Aller au contenu

christophe lebret

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    4

  • Inscription

  • Dernière visite

christophe lebret's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. christophe lebret
    Voici le rapport Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 07/05/2010 10:19:57 mbam-log-2010-05-07 (10-19-57).txt Type d'examen: Examen rapide Elément(s) analysé(s): 144403 Temps écoulé: 7 minute(s), 42 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jnullcpi (Rootkit.Agent.BO) -> Delete on reboot. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\Drivers\jnullcpi.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
  2. christophe lebret
    Le 2eme info.txt logfile of random's system information tool 1.06 2010-05-06 13:30:54 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu" -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Client Web MetaFrame Presentation Server pour Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf DCom-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{010C4200-E519-11D3-92D7-0080C8DE2D93}\setup.exe" -u Etats Et Requêtes-->"C:\Program Files\Etats et Requetes 10\WDUninst.exe" /REG="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Etats Et Requêtes" HASP Device Driver-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\hdd32.log HASP License Manager-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\hasplm.log High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" IBM AS/400 Client Access Express for Windows-->"C:\Program Files\IBM\Client Access\cwbinarp.exe" Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MAX Commun-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF4F7C57-31CA-49E5-BA5A-17B93CFA222A}\setup.exe" -u MAX Gestion du personnel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE267903-ED83-11D0-9CB6-006097BA4957}\setup.exe" -u MAX Moteur d'édition-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F2598E0-AEF4-11D3-92D5-0080C8DE2D93}\setup.exe" -u MAX Serveur Gestion Personnel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52355DE0-8DE6-11D3-92D4-0080C8DE2D93}\setup.exe" -u MAX Serveur Principal-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A4E9826-2C0D-48AD-BAC8-FFFBEE8AB488}\setup.exe" -u Microsoft Access 2000 SR-1 Runtime-->MsiExec.exe /I{0018040C-78E1-11D2-B60F-006097C998E7} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9012040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2000 Analysis Services-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Microsoft Analysis Services\uninst.isu" -c"C:\Program Files\Microsoft Analysis Services\uninst.dll" Microsoft SQL Server 2000-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly SEDIT Marianne - Finances - Client-->C:\WINDOWS\IsUn040c.exe -fc:\sm\fi\ini\Uninst.isu SEDIT Marianne - Opale-->C:\WINDOWS\IsUn040c.exe -fc:\sm\Opale\Uninst.isu SEDIT Marianne - Ressources humaines - Client-->C:\WINDOWS\IsUn040c.exe -fc:\sm10g\rh\ini\Uninst.isu Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SQL Server Backup 8.0.2-->"C:\Program Files\SQL Server Backup 8\unins000.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xemelios-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{88E75DF8-E1BF-4603-BB46-9BFD577D6405} ======Security center information====== AV: AntiVir Desktop (disabled) (outdated) ======System event log====== Computer Name: REPRISEXNET Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 20630 Source Name: MRxSmb Time Written: 20091130150611.000000+060 Event Type: Avertissement User: Computer Name: REPRISEXNET Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 20629 Source Name: MRxSmb Time Written: 20091130150609.000000+060 Event Type: Avertissement User: Computer Name: REPRISEXNET Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 20628 Source Name: MRxSmb Time Written: 20091130150608.000000+060 Event Type: Avertissement User: Computer Name: REPRISEXNET Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 20627 Source Name: MRxSmb Time Written: 20091130150605.000000+060 Event Type: Avertissement User: Computer Name: REPRISEXNET Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 20626 Source Name: MRxSmb Time Written: 20091130150554.000000+060 Event Type: Avertissement User: =====Application event log===== Computer Name: REPRISEXNET Event Code: 5000 Message: Record Number: 16164 Source Name: McLogEvent Time Written: 20100311155717.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: REPRISEXNET Event Code: 1008 Message: Record Number: 16163 Source Name: McLogEvent Time Written: 20100311155659.000000+060 Event Type: erreur User: Computer Name: REPRISEXNET Event Code: 5051 Message: Record Number: 16162 Source Name: McLogEvent Time Written: 20100311155655.000000+060 Event Type: erreur User: AUTORITE NT\SYSTEM Computer Name: REPRISEXNET Event Code: 257 Message: Record Number: 16161 Source Name: Alert Manager Event Interface Time Written: 20100311155536.000000+060 Event Type: erreur User: Computer Name: REPRISEXNET Event Code: 318 Message: Unable to read local eventlog (reason: La zone de données passée à un appel système est insuffisante). Record Number: 16160 Source Name: SQLSERVERAGENT Time Written: 20100311104602.000000+060 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\oracle\product\10.2.0\client_1\bin;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator; "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=0403 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% -----------------EOF----------------- Merci de prendre mon pb
