CSeb95

Bon .. Dr Web , fichier de log de plus de 150Mo lol Verbeux ! Alors je ne te mets que le résumé : ----------------------------------------------------------------------------- Statistiques d'analyse ----------------------------------------------------------------------------- Objets scannés: 372735 Objets infectés: 0 Objets ayant été modifiés: 0 Objets suspects: 0 Adwares détectés: 0 Dialers détectés: 0 Canulars détectés: 0 Riskwares détectés: 1 Hacktools détectés: 2 Désinfecté: 0 Supprimé: 0 Renommé: 0 Déplacé en quarantaine: 0 Ignoré: 0 Vitesse du scan: 590 Kb/s Durée d'analyse: 01:45:44 ----------------------------------------------------------------------------- C:\Program Files\Internet\Firefox\SmitfraudFix\Process.exe est un hacktool Tool.Prockill C:\Program Files\utils\VNC4\winvnc4.exe - est un riskware Program.RemoteAdmin.origin C:\WINDOWS\system32\cmdow.exe est un hacktool Tool.HideWindows Et voilà, ça me semble pas mal tout ça. Rien que du "normal" Merci pour ton aide, Seb

Bonjour, Avira a "vu" le ver ce matin quand j'ai relancé une analyse sur le fichier fautif (TR/Dldr.Bagle.anf). Ce devait être une variante toute nouvelle. Du coup j'ai refait un scan de C:, rien trouvé. Les autres disques ce sera pour cette nuit, y en a pour 3 ou 4h Voici un nouveau rapport FindyKill : ############################## [ FindyKill V4.716 ] # User : Seb (Administrateurs) # XPSP2-4CE7BD578 # Update on 10/02/09 by Chiquitine29 # Start at: 11:38:55 | 14/02/2009 # Intel® Core2 CPU 6600 @ 2.40GHz # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 7.0.5730.13 # Windows Firewall Status : Enabled # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ] # A:\ # Lecteur de disquettes 3 ½ pouces # C:\ # Disque fixe local (System) # NTFS # D:\ # Disque fixe local (Nouveau nom) # NTFS # E:\ # Disque fixe local # NTFS # F:\ # Disque fixe local (WD_SATA_215) # NTFS # G:\ # Disque CD-ROM # H:\ # Disque amovible # I:\ # Disque amovible # J:\ # Disque amovible # K:\ # Disque amovible # L:\ # Disque amovible # FAT # P:\ # Disque CD-ROM # Q:\ # Disque CD-ROM ############################## [ Processus actifs ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\utils\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\utils\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\communications\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe c:\program files\internet\syslogd\syslogd_service.exe C:\Program Files\Internet\NetTime\NeTmSvNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Synology\Data Replicator 3\SynoDrService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet\NetTime\NetTime.exe C:\Program Files\utils\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet\Ashampoo FireWall\FireWall.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft\ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\PROGRA~1\utils\SecCopy\SecCopy.exe C:\PROGRA~1\MICROS~2\ACTIVE~1\rapimgr.exe C:\Program Files\communications\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\COMMUN~1\LOGICI~1\BTSTAC~1.EXE C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet\Firefox\firefox.exe C:\Documents and Settings\Seb.XPSP2-4CE7BD578\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## [ Fichiers / Dossiers infectieux C:\ ] ################## [ C:\WINDOWS ] ################## [ C:\WINDOWS\Prefetch ] ################## [ C:\WINDOWS\system32 ] ################## [ C:\WINDOWS\system32\drivers ] ################## [ C:\Documents and Settings\Seb.XPSP2-4CE7BD578\Application Data ] ################## [ C:\DOCUME~1\SEB~1.XPS\LOCALS~1\Temp ] ################## [ Registre / Clés infectieuses ] ################## [ Etat / Services ] # Services : [ Auto=2 / Demande=3 / Désactivé=4 ] Ndisuio # Type de démarrage = 3 EapHost # Type de démarrage = 2 Ip6Fw # Type de démarrage = 2 SharedAccess # Type de démarrage = 2 wuauserv # Type de démarrage = 2 wscsvc # Type de démarrage = 2 ################## [ Recherche dans supports amovibles] # presence des fichiers : ################## [ Registre / Mountpoint2 ] # -> Not found ! ################## [ ! Fin du rapport # FindyKill V4.716 ! ]

J'ai réinstallé Ashampoo Firewall et les connexions réseau fonctionnent de nouveau. Et interface en Gb. Merci pour ton aide ! Saurais tu pourquoi aucun des AV ou anti-pyware ne voit une menace dans l'archive qui m'a vérolée avec Bagel ? G tjs cette archive sur ma machine et aucun ne voit et n'a vu la menace Dans l'archive il y a un install.exe, qd je l'ai lancé, rien ne s'est affiché mais pas mal d'accès DD et coupure reseau et outils de sécurité. Je suis certain que l'attaque vient de là.

