de manière simple si c'était possible...je suis loin de "maîtriser" l'informatique ) comment faire pour les éradiquer ? En effet, Hijack This ne fonctionne que sur mon C:\ et ca n'est pas possible de faire une analyse de mon disque dur externe. Merci beaucoup !
  15. Tibo85
    Personne n'aurait une idée ?
×
×
  • Créer...