  3. christophe lebret
    Merci voici le 1er rapport log.txt MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\SQL Server Backup 8\SQLBackupAgent.exe C:\Program Files\SQL Server Backup 8\StorageServer.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe C:\Program Files\DGCP\Xemelios\MySQLServer\MySQL Server 5.0\bin\mysqld-nt.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\reprisexnet\Bureau\RSIT.exe C:\Program Files\trend micro\reprisexnet.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.1.5.1:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {55F0FCD3-95FF-402B-8475-4FC3F3C77320} - c:\windows\system32\bnrmzqe.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} (NTR ActiveX 1.1.8.2) - http://eu.ntrsupport.com/nv/inquiero/mod/s...tivex1182_2.cab O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1. - http://eu.ntrsupport.com/inquiero/mod/setu...tivex118_28.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mairiecabourg.int O17 - HKLM\Software\..\Telephony: DomainName = mairiecabourg.int O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mairiecabourg.int O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mairiecabourg.int O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DataBK SQL Backup Agent (DataBKSQLBackupAgent) - DataBK Software - C:\Program Files\SQL Server Backup 8\SQLBackupAgent.exe O23 - Service: DataBK Storage Server (DataBKStorageServer) - DataBK Software - C:\Program Files\SQL Server Backup 8\StorageServer.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe O23 - Service: MSSQLServerOLAPService - Unknown owner - C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe O23 - Service: MySQLForXemelios - Unknown owner - C:\Program.exe (file missing) O23 - Service: OracleOraClient8iClientCache - Unknown owner - C:\oracle\BIN\ONRSD.EXE O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 8603 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55F0FCD3-95FF-402B-8475-4FC3F3C77320}] c:\windows\system32\bnrmzqe.dll [2004-08-05 111104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-25 94208] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-25 77824] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-25 114688] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-06-21 577536] "Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144] "Client Access Service"=C:\Program Files\IBM\Client Access\CwbSvStr.Exe [1999-01-08 6928] "Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [1999-01-08 15632] "Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [1999-01-08 44816] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-04-25 131072] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe:*:Enabled:IreIke" "C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog" "C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp" "C:\Program Files\CoSine Communications\IPSec Dial Client\vpn.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager" "C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe"="C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe:*:Enabled:PRTG_Traffic_Grapher_Webserver" ======File associations====== .txt - open - "C:\editeur\GBEPad.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-05-06 10:19:16 ----A---- C:\ComboFix.txt 2010-05-06 10:03:34 ----A---- C:\Boot.bak 2010-05-06 10:03:29 ----RASHD---- C:\cmdcons 2010-05-06 10:01:56 ----A---- C:\WINDOWS\zip.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\SWSC.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\SWREG.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\sed.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\PEV.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\NIRCMD.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\MBR.exe 2010-05-06 10:01:56 ----A---- C:\WINDOWS\grep.exe 2010-05-06 10:01:47 ----D---- C:\WINDOWS\ERDNT 2010-05-06 10:01:46 ----D---- C:\djé11 2010-05-06 10:01:23 ----D---- C:\Qoobox 2010-05-06 09:55:53 ----D---- C:\Program Files\trend micro 2010-05-06 09:55:49 ----D---- C:\rsit 2010-05-03 10:13:16 ----D---- C:\Program Files\orktools 2010-05-03 10:13:16 ----A---- C:\WINDOWS\system32\ODBCINST.DLL 2010-05-03 10:13:16 ----A---- C:\WINDOWS\system32\ODBC.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\XBS200.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\SCP.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\OLE2PROX.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\MSTOOLBR.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\MSJETINT.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\MSJETERR.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\MSAJT200.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\MSAEXP20.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\MSABC200.