Aller au contenu

okapimct

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par okapimct

  1. okapimct
    Bonjour, voici les rapports de chacunes des étapes tel que recommandées.... Merci de m'aider une fois de plus ! ***RAPPORT Malwarebytes : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1831 Windows 5.1.2600 Service Pack 2 11/03/2009 00:24:10 mbam-log-2009-03-11 (00-24-10).txt Type de recherche: Examen complet (C:\|E:\|G:\|) Eléments examinés: 112749 Temps écoulé: 3 hour(s), 0 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows help center (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidde n\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\GenProc\outil\curl.exe (Trojan.Agent) -> Quarantined and deleted successfully. ***RAPPORT Scan en ligne BitDefender : 1er tentative ------------- "BitDefender n'a pu mettre ç jour les définitions de virus. Bien qu'il soit possible de rechercher des virus, les résultat sera probablement imprécis." Vouslez-vous continuer l'analyse? "Oui" Scan Failed! Impossible d'analyser l'ordinateur contre les virus Info su l'analyse Fichiers: 0, Temps d'analyse: 00:00:00. Fermer 2eme tentative -------------- BitDefender Online Scanner Rapport d'analyse généré à: Wed, Mar 11, 2009 - 03:19:05 Voie d'analyse: A:\;C:\;D:\;E:\;G:\; Statistiques Temps 02:08:12 Fichiers 38146 Directoires 4958 Secteurs de boot 0 Archives 972 Paquets programmes 2911 Résultats Virus identifiés 1 Fichiers infectés 1 Fichiers suspects 0 Avertissements 0 Désinfectés 0 Fichiers effacés 1 Info sur les moteurs Définition virus 2774720 Version des moteurs AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14) Analyse des plugins 17 Archive des plugins 45 Unpack des plugins 7 E-mail plugins 6 Système plugins 4 ***RAPPORT EMAIL SCAN@VIRUSTOTAL.COM ----- Original Message ----- From: <scan@virustotal.com> To: <okapimct@yahoo.fr> Sent: Tuesday, March 10, 2009 5:00 PM Subject: [bulk] [VirusTotal] Server notification > Complete scanning result of "webcam-photos095.zip", processed in VirusTotal at 03/10/2009 17:00:14 (CET). > > [ file data ] > * name..: webcam-photos095.zip > * size..: 116362 > * md5...: 0faf475f9c5a2554f56063be5cbf880f > * sha1..: 778f2da0eab6b9825bee3a88b380beb54411ca9a > * peid..: - > > [ scan result ] > a-squared 4.0.0.101/20090310 found [backdoor.Win32.IRCBot!IK] > AhnLab-V3 5.0.0.2/20090310 found [Win32/ShadoBot.worm.116224] > AntiVir 7.9.0.107/20090310 found [TR/Crypt.XPACK.Gen] > Authentium 5.1.0.4/20090310 found [W32/Backdoor.BMHU] > Avast 4.8.1335.0/20090309 found [Win32:IRCBot-CDT] > AVG 8.0.0.237/20090310 found [backDoor.Ircbot.AXB] > BitDefender 7.2/20090310 found [backdoor.IRCBot.ABEU] > CAT-QuickHeal 10.00/20090310 found [backdoor.IRCBot.acd] > ClamAV 0.94.1/20090310 found [Trojan.IRCBot-1132] > Comodo 1043/20090310 found [backdoor.Win32.IRCBot.WO] > DrWeb 4.44.0.09170/20090310 found [backDoor.IRC.Sdbot.1987] > eSafe 7.0.17.0/20090309 found [Win32.IRCBot.acd] > eTrust-Vet 31.6.6388/20090309 found [Win32/Checkout.J] > F-Prot 4.4.4.56/20090309 found [W32/Backdoor.BMHU] > F-Secure 8.0.14470.0/20090310 found [backdoor.Win32.IRCBot.acd] > Fortinet 3.117.0.0/20090310 found [W32/IRCBot.ACD!tr.bdr] > GData 19/20090310 found [backdoor.IRCBot.ABEU] > Ikarus T3.1.1.45.0/20090310 found [backdoor.Win32.IRCBot] > K7AntiVirus 7.10.665/20090310 found [backdoor.Win32.IRCBot.acd] > Kaspersky 7.0.0.125/20090310 found [backdoor.Win32.IRCBot.acd] > McAfee 5548/20090309 found [W32/Checkout] > McAfee+Artemis 5548/20090309 found [W32/Checkout] > Microsoft 1.4405/20090310 found [backdoor:Win32/IRCbot.OU] > NOD32 3923/20090310 found [Win32/IRCBot.WO] > Norman 6.00.06/20090310 found [W32/Ircbot.XIC] > nProtect 2009.1.8.0/20090310 found nothing > Panda 10.0.0.10/20090309 found [W32/Gaobot.OXI.worm] > PCTools 4.4.2.0/20090310 found [Worm.IRCBot.BDP] > Prevx1 V2/20090310 found [High Risk System Back Door] > Rising 21.20.11.00/20090310 found [backdoor.Win32.IRCbot.bcr] > SecureWeb-Gateway 6.7.6/20090310 found [Trojan.Crypt.XPACK.Gen] > Sophos 4.39.0/20090310 found [W32/IRCBot-XG] > Sunbelt 3.2.1858.2/20090310 found [Worm.Win32.IRCBot.Gen] > Symantec 