De l'aide SVP:tout mes ordinateurs ont ete infecte par un virus pr

[samichac]

Bonjour

 

Nos ordinateurs a la maison ont tous ete infectes par un virus probablement provenant d'une cle USB (la cle est passee sur tt les postes).

Si vous pouvez m'aider se serait sympa.

 

Symptomes:

-Je ne parviens pas a ouvrir les fichiers caches(hidden)

-je ne parvient pas a ouvrir le disque dur a partir de my computer (windows me demande avec quel programme je desire ouvrir). j'arrive seulement a l'ouvir a partir de run (demarrer). Il faut noter que j'ai farfouille un peu et efface des fichiers grace a Antivir, RegRun, UnHackme... donc avant cela mon disque dur ouvrait a patir de my computer mais dans une autre fenetre.

-l'ordinateur est bcp plus lent.

 

Il y'a des fichiers suspect que les differents antivirus m'ont signale:

-YLR.exe

-AMVO.exe

 

 

J'ai aussi un rapport HiJackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 1:30:06 PM, on 1/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe

C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\PrevxCSI\prevxcsi.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

c:\program files\avira\antivir personaledition classic\avscan.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S

O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe

O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\matlab\webserver\bin\win32\matlabserver.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: TME3SRV - IEC - C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe

 

 

 

 

je ne suis pas professionnel en informatique donc je ne sais pas quoi faire.

 

Merci d'avance

[Gof]

Bonjour samichac

 