Merci, Antivir ne trouve aucune infection, Malwarebytes' non plus. Même pas dans l'archive qui contient l'exe cause de l'infection ils ne voient rien. Nod32 et Kaspersky online n'avaient rien detecté non plus. C'est pour ca que je me suis fait "avoir". De plus mon interface reseau ne marche toujours pas correctement : pas de connexion sur port 80/443 que ce soit pour les navigateur, une maj AV ou GTalk, MSN ne se connecte pas non plus. En revanche Torrent et eMule fonctionnent? L'interface se connecte à 100Mb/s au lieu de 1Gbit/s. Je l'ai desinstallée et reinstallée, pas mieux. Voila le rapport de FindyKill ############################## [ FindyKill V4.716 ] # User : Seb (Administrateurs) # XPSP2-4CE7BD578 # Update on 10/02/09 by Chiquitine29 # Start at: 01:11:07 | 14/02/2009 # Intel® Core2 CPU 6600 @ 2.40GHz # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 7.0.5730.13 # Windows Firewall Status : Enabled # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | (!) Outdated ] # A:\ # Lecteur de disquettes 3 ½ pouces # C:\ # Disque fixe local (System) # NTFS # D:\ # Disque fixe local (Nouveau nom) # NTFS # E:\ # Disque fixe local # NTFS # F:\ # Disque fixe local (WD_SATA_215) # NTFS # G:\ # Disque CD-ROM # H:\ # Disque amovible # I:\ # Disque amovible # J:\ # Disque amovible # K:\ # Disque amovible # L:\ # Disque amovible # FAT # P:\ # Disque CD-ROM # Q:\ # Disque CD-ROM ############################## [ Processus actifs ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\utils\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\utils\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\communications\Logiciel Bluetooth\bin\btwdins.exe c:\program files\internet\syslogd\syslogd_service.exe C:\Program Files\Internet\NetTime\NeTmSvNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Synology\Data Replicator 3\SynoDrService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet\NetTime\NetTime.exe C:\Program Files\utils\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft\ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\PROGRA~1\utils\SecCopy\SecCopy.exe C:\Program Files\Internet\emule\emule.exe C:\PROGRA~1\MICROS~2\ACTIVE~1\rapimgr.exe C:\Program Files\communications\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\COMMUN~1\LOGICI~1\BTSTAC~1.EXE C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\System32\alg.exe c:\program files\utils\avira\antivir personaledition classic\avcenter.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe ################## [ Fichiers / Dossiers infectieux C:\ ] Found ! - C:\InfoSat.txt ################## [ C:\WINDOWS ] ################## [ C:\WINDOWS\Prefetch ] Found ! - C:\WINDOWS\prefetch\MDELK.EXE-2610348B.pf ################## [ C:\WINDOWS\system32 ] ################## [ C:\WINDOWS\system32\drivers ] ################## [ C:\Documents and Settings\Seb.XPSP2-4CE7BD578\Application Data ] ################## [ C:\DOCUME~1\SEB~1.XPS\LOCALS~1\Temp ] ################## [ Registre / Clés infectieuses ] Found ! - HKEY_USERS\S-1-5-21-299502267-1177238915-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S ################## [ Etat / Services ] # Services : [ Auto=2 / Demande=3 / Désactivé=4 ] Ndisuio # Type de démarrage = 4 EapHost # Type de démarrage = 3 Ip6Fw # Type de démarrage = 4 SharedAccess # Type de démarrage = 2 wuauserv # Type de démarrage = 2 wscsvc # Type de démarrage = 2 ################## [ Recherche dans supports amovibles] # presence des fichiers : ################## [ Registre / Mountpoint2 ] # -> Not found ! ################## [ ! Fin du rapport # FindyKill V4.716 ! ]