1.4.4.12/20090310 found [W32.Mubla.B] > TheHacker 6.3.3.0.278/20090310 found [backdoor/IRCBot.acd] > TrendMicro 8.700.0.1004/20090310 found [bKDR_IRCBOT.AGP] > VBA32 3.12.10.1/20090310 found [backdoor.Win32.IRCBot.acd] > ViRobot 2009.3.10.1643/20090310 found [backdoor.Win32.IRCBot.116224.C] > VirusBuster 4.5.11.0/20090310 found [Worm.IRCBot.BDP] > > [ notes ] > packers (Kaspersky): PE_Patch, NTKrnl > Prevx info: http://info.prevx.com/aboutprogramtext.asp...1C45600E660967F ***RAPPORT RSIT : Logfile of random's system information tool 1.05 (written by random/random) Run by Patrick at 2009-03-11 00:50:14 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 310 MB (3%) free of 10 GB Total RAM: 382 MB (30% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:50:56, on 11/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jusched.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe C:\Documents and Settings\Patrick\Bureau\RSIT.exe C:\Program Files\trend micro\Patrick.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...itrix/wficat-no -eula.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C5E9D4FE-84CB-4146-A3B9-1AF7EDB17926}: NameServer = 194.25.0.68 194.25.0.60 O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB2ADDA-8A05-4D36-85A2-DFB22491ECC6}: NameServer = 212.19.48.14 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Steganos VPN Starter Service (SVPNStarter) - Unknown owner - C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe -- End of file - 7537 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUser.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-02-20 134344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - E:\Free Download Manager\iefdm2.dll [2009-03-02 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-01-02 204248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-02-20 646264] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-07 144792] "avast!"=E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1211176] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] WgaLogon.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-20 240128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400] "{BB4C402F-882A-4526-8C08-51278EA437C1}"=C:\WINDOWS\system32\afmain0.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic y\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220 19" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\Program Files\Proxy Switcher Lite\ProxySwitcher.exe"="C:\Program Files\Proxy Switcher Lite\ProxySwitcher.exe:*:Enabled:Proxy Switcher" "C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " "C:\WINDOWS\ServicePackFiles\i386\iexplore.exe"="C:\WINDOWS\ServicePackFiles\i386\iexplore. exe:*:Enabled:Internet Explorer" "E:\Free Download Manager\fdm.exe"="E:\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic y\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220 19" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ba48 6-3532-11dc-8931-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27093ba 0-019a-11de-b0d2-0030051136bb}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fd7b5d 0-614f-11dc-8980-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49087cc b-0d0a-11dc-88f2-4d6564696130}] shell\AutoRun\command - F:\ve.exe shell\open\command - F:\ve.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b95243 4-bb78-11dc-8a6d-4d6564696130}] shell\AutoRun\command - F:\pook.com shell\open\command - F:\pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{786af3e 0-ad82-11dd-8bd9-0030051136bb}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{786af3e 1-ad82-11dd-8bd9-0030051136bb}] shell\AutoRun\command - G:\e.com shell\explore\command - G:\e.com shell\open\command - G:\e.