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\system32\DAO2016.DLL 2010-05-03 10:11:58 ----A---- C:\WINDOWS\KITACC.INI 2010-05-03 10:11:58 ----A---- C:\WINDOWS\GRAPH5.INI 2010-05-03 09:58:59 ----D---- C:\Sécurité OutLook 2010-05-03 09:58:58 ----D---- C:\SvrReports 2010-05-03 09:58:58 ----D---- C:\SvrPrinc 2010-05-03 09:58:57 ----D---- C:\SvrOLAPGP 2010-05-03 09:58:55 ----D---- C:\SvrOLAP 2010-05-03 09:58:54 ----D---- C:\SvrMsxGP 2010-05-03 09:58:53 ----D---- C:\SvrMsx 2010-05-03 09:58:50 ----D---- C:\SvrGP 2010-05-03 09:58:49 ----D---- C:\SvrDCOM 2010-05-03 09:58:43 ----D---- C:\SvrCpta 2010-05-03 09:58:42 ----D---- C:\ODBC 2010-05-03 09:58:41 ----D---- C:\LS2K_Max 2010-05-03 09:58:40 ----D---- C:\DComMsx 2010-05-03 09:57:41 ----D---- C:\ClikAcc2000 2010-05-03 09:57:40 ----D---- C:\CliVb4 2010-05-03 09:57:38 ----D---- C:\CliSqlS 2010-05-03 09:56:31 ----D---- C:\CliPclty 2010-05-03 09:56:30 ----D---- C:\CliMXCnf 2010-05-03 09:56:28 ----D---- C:\CliKAcc 2010-05-03 09:56:11 ----D---- C:\CliGP 2010-05-03 09:56:10 ----D---- C:\CliDCOM 2010-05-03 09:55:43 ----D---- C:\CliCpta 2010-05-03 09:55:39 ----D---- C:\CR9Runtime 2010-05-03 09:55:19 ----D---- C:\AX 2010-05-03 09:54:13 ----A---- C:\WINDOWS\system32\MAGCLS.dll 2010-05-03 09:54:13 ----A---- C:\WINDOWS\system32\MAG16.exe 2010-05-03 09:54:10 ----N---- C:\WINDOWS\system32\crviewer.dll 2010-05-03 09:54:09 ----N---- C:\WINDOWS\system32\craxdrt.dll 2010-05-03 09:54:08 ----N---- C:\WINDOWS\system32\x3fxlfr.dll 2010-05-03 09:54:08 ----N---- C:\WINDOWS\system32\x3fwkfr.dll 2010-05-03 09:54:08 ----N---- C:\WINDOWS\system32\x3fwdfr.dll 2010-05-03 09:54:08 ----N---- C:\WINDOWS\system32\craxddt.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3ftxfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3fsvfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3frtfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3frdfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3frcfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3fodfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3fhtfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3fdffr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3fcrfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3dvmfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3dptfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3dntfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3dmpfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3ddkfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\x3dapfr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u3ls1fr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u3l20fr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u3520fr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2lsamp1.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2lfinra.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2lexch.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2ldts.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2lcom.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2lbar.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2l2000.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fxls.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fwordw.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fwks.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2ftext.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fsepv.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2frtf.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2frec.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fodbc.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fhtml.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fdif.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2fcr.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2dvim.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2dpost.dll 2010-05-03 09:54:07 ----N---- C:\WINDOWS\system32\u2dnotes.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\u2dmapi.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\u2ddisk.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\u2dapp.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\u25dts.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\u252000.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\sscsdk80.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\r3EXLfr.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\pg32conv.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\p3tdofr.dll 2010-05-03 09:54:06 ----N---- C:\WINDOWS\system32\p3ssqfr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3solfr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3sodfr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3so7fr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3smnfr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3rdofr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3dxbfr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p3ddofr.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2ssyb10.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2ssql.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2sora7.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2soledb.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2sodbc.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\P2smon.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2irdao.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2ctdao.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2bxbse.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2bdao.