Merci, Voici le rapport de HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:53, on 13/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\utils\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slizone.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [NetTime] C:\Program Files\Internet\NetTime\NetTime.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft\ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [second Copy] "C:\PROGRA~1\utils\SecCopy\SecCopy.exe" O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\Internet\emule\emule.exe -AutoStart O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\communications\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Internet\j2re1.4.1_03\bin\npjpi141_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Internet\j2re1.4.1_03\bin\npjpi141_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Internet\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Internet\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - http://www.seagate.com/support/disc/asp/to.../npseatools.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\communications\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Kiwi Syslog Daemon - Kiwi Enterprises - c:\program files\internet\syslogd\syslogd_service.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\Internet\NetTime\NeTmSvNT.exe O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology\Data Replicator 3\SynoDrService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\Internet\Media Server\MediaServer.exe O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Seb.XPSP2-4CE7BD578\Mes documents\Mes fichiers reçus\Economiseur\image1.jpg O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Seb.XPSP2-4CE7BD578\Mes documents\Mes fichiers reçus\Economiseur\image7.jpg -- End of file - 6582 bytes

Bonjour, Sous Windows XP SP3 Pro, chez bêtement installé BAGLE sur ma machine Symptomes entre autre: - deconnexion de MSN - navigations sur ports 80 et 443 impossible alors que eMule et torrent marchent tjs. - mon AV Nod32 desactivé avec le msg : N'est pas une appli Win32 qd je le lance - le FW eShampoo désactivé aussi - impossible de booter en mode sans echec - impossible de lancer ou d'installer d'autres logiciels AV ou FW Pour m'en débarrasser, j'ai tt d'abord utilisé combofix en utilisant la procédure du site : http://www.bleepingcomputer.com/combofix/f...iliser-combofix Voici le rapport de combofix, pouvez vous me dire si c OK ? Merci, Seb ComboFix 09-02-12.03 - Seb 2009-02-13 1:03:00.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1710 [GMT 1:00] Lancé depuis: c:\documents and settings\Seb.XPSP2-4CE7BD578\Bureau\CCM.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\drivers\downld c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\drivers\wfsintwq.sys c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\drivers\winupgro.exe c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\inst.exe C:\InfoSat.txt c:\windows\system32\Dvbpws.dll c:\windows\system32\FTPx.dll c:\windows\system32\MabryObj.dll c:\windows\system32\Memman.vxd c:\windows\system32\skinboxer43.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_SK9OU0S -------\Service_sK9Ou0s ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 )))))))))))))))))))))))))))))))))))) . 2009-02-13 00:24 . 2009-02-13 00:24 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2009-02-11 00:39 . 2009-02-11 00:39 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Grisoft 2009-02-10 23:13 . 2009-02-10 23:13 <REP> d-------- c:\program files\WinPcap 2009-01-30 01:53 . 2006-11-11 02:25 66,944 --a------ c:\windows\system32\drivers\thdudf.sys 2009-01-20 20:02 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-01-20 20:02 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-01-17 16:14 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll 2009-01-17 13:49 . 2009-01-17 13:50 <REP> d-------- c:\program files\Synology 2009-01-14 23:50 . 2009-01-15 00:00 <REP> d-------- c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\GrabIt 2009-01-14 22:20 . 2009-01-14 22:20 <REP> d-------- c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Thinstall 2009-01-14 21:41 . 2009-01-14 21:57 <REP> d-------- c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 23:31 --------- d-----w c:\program files\utils 2009-02-12 22:15 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-02-12 22:15 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-02-10 23:42 --------- d-----w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\uTorrent 2009-02-10 23:02 --------- d-----w c:\program files\Video 2009-02-10 22:54 --------- d-----w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Skype 2009-02-10 22:13 --------- d-----w c:\program files\Internet 2009-02-10 15:03 --------- d-----w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\skypePM 