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a025e2 0-309f-11dd-8b34-4d6564696130}] shell\AutoRun\command - F:\oufddh.exe shell\explore\command - F:\oufddh.exe shell\open\command - F:\oufddh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98b0009 0-af12-11dd-8bdc-0030051136bb}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8a4b58 0-443d-11dc-894c-000d180119bf}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2871ff 0-e81a-11db-88b0-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc710eb 0-c5e3-11dd-b03b-0030051136bb}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e79a045 6-4bdb-11dc-895f-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f505f54 7-ee5f-11dd-b092-0030051136bb}] shell\AutoRun\command - F:\8.bat shell\open\command - F:\8.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cfd09 0-af13-11dd-8bdd-0030051136bb}] shell\AutoRun\command - H:\AutoRun.exe ======List of files/folders created in the last 3 months====== 2009-03-11 00:50:14 ----D---- C:\rsit 2009-03-10 18:11:38 ----D---- C:\Documents and Settings\Patrick\Application Data\Malwarebytes 2009-03-10 18:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-03-10 18:11:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-10 15:22:22 ----D---- C:\_OTMoveIt 2009-03-10 12:51:43 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-03-10 12:44:28 ----A---- C:\TB.txt 2009-03-10 12:43:44 ----D---- C:\ToolBar SD 2009-03-10 12:36:23 ----A---- C:\cleannavi.txt 2009-03-10 11:14:08 ----A---- C:\fixnavi.txt 2009-03-10 11:11:15 ----D---- C:\Program Files\Navilog1 2009-03-09 23:58:20 ----D---- C:\GenProc 2009-03-09 23:38:09 ----D---- C:\WINDOWS\BDOSCAN8 2009-03-07 11:28:06 ----A---- C:\WINDOWS\system32\aswBoot.exe 2009-03-05 17:19:08 ----D---- C:\Documents and Settings\Patrick\Application Data\Media Player Classic 2009-03-05 02:49:07 ----A---- C:\WINDOWS\system32\unrar.dll 2009-03-05 02:49:04 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-03-05 02:49:03 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-03-05 02:49:01 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-03-05 02:48:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-03-05 02:48:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-03-05 02:48:54 ----A---- C:\WINDOWS\system32\pthreadGC2.dll 2009-03-05 02:27:48 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\px.dll 2009-03-04 17:47:22 ----RSH---- C:\dbrxubcw.com 2009-03-04 11:07:41 ----D---- C:\Documents and Settings\Patrick\Application Data\Free Download Manager 2009-02-24 13:52:46 ----D---- C:\WINDOWS\system32\Color 2009-02-24 12:23:03 ----D---- C:\Documents and Settings\Patrick\Application Data\ICAClient 2009-02-24 12:22:52 ----D---- C:\Program Files\Citrix 2009-02-23 12:09:38 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-02-23 04:15:11 ----D---- C:\Documents and Settings\Patrick\Application Data\GrabPro 2009-02-23 04:14:58 ----D---- C:\Documents and Settings\Patrick\Application Data\Orbit 2009-02-23 04:14:54 ----D---- C:\Program Files\Orbitdownloader 2009-02-07 17:40:14 ----RSH---- C:\1utbfd.bat 2009-02-06 02:54:58 ----D---- C:\Ares Tube 2009-02-04 23:11:10 ----D---- C:\Program Files\Internet Download Manager 2009-01-30 01:44:21 ----A---- C:\WINDOWS\AhnRpta.exe 2009-01-20 07:24:57 ----D---- C:\Documents and Settings\Patrick\Application Data\IDM 2009-01-10 06:27:32 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-01-08 02:24:47 ----A---- C:\WINDOWS\system32\ShellMPD.dll 2009-01-02 23:15:02 ----D---- C:\Program Files\Hotspot Shield 2008-12-26 12:37:52 ----D---- C:\Program Files\MsnMonitorPro 2008-12-21 13:37:52 ----D---- C:\Program Files\Fichiers communs\Windows Live 2008-12-18 19:29:48 ----D---- C:\Program Files\OpenAL 2008-12-18 19:28:52 ----D---- C:\Program Files\Warzone 2100 2008-12-17 14:08:13 ----D---- C:\Program Files\Microsoft Silverlight 2008-12-17 00:29:06 ----A---- C:\WINDOWS\system32\lfpng13n.dll 2008-12-14 11:35:01 ----D---- C:\Documents and Settings\Patrick\Application Data\dvdcss 2008-12-13 13:49:20 ----D---- C:\Program Files\Windows Live SkyDrive 2008-12-12 11:35:45 ----D---- C:\Documents and Settings\Patrick\Application Data\vlc 2008-12-12 02:16:22 ----D---- C:\Documents and Settings\Patrick\Application Data\DMCache ======List of files/folders modified in the last 3 months====== 2009-03-11 00:50:56 ----D---- C:\Program Files\Trend Micro 2009-03-11 00:49:50 ----D---- C:\WINDOWS\Prefetch 2009-03-11 00:48:57 ----D---- C:\WINDOWS 2009-03-11 00:48:55 ----D---- C:\WINDOWS\Temp 2009-03-11 