Messages: 1

Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

~~~~

 

Oui, c'est une infection se propageant par supports amovibles. Il va falloir que tu branches tous tes supports amovibles (clés usb, disques dur externes, cartes flash, lecteurs mp2, appareils photos, etc) afin de les traiter. Pour les autres pc, je te recommande de poster un nouveau sujet pour chacun d'entre eux par la suite.

 

Télécharge Flashdisinfector de sUBs sur ton bureau.

• Branche tes supports amovibles, démarre les (disques dur externes par exemple) pour ceux qui le devraient.
  
• Double-clique sur Flash_Disinfector.exe.
  
• Cela sera très rapide, un message t'informera de la fin du fix.
  Attention, celui-ci stoppe le processus explorer.exe puis le redémarre, prends soin de ne pas laisser de documents (word, excel) sur lesquels tu travailles ouvert à ce moment la.
  
• Si tu as beaucoup de clés à désinfecter, tu peux renouveler l'opération en branchant les clés non traitées une à une.
  

L'outil ne génère pas de rapports.

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  

Génère un nouveau passage de Flash Disinfector en faisant de la même façon que la première fois.

 

A bientôt.

[samichac]

J'ai oublie de vous dire que les fichiers que Antivir a supprime sont en relation avec TR/Crypt.NSPM.Gen

 

merci

[Gof]

Re

 

Oui, le nom donné par Avira : "TR/Crypt.NSPM.Gen" est un nom générique pour des variantes d'infections encore inconnues par eux. Suis mes consignes précédentes, a bientôt

[samichac]

Merci Bcp gof pour ton aide

 

Enfin apres avoir essaye 4 fois combofix et apres avoir supprime 2 antivirus voici le rapport combofix:

 

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe

C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-01-30 15:03:24 - machine was rebooted [sami Chacar]

ComboFix-quarantined-files.txt 2008-01-30 13:03:20

.

2008-01-29 15:17:58 --- E O F ---

 

 

Quoi faire maintenant?

 

Merci

[Gof]

Re samichac

 

Pourquoi 4 fois Combofix ? Que s'est il passé ?

 

Le rapport que tu viens de me donner n'est pas complet. Rends toi à cet emplacement : C:\ComboFix.txt Et poste moi le rapport complet. S'il y a plusieurs fichiers textes équivalents (avec des numéros à la fin), poste le contenu de chacun.

[samichac]

4 fois combofix parce qu'au moment ou l'ordi redemarrait regrun et unhackme bloquaient combofix et ne me laissaient pas obtenir de rapport j'ai du les supprimer.

 

en tout cas voici le rapport complet

 

 

ComboFix 08-01-30.6 - Sami Chacar 2008-01-30 14:51:07.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT 2:00]

Running from: C:\Documents and Settings\Sami Chacar\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\WINDOWS\system32\winsusrm.dll

C:\WINDOWS\system32\winsusrx.dll

.

---- Previous Run -------

.

C:\WINDOWS\system32\winsusrm.dll

C:\WINDOWS\system32\winsusrx.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))

.

 

2008-01-30 14:47 . 2005-04-03 14:02 8,944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys

2008-01-30 12:33 . 2008-01-30 12:33 <DIR> d-------- C:\Program Files\PrevxCSI

2008-01-30 10:14 . 2008-01-30 10:14 <DIR> d-------- C:\Program Files\Avira

2008-01-30 10:14 . 2008-01-30 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-01-30 09:40 . 2008-01-30 09:40 <DIR> d-------- C:\RootkitNO

2008-01-30 09:40 . 2008-01-30 09:40 123 --a------ C:\WINDOWS\rootkitno.ini

2008-01-30 09:30 . 2008-01-30 09:30 77 --a------ C:\WINDOWS\lsoon.ini

2008-01-30 09:20 . 2008-01-30 09:20 <DIR> d-------- C:\backreg

2008-01-30 09:20 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat

2008-01-30 09:18 . 2008-01-30 09:19 <DIR> d-------- C:\Documents and Settings\Sami Chacar\Application Data\Regrun

2008-01-30 09:18 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp

2008-01-30 09:17 . 2008-01-30 09:17 <DIR> d-------- C:\Program Files\Greatis

2008-01-30 08:58 . 2008-01-30 12:21 <DIR> d-------- C:\Documents and Settings\Sami Chacar\Application Data\PrevxCSI

2008-01-30 08:58 . 2008-01-30 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-28 21:01 . 2008-01-28 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom

2008-01-28 15:17 . 2008-01-28 15:17 <DIR> d-------- C:\Program Files\DVD Shrink

2008-01-28 15:17 . 2008-01-28 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-01-28 10:56 . 2008-01-28 11:09 <DIR> d-------- C:\Program Files\CDex_170b2