2009-02-10 07:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2009-02-09 19:30 --------- d-----w c:\program files\Messenger Plus! Live 2009-02-05 20:04 --------- d-----w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Canon 2009-01-15 04:01 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-01-13 21:53 --------- d-----w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\dvdcss 2009-01-11 18:50 --------- d-----w c:\program files\Images 2009-01-10 12:54 --------- d-----w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\CD-LabelPrint 2008-12-31 09:19 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft 2008-12-31 09:17 --------- d-----w c:\program files\CDR 2008-12-29 21:06 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys 2008-12-19 22:09 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-19 22:09 --------- d-----w c:\program files\Microsoft 2008-12-19 22:08 --------- d-----w c:\program files\Windows Live 2008-12-19 22:00 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-04-20 18:40 47,360 ----a-w c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\pcouffin.sys 2006-11-06 22:23 8 --sh--r c:\windows\system32\A07D767B0F.sys 2008-08-16 23:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008081720080818\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\wcescomm.exe" [2006-06-26 1211176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Second Copy"="c:\progra~1\utils\SecCopy\SecCopy.exe" [2007-10-17 2425856] "eMuleAutoStart"="c:\program files\Internet\emule\emule.exe" [2008-08-01 5480448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024] "NetTime"="c:\program files\Internet\NetTime\NetTime.exe" [2003-01-30 3791032] "egui"="c:\program files\utils\NOD32\egui.exe" [2009-02-13 1443072] "!AVG Anti-Spyware"="c:\program files\utils\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - c:\program files\communications\Logiciel Bluetooth\BTTray.exe [2003-11-20 503869] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= c:\documents and settings\Seb.XPSP2-4CE7BD578\Mes documents\Mes fichiers reçus\Economiseur\image1.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\documents and settings\Seb.XPSP2-4CE7BD578\Mes documents\Mes fichiers reçus\Economiseur\image7.jpg FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk] backup=c:\windows\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk] backup=c:\windows\pss\E-Compagnon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Monitor.lnk] backup=c:\windows\pss\Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Seb.XPSP2-4CE7BD578^Menu Démarrer^Programmes^Démarrage^Active SMART.lnk] backup=c:\windows\pss\Active SMART.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Seb.XPSP2-4CE7BD578^Menu Démarrer^Programmes^Démarrage^Mobile Phone Manager.lnk] backup=c:\windows\pss\Mobile Phone Manager.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2005-10-25 22:48 118784 c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] --a------ 2004-06-14 11:54 200704 c:\program files\GIGABYTE\ET5\GUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-11-09 10:10 133104 c:\documents and settings\Seb.XPSP2-4CE7BD578\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2009-02-13 00:41 1103240 c:\program files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logiciel de Synchronisation SFRTray] --a------ 2007-10-08 15:27 32837 c:\progra~1\COMMUN~1\SFR_OU~1\LOGICI~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 13:21 2213160 c:\program files\CDR\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 13:57 153136 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] --a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 12:22 7700480 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-02-20 20:01 49152 c:\program files\Images\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] --------- 2003-11-10 17:06 406016 c:\windows\system32\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] --a------ 2006-04-27 15:45 94208 c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS] --a------ 2006-04-27 15:47 65536 c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 c:\program files\Video\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 