00:39:33 ----D---- C:\Program Files\eMule 2009-03-11 00:37:32 ----RD---- C:\Program Files 2009-03-11 00:27:45 ----D---- C:\WINDOWS\system32\drivers 2009-03-10 18:33:36 ----D---- C:\Program Files\MessenPass 2009-03-10 15:24:57 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-10 12:51:43 ----D---- C:\WINDOWS\system32 2009-03-10 12:48:22 ----D---- C:\WINDOWS\Minidump 2009-03-09 23:38:14 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-09 23:38:09 ----HD---- C:\WINDOWS\inf 2009-03-05 19:20:06 ----D---- C:\mp3 2009-03-05 02:27:58 ----D---- C:\Program Files\DivX 2009-03-05 02:27:20 ----SHD---- C:\WINDOWS\Installer 2009-03-05 02:27:20 ----HD---- C:\Config.Msi 2009-03-02 03:02:35 ----D---- C:\Program Files\Foxit Software 2009-03-01 23:04:14 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-01 02:42:01 ----D---- C:\Documents and Settings 2009-02-23 17:41:54 ----D---- C:\Documents and Settings\Patrick\Application Data\Skype 2009-02-23 11:29:29 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2009-02-11 10:48:20 ----D---- C:\Documents and Settings\Patrick\Application Data\LimeWire 2009-02-11 10:48:17 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-11 10:48:17 ----D---- C:\WINDOWS\system32\NtmsData 2009-02-11 10:48:17 ----D---- C:\WINDOWS\Help 2009-02-11 10:48:17 ----D---- C:\Program Files\WinRAR 2009-02-11 10:48:17 ----D---- C:\Program Files\FlashGet 2009-02-11 10:48:17 ----D---- C:\Program Files\Fichiers communs\XpressUpdate 2009-02-11 10:15:33 ----D---- C:\temp 2009-02-09 22:53:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-09 20:40:16 ----D---- C:\Downloads 2009-02-06 02:25:24 ----RSD---- C:\WINDOWS\assembly 2009-02-06 02:25:24 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-06 02:14:04 ----D---- C:\WINDOWS\WinSxS 2009-01-30 20:25:33 ----SHD---- C:\RECYCLER 2009-01-18 23:52:16 ----D---- C:\Documents and Settings\Patrick\Application Data\Adobe 2009-01-08 02:24:31 ----D---- C:\Program Files\Messenger 2008-12-21 14:44:36 ----D---- C:\Program Files\Windows Live 2008-12-21 14:44:06 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-12-21 13:37:52 ----D---- C:\Program Files\Fichiers communs 2008-12-18 16:02:39 ----D---- C:\Documents and Settings\Patrick\Application Data\skypePM 2008-12-13 20:18:46 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-12 11:31:32 ----D---- C:\Program Files\VideoLAN 2008-12-12 01:45:01 ----D---- C:\Documents and Settings\Patrick\Application Data\LuckaSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-19 46720] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-23 117760] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-14 100992] R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020] R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-02-15 26624] R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2005-09-19 126489] S3 BioNT_BS;BioNT_BS; \??\C:\Program Files\Paragon Software\Hard Disk Manager (technician licence)\BlueScrn\BioNT_bs.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944] S3 catchme;catchme; \??\C:\DOCUME~1\Patrick\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616] S3 HPUATA;HP CD Writer Plus Controller Driver; C:\WINDOWS\System32\DRIVERS\HPUATA.sys [2001-09-24 75776] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455] S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807] S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295] S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615] S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471] S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320] S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 UsbEvdoAtc;LGE EVDO USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgevdoatc.sys [2007-08-28 19840] S3 usbevdobus;LGE EVDO Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgevdobus.sys [2007-08-28 12800] S3 UsbEvdoDiag;LGE EVDO USB Serial DM Port; C:\WINDOWS\system32\DRIVERS\lgevdodiag.sys [2007-08-28 19840] S3 USBEVDOModem;LGE EVDO USB Modem; C:\WINDOWS\system32\DRIVERS\lgevdomodem.sys [2007-08-28 21632] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104] S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-06-21 