2008-01-23 14:44 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL

2008-01-23 11:18 . 2008-01-23 11:24 <DIR> d-------- C:\UnrealTournament

2008-01-08 13:58 . 2004-08-04 14:00 16,896 --a--c--- C:\WINDOWS\system32\dllcache\tftp.exe

2007-12-02 11:09 . 2007-12-02 11:09 <DIR> d-------- C:\Program Files\Autodesk Drawing Explorer

2007-12-02 10:52 . 2007-12-02 10:52 <DIR> d-------- C:\Documents and Settings\Sami Chacar\Application Data\Template

2007-12-01 15:42 . 2007-12-01 15:42 <DIR> d-------- C:\Documents and Settings\Sami Chacar\Application Data\CADfx

2007-12-01 14:48 . 2007-12-01 14:48 <DIR> d-------- C:\cadfx

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-29 16:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-29 15:13 --------- d-----w C:\Program Files\Symantec

2008-01-28 10:11 --------- d-----w C:\Program Files\Norton SystemWorks

2008-01-24 12:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-24 11:38 --------- d-----w C:\Program Files\Codemasters

2008-01-21 05:01 --------- d-----w C:\Documents and Settings\Sami Chacar\Application Data\AdobeUM

2007-12-02 19:59 --------- d-----w C:\Program Files\AutoCAD 2006

2006-09-05 12:42 0 ----a-w C:\Documents and Settings\Sami Chacar\Application Data\wklnhst.dat

2003-08-27 22:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 04:12 132248]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPSMain"="TPSMain.exe" [2004-08-27 19:34 278528 C:\WINDOWS\system32\TPSMain.exe]

"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]

"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-15 07:26 253952]

"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-12 00:04 114688]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-08 07:10 344064]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 01:28 98394]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 01:26 688218]

"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 03:16 184320]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-29 00:37 88363 C:\WINDOWS\agrsmmsg.exe]

"NDSTray.exe"="C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" [2004-11-13 07:54 929792]

"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]

"TFncKy"="C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2004-10-26 01:23 114688]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]

"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-28 00:20 94208]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-03 21:12 147456]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 20:27 385024]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 20:31 356352]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50 155648]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 11:04 32768]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-25 00:16 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-22 18:41 98304]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-29 17:12 100056]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-05 21:51 26112]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-11-10 21:00:12 471040]

RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-31 06:58:01 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 20:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

 

R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2004-08-31 08:38]

S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys []

S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2004-08-31 08:23]

S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 01:18]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c1a928-4391-11da-aa49-0013ce2f82ae}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c1a929-4391-11da-aa49-0013ce2f82ae}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0465a3-a90f-11db-afbb-00a0d123bf98}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2197eca0-44e9-11dc-b0cf-0013ce2f82ae}]

\Shell\AutoRun\command - ntde1ect.com

\Shell\explore\Command - ntde1ect.com

\Shell\open\Command - ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37db5ac1-6b23-11da-aada-0013ce2f82ae}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b956350-fe2e-11db-b018-0013ce2f82ae}]

\Shell\AutoRun\command - F:\fooool.exe

\Shell\explore\Command - F:\fooool.exe

\Shell\open\Command - F:\fooool.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8ce5843-050e-11dc-b021-0013ce2f82ae}]