c:\program files\Video\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2005-10-25 22:48 988565 c:\program files\utils\Acronis_TrueImage\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2007-10-22 10:12 1885464 c:\program files\utils\RegistryBooster\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] --a------ 2006-10-04 09:32 4943872 c:\program files\utils\SpeedUpMyPC\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil] --a------ 2006-11-06 23:36 544768 c:\program files\GIGABYTE\VGA Utility Manager\G-VGA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2006-06-28 09:39 348160 c:\program files\WinFast\WFDTV\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV] --a------ 2006-06-28 09:59 69632 c:\program files\WinFast\WFDTV\DTVSchdl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 12:22 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 12:22 1622016 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-08-14 14:00 16050176 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SharedAccess"=2 (0x2) "ose"=3 (0x3) "aspnet_state"=3 (0x3) "ADSLAutoconnect"=2 (0x2) "UleadBurningHelper"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "odserv"=3 (0x3) "NBService"=3 (0x3) "gusvc"=2 (0x2) "clr_optimization_v2.0.50727_32"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "NVSvc"=2 (0x2) "NMIndexingService"=3 (0x3) "PinnacleSys.MediaServer"=3 (0x3) "AcrSch2Svc"=2 (0x2) "ServiceLayer"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "SQLAgent$PINNACLESYS"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft\ActiveSync\rapimgr.exe"= c:\program files\Microsoft\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft\ActiveSync\wcescomm.exe"= c:\program files\Microsoft\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft\ActiveSync\WCESMgr.exe"= c:\program files\Microsoft\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-VGA.exe"= "c:\\Program Files\\Internet\\emule\\emule.exe"= "c:\\Program Files\\utils\\UltraVNC\\winvnc.exe"= "c:\\Program Files\\Apple\\Anapod Explorer\\anamgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Internet\\Media Server\\MediaServer.exe"= "c:\\Documents and Settings\\Seb.XPSP2-4CE7BD578\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Seb.XPSP2-4CE7BD578\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 Kiwi Syslog Daemon;Kiwi Syslog Daemon;c:\program files\Internet\Syslogd\Syslogd_Service.exe [2005-11-15 193024] R2 NetTimeSvc;NetTime;c:\program files\Internet\NetTime\NeTmSvNT.exe [2003-01-30 452096] R2 SynoDrService;SynoDrService;c:\program files\Synology\Data Replicator 3\SynoDrService.exe [2007-08-06 557056] R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [2007-01-24 827008] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?] S2 ekrn;Eset Service;c:\program files\utils\Nod32\ekrn.exe [2008-03-13 472320] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2008-04-29 32377] S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2008-04-28 29152] S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2007-10-27 9446] S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-14 747912] . Contenu du dossier 'Tâches planifiées' 2009-02-13 c:\windows\Tasks\GlaryInitialize.job - c:\program files\utils\Glary Utilities\initialize.exe [2008-07-18 10:08] 2008-11-09 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Seb.XPSP2-4CE7BD578\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-09 10:10] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Ashampoo FireWall - c:\program files\Internet\Ashampoo FireWall\FireWall.exe HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe Notify-WgaLogon - (no file) MSConfigStartUp-Windows Audio Service - wauservice.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office\Office12\EXCEL.EXE/3000 IE: Envoyer à &Bluetooth - c:\program files\communications\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Internet\Ashampoo FireWall\spi.dll DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - hxxp://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab FF - ProfilePath - c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Mozilla\Firefox\Profiles\e4r17rwp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gayclic.com/ FF - component: c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Mozilla\Firefox\Profiles\e4r17rwp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Mozilla\Firefox\Profiles\e4r17rwp.