22768] S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-06-21 25600] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072] R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-25 88024] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-07 147456] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336] R2 SVPNStarter;Steganos VPN Starter Service; C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe [2007-02-16 19968] R2 WSearch;Recherche Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] R3 avast! Mail Scanner;avast! Mail Scanner; E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; E:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-21 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2009-03-11 00:51:01 ======Uninstall list====== -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Ares Tube 3.2-->"c:\Ares Tube\unins000.exe" avast! Antivirus-->E:\Program Files\Alwil Software\Avast4\aswRunDll.exe "E:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922} Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Free Download Manager 3.0-->E:\Free Download Manager\uninst.exe Hard Disk Manager (technician licence)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2552753-D0A7-459B-B606-A7AE12EDFFEF}\Setup.exe" -l0x9 HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotspot Shield 1.10-->C:\Program Files\Hotspot Shield\Uninstall.exe HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop IMDetect MSN Sniffer Pro v3.0 Evaluation Version -->C:\PROGRA~1\MSNMON~1\UNWISE.EXE C:\PROGRA~1\MSNMON~1\INSTALL.LOG Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} K-Lite Codec Pack 4.7.0 (Full)-->"E:\Program Files\K-Lite Codec Pack\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MessenPass-->C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\MessenPass\uninst1~.nsu" MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mobile Connect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly Modem USB LG Electronics-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DC6E06A-F0F7-47F7-8479-FFCAF60F538F}\setup.exe" -l0x40c -removeonly MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe" Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Steganos Internet Anonym VPN-->C:\Program Files\Steganos Internet Anonym VPN\uninstall.exe VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Virtual Machine Network Services Driver-->MsiExec.exe /I{A1795AC0-9B6A-40D9-8E07-A82662268D9F} VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ======Security center information====== AV: avast! antivirus 4.8.1335 [VPS 090310-0] System event log Computer Name: OKAPIMCT Event Code: 26 Message: Application popup : Windows - Mémoire virtuelle minimale insuffisante : Votre système manque de mémoire virtuelle. Windows augmente la taille de votre fichier de pagination de mémoire virtuelle. Durant cette opération, des demandes de mémoire pour certaines applications pourront être refusées. Pour plus d'informations, consultez l'Aide. Record Number: 138750 Source Name: Application Popup Time Written: 20090210155313.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 20159 Message: La connexion à HUAWEI3G.Internet Méditel effectuée par l'utilisateur MEDINET utilisant le périphérique COM8 a été déconnectée. Record Number: 138749 Source Name: RemoteAccess Time Written: 20090210154636.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 4226 Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Record Number: 138748 Source Name: Tcpip Time Written: 20090210142451.000000+060 Event Type: Avertissement User: Computer Name: OKAPIMCT Event Code: 35 Message: Le service de temps synchronise maintenant l'heure système avec la source de temps time.windows.com (ntp.m|0x1|41.214.153.60:123->207.46.232.182:123). Record Number: 138747 Source Name: W32Time Time Written: 20090210141656.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 20158 Message: L'utilisateur MEDINET a établi une connexion à HUAWEI3G.Internet Méditel en utilisant le périphérique COM8. Record Number: 138746 Source Name: RemoteAccess Time Written: 20090210141644.000000+060 Event Type: Informations User: Application event log Computer Name: OKAPIMCT Event Code: 7 Message: Record Number: 5 Source Name: ADSLAutoconnect Time Written: 20090121012957.