\Shell\AutoRun\command - fooool.exe

\Shell\explore\Command - fooool.exe

\Shell\open\Command - fooool.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-25 21:07:16 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sami Chacar.job"

- C:\PROGRA~1\NORTON~2\NORTON~3\Navw32.exeh/task:

"2008-01-28 10:11:42 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"

- C:\Program Files\Norton SystemWorks\OBC.exe

"2008-01-27 22:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"

- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-30 14:56:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe

C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-01-30 15:03:24 - machine was rebooted [sami Chacar]

ComboFix-quarantined-files.txt 2008-01-30 13:03:20

.

2008-01-29 15:17:58 --- E O F ---

 

 

 

 

J'ai essaye les trucs dont j'avais parle dans symptomes ils fonctionnent comme il faut. Est ce que ca veut dire que c passe?

 

 

encore merci GOF

[Gof]

Re

 

J'ai essaye les trucs dont j'avais parle dans symptomes ils fonctionnent comme il faut. Est ce que ca veut dire que c passe?

Les symptômes apparents oui, mais il y a des restes.

 

Poste moi le contenu du fichier suivant : c:\ComboFix-quarantined-files.txt.

 

Idem, s'il y en a plusieurs, poste moi le contenu de chacun. Suivi d'un nouveau rapport HijackThis, et d'un rapport généré comme ceci (désactive les outils de sécurité, il y a un module qui fait croire à une infection) :

 

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

• Décompresse le, sur ton bureau par exemple.
  
• Un nouveau dossier chercher va être créé DiagHelp.
  
• Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  
• Une fenêtre va s'ouvrir, choisis l'option 1
  
• L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
  
• Copie/colle le contenu du bloc-note qui s'ouvre et joins le à ta prochaine réponse.
  

[samichac]

Il n'ya pas de rapport combofix quarantined

 

voici le rapport du diag help:

 

DiagHelp version v1.4 - http://www.malekal.com

excute le Wed 01/30/2008 à 15:29:08.40

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->1/30/2008 3:28:43 PM

C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->1/30/2008 3:26:02 PM

C:\WINDOWS\prefetch\WINWORD.EXE-37F6AE09.pf -->1/30/2008 3:19:43 PM

C:\WINDOWS\prefetch\NAVW32.EXE-286920DF.pf -->1/30/2008 3:19:36 PM

C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->1/30/2008 3:19:31 PM

C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEF9D.pf -->1/30/2008 3:16:50 PM

C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->1/30/2008 3:07:59 PM

C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->1/30/2008 3:07:56 PM

C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->1/30/2008 3:07:51 PM

C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->1/30/2008 3:07:50 PM

 

C:\WINDOWS\System32\drivers\avipbb.sys -->1/30/2008 10:22:23 AM

C:\WINDOWS\System32\drivers\secdrv.sys -->11/13/2007 12:25:53 PM

C:\WINDOWS\System32\drivers\tcpip.sys -->10/30/2007 7:20:55 PM

C:\WINDOWS\System32\drivers\avgntdd.sys -->8/9/2007 1:04:11 PM

C:\WINDOWS\System32\drivers\avgntmgr.sys -->7/18/2007 2:22:19 PM

C:\WINDOWS\System32\drivers\mqac.sys -->7/6/2007 12:05:47 PM

C:\WINDOWS\System32\drivers\update.sys -->4/23/2007 12:32:54 PM

 

C:\WINDOWS\System32\wpa.dbl -->1/30/2008 2:56:29 PM

C:\WINDOWS\System32\CONFIG.NT -->1/30/2008 2:47:13 PM

C:\WINDOWS\System32\AUTOEXEC.NT -->1/30/2008 2:47:13 PM

C:\WINDOWS\System32\SIntfNT.dll -->1/24/2008 2:55:20 PM

C:\WINDOWS\System32\SIntf32.dll -->1/24/2008 2:55:20 PM

C:\WINDOWS\System32\SIntf16.dll -->1/24/2008 2:55:19 PM

C:\WINDOWS\System32\PerfStringBackup.INI -->1/17/2008 4:40:47 PM

C:\WINDOWS\System32\perfh009.dat -->1/17/2008 4:40:47 PM

C:\WINDOWS\System32\perfc009.dat -->1/17/2008 4:40:47 PM

C:\WINDOWS\System32\ftp.exe -->1/7/2008 4:17:34 PM

C:\WINDOWS\System32\MRT.exe -->1/2/2008 8:21:36 PM

C:\WINDOWS\System32\MRT.INI -->12/19/2007 11:51:19 PM

C:\WINDOWS\System32\TZLog.log -->12/19/2007 11:49:36 PM

C:\WINDOWS\System32\tzchange.exe -->11/13/2007 1:31:11 PM

C:\WINDOWS\System32\lsasrv.dll -->11/7/2007 11:26:56 AM

C:\WINDOWS\System32\quartz.dll -->10/30/2007 12:43:03 AM

C:\WINDOWS\System32\xpsp3res.dll -->10/29/2007 12:26:53 PM

C:\WINDOWS\System32\wmasf.dll -->10/27/2007 4:40:06 PM

C:\WINDOWS\System32\shell32.dll -->10/26/2007 5:36:51 AM

C:\WINDOWS\System32\shlwapi.dll -->10/11/2007 8:13:45 AM