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - component: c:\program files\Internet\Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Seb.XPSP2-4CE7BD578\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\program files\Audio\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Audio\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Audio\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\program files\images\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Internet\Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Internet\Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Internet\Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Internet\Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Internet\Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Internet\Firefox\plugins\NPJPI141_03.dll FF - plugin: c:\program files\Internet\Firefox\plugins\NPOJI610.dll FF - plugin: c:\program files\Internet\Firefox\plugins\npSeaTools_FR.dll FF - plugin: c:\program files\Internet\j2re1.4.1_03\bin\NPJava11.dll FF - plugin: c:\program files\Internet\j2re1.4.1_03\bin\NPJava12.dll FF - plugin: c:\program files\Internet\j2re1.4.1_03\bin\NPJava13.dll FF - plugin: c:\program files\Internet\j2re1.4.1_03\bin\NPJava32.dll FF - plugin: c:\program files\Internet\j2re1.4.1_03\bin\NPJPI141_03.dll FF - plugin: c:\program files\Internet\j2re1.4.1_03\bin\NPOJI610.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\Video\QuickTime\Plugins\npqtplugin7.dll FF - plugin: c:\program files\Video\vlc\npvlc.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 01:07:48 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\SEB~1.XPS\LOCALS~1\Temp\ASFWHide" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,eb,23,d8,31,77, 62,da,cb,c8,28,51,af,b0,29,a3,98,32,a1,10,e0,16,5c,29,15,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b1,44,71,ff,6c, 04,67,08,71,3b,04,66,8b,46,0d,96,19,1e,b8,18,81,41,59,f1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,79,7c,6a,a8,8a, 7d,51,c8,25,da,ec,7e,55,20,c9,26,a3,d1,98,a5,aa,09,b0,51,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,18,4b,37,73,b8, 99,3c,d5,3e,1e,9e,e0,57,5a,93,61,36,e9,ee,fb,38,6f,cf,3e,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4d,2a,a4,46,cc, d9,c2,18,cd,44,cd,b9,a6,33,6c,cd,46,db,68,3d,11,70,1d,37,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8DAD0FB3-3367-D8A7-05FE-CF81F7961C45}\InProcServer32*] "iambjlhngolonbpjbb"=hex:6b,61,6f,6c,61,65,69,6a,64,65,64,67,65,62,64,6b,63,6a, 6e,66,6c,65,00,00 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,9a,10,df,63,ec, a0,61,d0,b0,18,ed,a7,3f,8d,37,a4,1c,6a,7b,fa,bf,84,40,72,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,0b,19,6f,5d,e1, 18,a7,c3,31,77,e1,ba,b1,f8,68,02,6e,3d,00,e5,78,5b,ab,43,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,34,ad,89,95,b4, f1,f9,aa,83,6c,56,8b,a0,85,96,ab,d0,ec,d0,b2,bb,a1,81,c6,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d4,51,c0,2c,a4, 1a,f4,8e,51,fa,6e,91,28,9e,14,cc,0b,a0,5c,77,48,93,4d,85,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9d,a2,2b,24,de, d7,0a,84,b1,cd,45,5a,a8,c4,f8,b9,54,b9,e2,c2,fe,f5,84,59,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,7b,4c,31,de,9b, 2e,1f,01,e3,0e,66,d5,eb,bc,2f,6b,77,ba,02,e6,ea,3e,89,60,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8b,20,24,50,61, 64,ea,f4,fa,ea,66,7f,d4,3b,6b,70,77,f4,d6,6f,39,3e,ae,99,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1240) c:\windows\system32\relog_ap.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\communications\Logiciel Bluetooth\bin\btwdins.exe c:\windows\system32\vssvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\progra~1\MICROS~2\ACTIVE~1\rapimgr.exe c:\progra~1\COMMUN~1\LOGICI~1\BTSTAC~1.EXE c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Heure de fin: 2009-02-13 1:14:03 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-13 00:14:01 Avant-CF: 16,272,232,448 octets libres Après-CF: 18,078,076,928 octets libres 398 --- E O F --- 2009-01-15 04:01:18