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 7 Message: Record Number: 4 Source Name: ADSLAutoconnect Time Written: 20090120233136.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 1003 Message: Le service Recherche Windows a été démarré. Record Number: 3 Source Name: Windows Search Service Time Written: 20090120233127.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 7 Message: Record Number: 2 Source Name: ADSLAutoconnect Time Written: 20090120233124.000000+060 Event Type: Informations User: Computer Name: OKAPIMCT Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 1 Source Name: SecurityCenter Time Written: 20090120233121.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=080a "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------
  2. okapimct
    Merci, Voici les résultats sur le 2 procedures : C:\_OTMoveIt\MovedFiles\03102009_152222.log ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder c:\documents and settings\patrick\local settings\application data\qvfcnr.exe not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\qvfcnr not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\JETAA0D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DF25A3.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_184.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2f8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_350.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_152222 Files moved on Reboot... File C:\DOCUME~1\Patrick\LOCALS~1\Temp\JETAA0D.tmp not found! C:\DOCUME~1\Patrick\LOCALS~1\Temp\WCESLog.log moved successfully. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DF25A3.tmp moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_184.dat moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_2f8.dat moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_350.dat not found! Resultat du http://www.virustotal.com/fr/ je fais un mail et je n'ai encore rien recu
  3. okapimct
    -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Processeur Intel Pentium III ) BIOS : PhoenixBIOS Version 4.06 Rev. 1.07.1215 USER : Patrick ( Administrator ) BOOT : Fail-safe boot Antivirus : avast! antivirus 4.8.1335 [VPS 090309-0] 4.8.1335 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:8 Go (Free:0 Go) G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 10/03/2009|12:44 ) C:\WINDOWS\iun6002.exe -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@imissyoualot[2].txt Supprime! - C:\WINDOWS\iun6002.exe -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.yahoo.com"'>http://fr.yahoo.com" "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com"'>http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com" "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://fr.yahoo.com" "Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com" "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Suspect .. C:\WINDOWS\photo24.zip C:\WINDOWS\photo3.zip C:\WINDOWS\photo51.zip C:\WINDOWS\photo57.zip C:\WINDOWS\photo60.zip C:\WINDOWS\photo69.zip C:\WINDOWS\photo9.zip C:\WINDOWS\photo93.zip C:\WINDOWS\photos010.zip C:\WINDOWS\photos019.zip C:\WINDOWS\photos040.zip C:\WINDOWS\photos043.zip C:\WINDOWS\photos049.zip C:\WINDOWS\photos055.zip C:\WINDOWS\photos088.zip C:\WINDOWS\photos097.zip C:\WINDOWS\webcam-photos011.zip C:\WINDOWS\webcam-photos017.zip C:\WINDOWS\webcam-photos026.zip C:\WINDOWS\webcam-photos035.zip C:\WINDOWS\webcam-photos038.zip C:\WINDOWS\webcam-photos050.zip C:\WINDOWS\webcam-photos062.zip C:\WINDOWS\webcam-photos077.zip C:\WINDOWS\webcam-photos080.zip C:\WINDOWS\webcam-photos083.zip C:\WINDOWS\webcam-photos095.zip Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 10/03/2009|12:46 - Option : [2] -----------\\ Fin du rapport a 12:46:17,13 Search Navipromo version 3.7.5 commencé le 10/03/2009 à 11:14:08,75 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Processeur Intel Pentium III ) BIOS : PhoenixBIOS Version 4.06 Rev. 1.07.1215 USER : Patrick ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090309-0] 4.8.1335 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:8 Go (Free:0 Go) G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) Recherche executé en mode normal *** Recherche Programmes installés *** Favorit Live-Player *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** ...