C:\WINDOWS\System32\shdocvw.dll -->10/11/2007 8:13:45 AM

C:\WINDOWS\System32\danim.dll -->10/11/2007 8:13:44 AM

C:\WINDOWS\System32\cdfview.dll -->10/11/2007 8:13:44 AM

C:\WINDOWS\System32\browseui.dll -->10/11/2007 8:13:44 AM

C:\WINDOWS\System32\acad.err -->9/30/2007 2:48:34 PM

 

C:\WINDOWS\WindowsUpdate.log -->1/30/2008 2:56:26 PM

C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->1/30/2008 2:55:57 PM

C:\WINDOWS\system.ini -->1/30/2008 2:55:33 PM

C:\WINDOWS.log -->1/30/2008 2:55:07 PM

C:\WINDOWS\bootstat.dat -->1/30/2008 2:55:04 PM

C:\WINDOWS\SchedLgU.Txt -->1/30/2008 2:54:12 PM

C:\WINDOWS\winstart.bat -->1/30/2008 2:47:13 PM

C:\WINDOWS\KB942615-IE7.log -->1/30/2008 1:21:22 PM

C:\WINDOWS\setupapi.log -->1/30/2008 1:15:50 PM

C:\WINDOWS\KB938127-IE7.log -->1/30/2008 12:34:11 PM

C:\WINDOWS\rootkitno.ini -->1/30/2008 9:40:41 AM

C:\WINDOWS\Partizan.txt -->1/30/2008 9:36:02 AM

C:\WINDOWS\lsoon.ini -->1/30/2008 9:30:10 AM

C:\WINDOWS\setupact.log -->1/30/2008 1:25:38 AM

C:\WINDOWS\spupdsvc.log -->1/29/2008 6:31:24 PM

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 3968

Command line: C:\WINDOWS\explorer.exe

 

Base Size Version Path

0x771b0000 0xce000 7.00.5730.0013 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x5dca0000 0x45000 7.00.5730.0013 C:\WINDOWS\system32\iertutil.dll

0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x63000000 0x13000 7.12.0004.0000 C:\WINDOWS\system32\SynTPFcs.dll

0x10000000 0x10000 C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll

0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x60c60000 0x26000 16.02.0054.0000 C:\WINDOWS\system32\AcSignIcon.dll

0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll

0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x60d00000 0x39000 16.02.0054.0000 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll

0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x017a0000 0x5c9000 7.00.5730.0013 C:\WINDOWS\system32\ieframe.dll

0x61410000 0x124000 7.00.5730.0013 C:\WINDOWS\system32\urlmon.dll

0x74b30000 0x3b000 7.00.5730.0013 C:\WINDOWS\system32\webcheck.dll

0x00f00000 0xd000 1.00.0008.0000 C:\WINDOWS\system32\TPwrCfg.DLL

0x00f10000 0x15000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll

0x00fd0000 0xe000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL

0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll

0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll

0x6af30000 0x3d000 103.00.0011.0004 C:\Program Files\Common Files\Symantec Shared\ccL30.dll

0x02c60000 0xc000 6.00.0001.1091 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x02f70000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x086c0000 0x244000 10.00.0000.3702 C:\WINDOWS\system32\wmvcore.dll

0x070d0000 0x3b000 10.00.0000.4060 C:\WINDOWS\system32\WMASF.DLL

0x01260000 0x2c000 C:\Program Files\WinRAR\rarext.dll

0x02c00000 0x35000 11.00.0016.0002 C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL

0x02d30000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll

0x02ff0000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL

0x7c300000 0xe000 7.10.3077.0000 C:\MATLAB7\bin\win32\MFC71ENU.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 1064

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe

0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x10000000 0x19000 6.14.0010.4110 C:\WINDOWS\system32\Ati2evxx.dll

0x01340000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll

0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x014a0000 0x1e000 9.00.0001.0000 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

 

 

Volume in drive C is SQ003558

Volume Serial Number is B4BD-A73C

 

Directory of C:\WINDOWS\system32

 

08/04/2004 02:00 PM 6,144 csrss.exe

1 File(s) 6,144 bytes

0 Dir(s) 5,035,790,336 bytes free

 

Contenu de Downloaded Program Files

Volume in drive C is SQ003558

Volume Serial Number is B4BD-A73C

 

Directory of C:\WINDOWS\Downloaded Program Files

 

01/28/2008 09:01 PM <DIR> .

01/28/2008 09:01 PM <DIR> ..

12/31/2004 03:52 AM 65 desktop.ini

03/05/2005 03:23 PM 302,712 IDrop.ocx

03/05/2005 03:57 PM 113,784 IDropENU.dll

06/11/2007 11:21 AM 5,021 swflash.inf

06/15/2004 09:52 AM 221,184 zylomloader.dll

05/18/2004 12:40 PM 229 zylomloader.inf

6 File(s) 642,995 bytes

 

Total Files Listed:

6 File(s) 642,995 bytes

2 Dir(s) 5,035,786,240 bytes free