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\p2bbnd.dll 2010-05-03 09:54:05 ----N---- C:\WINDOWS\system32\Implode.dll 2010-05-03 09:54:04 ----N---- C:\WINDOWS\system32\exlate32.dll 2010-05-03 09:54:04 ----N---- C:\WINDOWS\system32\Crxlat32.dll 2010-05-03 09:54:04 ----N---- C:\WINDOWS\system32\crpe32_res_fr.dll 2010-05-03 09:54:04 ----N---- C:\WINDOWS\system32\crpe32.dll 2010-05-03 09:54:04 ----N---- C:\WINDOWS\system32\Crpaig80.dll 2010-05-03 09:54:04 ----N---- C:\WINDOWS\system32\craxdrt_res_fr.dll 2010-05-03 09:54:04 ----D---- C:\WINDOWS\Crystal 2010-05-03 09:54:03 ----A---- C:\WINDOWS\system32\RDO20FR.DLL 2010-05-03 09:54:03 ----A---- C:\WINDOWS\system32\RDC20FR.DLL 2010-05-03 09:54:03 ----A---- C:\WINDOWS\system32\HHActiveX.dll 2010-05-03 09:54:02 ----A---- C:\WINDOWS\system32\DTCUTIL.DLL 2010-05-03 09:54:02 ----A---- C:\WINDOWS\system32\DTCTRACE.DLL 2010-05-03 09:54:02 ----A---- C:\WINDOWS\system32\DTCCM.DLL 2010-05-03 09:54:02 ----A---- C:\WINDOWS\system32\DBLSTFR.DLL 2010-05-03 09:54:02 ----A---- C:\WINDOWS\system32\Cmctlfr.dll 2010-05-03 09:53:58 ----D---- C:\MAX 2010-04-16 12:58:57 ----A---- C:\2nd-cp.bat ======List of files/folders modified in the last 1 months====== 2010-05-06 10:50:07 ----D---- C:\WINDOWS\Prefetch 2010-05-06 10:19:22 ----D---- C:\WINDOWS\system32\drivers 2010-05-06 10:19:00 ----D---- C:\WINDOWS\Temp 2010-05-06 10:18:51 ----D---- C:\Program Files\SQL Server Backup 8 2010-05-06 10:18:10 ----SD---- C:\WINDOWS\Tasks 2010-05-06 10:15:19 ----D---- C:\WINDOWS 2010-05-06 10:15:18 ----A---- C:\WINDOWS\system.ini 2010-05-06 10:15:08 ----D---- C:\WINDOWS\system32\Lang 2010-05-06 10:13:59 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-06 10:13:50 ----SHD---- C:\System Volume Information 2010-05-06 10:13:50 ----D---- C:\WINDOWS\system32\Restore 2010-05-06 10:13:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-05-06 10:11:49 ----D---- C:\WINDOWS\system32\config 2010-05-06 10:11:09 ----RD---- C:\Program Files 2010-05-06 10:11:08 ----A---- C:\WINDOWS\system32\nogfmxw.dll 2010-05-06 10:09:17 ----D---- C:\WINDOWS\system32 2010-05-06 10:09:17 ----D---- C:\WINDOWS\AppPatch 2010-05-06 10:09:16 ----D---- C:\Program Files\Fichiers communs 2010-05-06 10:03:34 ----RASH---- C:\boot.ini 2010-05-06 10:02:37 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-06 09:29:10 ----SHD---- C:\WINDOWS\CSC 2010-05-06 04:19:58 ----D---- C:\WINDOWS\security 2010-05-03 10:21:08 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-03 10:12:37 ----SHD---- C:\WINDOWS\Installer 2010-05-03 10:12:37 ----D---- C:\Config.Msi 2010-05-03 10:12:30 ----D---- C:\WINDOWS\system 2010-05-03 10:12:30 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2010-05-03 10:11:59 ----D---- C:\WINDOWS\msapps 2010-05-03 10:11:59 ----A---- C:\WINDOWS\win.ini 2010-05-03 09:51:38 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-03 09:51:16 ----D---- C:\maj 2010-05-03 09:50:59 ----D---- C:\Appli 2010-05-03 09:25:36 ----D---- C:\MAXGP 2010-05-03 09:10:36 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-15 11:03:57 ----D---- C:\grhas400 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys [] R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 327808] R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2005-07-20 100096] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352] R3 catchme;catchme; \??\C:\DOCUME~1\REPRIS~1\LOCALS~1\Temp\catchme.sys [] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-25 889628] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-07-21 4011264] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220] S3 EQDRV5;EQUANT NDIS 5 Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\eqdrv5.sys [2008-02-15 16000] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 mbr;mbr; \??\C:\DOCUME~1\REPRIS~1\LOCALS~1\Temp\mbr.sys [] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 DataBKSQLBackupAgent;DataBK SQL Backup Agent; C:\Program Files\SQL Server Backup 8\SQLBackupAgent.exe [2009-11-09 1313792] R2 DataBKStorageServer;DataBK Storage Server; C:\Program Files\SQL Server Backup 8\StorageServer.exe [2009-11-09 1467904] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe [2000-08-23 7442493] R2 MySQLForXemelios;MySQLForXemelios; C:\Program Files\DGCP\Xemelios\MySQLServer\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\DGCP\Xemelios\MySQLServer\MySQL Server 5.0\my.ini MySQLForXemelios [] R2 PRTGService;PRTG Service; C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-07-08 3941704] R2 prtgwatchservice;PRTG Watchdog; C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [] S3 Cwbrxd;Fonction Commande à distance de Client Access Express; C:\WINDOWS\CWBRXD.EXE [1999-01-08 42768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602] S3 MSSQLServerOLAPService;MSSQLServerOLAPService; C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe [2000-08-23 1732667] S3 OracleOraClient8iClientCache;OracleOraClient8iClientCache; C:\oracle\BIN\ONRSD.EXE [2002-05-10 416832] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe [2000-08-06 303170] S4 HASP Loader;HASP Loader; C:\WINDOWS\system32\nhsrvice.exe [2003-05-01 225280] -----------------EOF-----------------
  4. christophe lebret
    Bonjour, Nouvellement arrivé sur le forum, j'ai besoin de votre aide car je ne m'en sors pas avec des trojans. J'ai depuis quelques temps le virus TR/Dldr.Agent.dfhk (un autre est apparu ces derniers jours) sur mon ordinateur. Je n'arrive pas à m'en débarrasser ; je tourne sous XP SP2. J'ai AVIRA comme anti virus . J'ai lu quelques messages qui parlent de ce virus, mais les réponses sont tres techniques et je n'ai pas osé faire les différentes manips spécifiées. je vous remercie de prendre en compte mon problême Christophe
×
×
  • Créer...