\Instant Access trouvé ! ...\Live-Player trouvé ! *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** ...\Live-Player trouvé ! *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Patrick\applic~1" *** ...\Live-Player trouvé ! *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Patrick\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Patrick\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Patrick\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** c:\docume~1\alluse~1\bureau\Live-Player.lnk trouvé ! C:\WINDOWS\dialerexe.ini trouvé ! *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "aauwuug"="\"c:\\documents and settings\\patrick\\local settings\\application data\\aauwuug.exe\" aauwuug" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "qvfcnr"="\"c:\\documents and settings\\patrick\\local settings\\application data\\qvfcnr.exe\" qvfcnr" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Patrick\locals~1\applic~1" : aauwuug.exe trouvé ! aauwuug.dat trouvé ! aauwuug_nav.dat trouvé ! aauwuug_navps.dat trouvé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 10/03/2009 à 11:19:14,70 *** Clean Navipromo version 3.7.5 commencé le 10/03/2009 à 12:36:23,17 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Processeur Intel Pentium III ) BIOS : PhoenixBIOS Version 4.06 Rev. 1.07.1215 USER : Patrick ( Administrator ) BOOT : Fail-safe boot Antivirus : avast! antivirus 4.8.1335 [VPS 090309-0] 4.8.1335 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:8 Go (Free:0 Go) G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage executé en mode sans échec *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Patrick\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** ...\Instant Access ...suppression... ...\Instant Access supprimé ! ...\Live-Player ...suppression... ...\Live-Player supprimé ! *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** ...\Live-Player ...suppression... ...\Live-Player supprimé ! *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Patrick\applic~1" *** ...\Live-Player ...suppression... ...\Live-Player supprimé ! *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Patrick\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Patrick\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Suppression fichiers *** c:\docume~1\alluse~1\bureau\Live-Player.lnk supprimé ! C:\WINDOWS\dialerexe.ini supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Patrick\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * C:\WINDOWS\prefetch\aauwuug*.pf trouvé ! Copie C:\WINDOWS\prefetch\aauwuug*.pf réalisée avec succès ! C:\WINDOWS\prefetch\aauwuug*.pf supprimé ! C:\WINDOWS\prefetch\qvfcnr*.pf trouvé ! Copie C:\WINDOWS\prefetch\qvfcnr*.pf réalisée avec succès ! C:\WINDOWS\prefetch\qvfcnr*.pf supprimé ! * Dans "C:\Documents and Settings\Patrick\locals~1\applic~1" * aauwuug.exe trouvé ! Copie aauwuug.exe réalisée avec succès ! aauwuug.exe supprimé ! aauwuug.dat trouvé ! Copie aauwuug.dat réalisée avec succès ! aauwuug.dat supprimé ! aauwuug_nav.dat trouvé ! Copie aauwuug_nav.dat réalisée avec succès ! aauwuug_nav.dat supprimé ! aauwuug_navps.dat trouvé ! Copie aauwuug_navps.dat réalisée avec succès ! aauwuug_navps.dat supprimé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Clés RUN orphelines Navipromo *** !! Résultats temporairement non pris en charge !! !! Les clés trouvées ne sont pas forcément infectées !! Clés trouvés : [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "qvfcnr"="\"c:\\documents and settings\\patrick\\local settings\\application data\\qvfcnr.exe\" qvfcnr" *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 10/03/2009 à 12:38:10,00 *** REPONDEZ-MOI... okapimct@yahoo.fr .
×
×
  • Créer...