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

 

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-30 15:30:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys037a209280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40]

"ujdew"=hex:20,02,00,00,7e,8e,dc,a1,d7,54,7b,f4,9a,27,83,d7,6a,c6,0f,d4,de,..

"ljej40"=hex:ca,0d,96,95,35,7a,95,a3,45,8b,18,a0,4a,85,24,5a,6a,bb,61,0b,b9,..

"ljej41"=hex:0e,0d,96,95,4d,7a,95,a3,44,8b,19,a0,4b,85,24,5a,6a,bb,61,0b,79,..

"ljej42"=hex:0e,0d,96,95,4d,7a,95,a3,44,8b,19,a0,4b,85,24,5a,6a,bb,61,0b,79,..

"ljej43"=hex:0e,0d,96,95,4d,7a,95,a3,44,8b,19,a0,4b,85,24,5a,6a,bb,61,0b,79,..

"ljej44"=hex:0e,0d,96,95,4d,7a,95,a3,44,8b,19,a0,4b,85,24,5a,6a,bb,61,0b,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys037a209280]

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120% (Trial Version)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000477

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

164 - ltmoh.exe

208 - iPodService.exe

336 - iexplore.exe

460 - TPSMain.exe

492 - THotkey.exe

500 - rundll32.exe

520 - atiptaxx.exe

568 - 1XConfig.exe

604 - SNDSrvc.exe

1020 - SynTPLpr.exe

1040 - csrss.exe

1064 - winlogon.exe

1084 - agrsmmsg.exe

1108 - services.exe

1120 - lsass.exe

1156 - TvsTray.exe

1204 - SM1bg.exe

1216 - SynTPEnh.exe

1220 - svchost.exe

1288 - ati2evxx.exe

1300 - svchost.exe

1348 - NDSTray.exe

1416 - svchost.exe

1452 - svchost.exe

1488 - EvtEng.exe

1544 - S24EvMon.exe

1612 - PadExe.exe

1736 - EOUWiz.exe

1740 - CCAPP.EXE

1844 - svchost.exe

1904 - ZCfgSvc.exe

1912 - realplay.exe

1964 - svchost.exe

1984 - ati2evxx.exe

2160 - ctfmon.exe

2272 - CFSvcs.exe

2308 - msmsgs.exe

2392 - TosBtMng.exe

2672 - MDM.EXE

2908 - NPFMNTOR.EXE

3068 - NPROTECT.EXE

3264 - OProtSvc.exe

3544 - symlcsvc.exe

3568 - TAPPSRV.exe

3872 - alg.exe

3968 - explorer.exe

3976 - cmd.exe

 

Total number of processes = 48

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntoskrnl.exe

806EC000 - \WINDOWS\system32\hal.dll

F7B2E000 - \WINDOWS\system32\KDCOM.DLL

F7A3E000 - \WINDOWS\system32\BOOTVID.dll

F75E6000 - vax347b.sys

F75B8000 - ACPI.sys

F7B30000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F75A7000 - pci.sys

F762E000 - isapnp.sys

F763E000 - ohci1394.sys

F764E000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

F7A42000 - compbatt.sys

F7A46000 - \WINDOWS\system32\DRIVERS\BATTC.SYS

F7BF6000 - pciide.sys

F78AE000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7B32000 - intelide.sys

F7589000 - pcmcia.sys

F765E000 - MountMgr.sys

F756A000 - ftdisk.sys

F7B34000 - dmload.sys

F7544000 - dmio.sys

F7A4A000 - ACPIEC.sys

F7BF7000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

F78B6000 - PartMgr.sys

F766E000 - VolSnap.sys

F752C000 -

F7B36000 - vax347s.sys

F7514000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F767E000 - disk.sys

F768E000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F74F4000 - fltMgr.sys

F74E2000 - sr.sys

F74CD000 - drvmcdb.sys

F78BE000 - PxHelp20.sys

F74B6000 - KSecDD.sys

F7429000 - Ntfs.sys

F73FC000 - NDIS.sys

F73E1000 - Mup.sys

F781E000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F7B26000 - \SystemRoot\system32\DRIVERS\CmBatt.sys

F7290000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys

F727C000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F7245000 - \SystemRoot\system32\DRIVERS\yk51x86.sys

F797E000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F7222000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F7986000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F6F0F000 - \SystemRoot\system32\DRIVERS\w29n51.sys

F6EEB000 - \SystemRoot\system32\drivers\tifm21.sys

F6EDA000 - \SystemRoot\system32\DRIVERS\sdbus.sys

F6E9A000 - \SystemRoot\system32\drivers\smwdm.sys

F6E76000 - \SystemRoot\system32\drivers\portcls.sys

F782E000 - \SystemRoot\system32\drivers\drmk.sys

F6E53000 - \SystemRoot\system32\drivers\ks.sys

F6E33000 - \SystemRoot\system32\drivers\aeaudio.sys

F798E000 - \SystemRoot\system32\DRIVERS\Tvs.sys

F7996000 - \SystemRoot\system32\DRIVERS\wowxt_kern_i386.sys

F799E000 - \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys

F6CFC000 - \SystemRoot\system32\DRIVERS\AGRSM.sys

F79A6000 - \SystemRoot\System32\Drivers\Modem.SYS

F783E000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F79AE000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F6CCE000 - \SystemRoot\system32\DRIVERS\SynTP.sys

F7B54000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F79B6000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F6CBA000 - \SystemRoot\system32\DRIVERS\parport.sys

F784E000 - \SystemRoot\system32\DRIVERS\serial.sys

F73B9000 - \SystemRoot\system32\DRIVERS\serenum.sys

F785E000 - \SystemRoot\system32\DRIVERS\imapi.sys

F73B5000 - \SystemRoot\system32\drivers\pfc.sys

F7B56000 - \SystemRoot\system32\drivers\sscdbhk5.sys

F6CA9000 - \SystemRoot\System32\Drivers\Cdr4_xp.SYS

F786E000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F787E000 - \SystemRoot\system32\DRIVERS\redbook.sys

F79BE000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS

F79C6000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys

F6C6C000 - \SystemRoot\system32\DRIVERS\iwca.sys

F7D03000 - \SystemRoot\system32\DRIVERS\audstub.sys

F79CE000 - \SystemRoot\system32\DRIVERS\rasirda.sys

F79D6000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F788E000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F73A5000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F6C55000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F789E000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F76BE000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F6C1C000 - \SystemRoot\system32\DRIVERS\psched.sys

F76CE000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F79DE000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F79E6000 - \SystemRoot\system32\DRIVERS\raspti.sys

F6B8B000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F76DE000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7B58000 - \SystemRoot\system32\DRIVERS\swenum.sys

F6A92000 - \SystemRoot\system32\DRIVERS\update.sys

F7389000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F7B5A000 - \SystemRoot\system32\DRIVERS\NBSMI.sys

F76EE000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F771E000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7B5E000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7C8C000 - \SystemRoot\System32\Drivers\Null.SYS

F7B60000 - \SystemRoot\System32\Drivers\Beep.SYS

F7A0E000 - \SystemRoot\system32\drivers\ssrtln.sys

F7A16000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F7A1E000 - \SystemRoot\System32\drivers\vga.sys

F7B62000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7B64000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F29D8000 - \SystemRoot\System32\Drivers\meiudf.sys

F29C7000 - \SystemRoot\System32\Drivers\Udfs.SYS

F7A26000 - \SystemRoot\System32\Drivers\Msfs.SYS

F7A2E000 - \SystemRoot\System32\Drivers\Npfs.SYS

F7B1E000 - \SystemRoot\system32\DRIVERS\rasacd.sys

F29B4000 - \SystemRoot\system32\DRIVERS\ipsec.sys

F295C000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F291C000 - \SystemRoot\System32\Drivers\SYMTDI.SYS

F28D3000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F773E000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F28B6000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS

F288E000 - \SystemRoot\system32\DRIVERS\netbt.sys

F286C000 - \SystemRoot\System32\drivers\afd.sys

F774E000 - \SystemRoot\system32\DRIVERS\netbios.sys

F281A000 - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

F2807000 - \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS

F27DC000 - \SystemRoot\system32\DRIVERS\rdbss.sys

F276D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F775E000 - \SystemRoot\System32\Drivers\Fips.SYS

F2755000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F7B6C000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F6A72000 - \SystemRoot\System32\drivers\Dxapi.sys

F78EE000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

F7C90000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000 - \SystemRoot\System32\ati2dvag.dll

BFA0F000 - \SystemRoot\System32\ati2cqag.dll

BFA4C000 - \SystemRoot\System32\ati3duag.dll

BFC7F000 - \SystemRoot\System32\ativvaxx.dll

F777E000 - \SystemRoot\system32\drivers\drvnddm.sys

F7B7C000 - \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys

F7CF7000 - \SystemRoot\system32\dla\tfsndres.sys

B8F72000 - \SystemRoot\system32\dla\tfsnifs.sys

F7AEA000 - \SystemRoot\system32\dla\tfsnopio.sys

F7B7E000 - \SystemRoot\system32\dla\tfsnpool.sys

F78F6000 - \SystemRoot\system32\dla\tfsnboio.sys

F779E000 - \SystemRoot\system32\dla\tfsncofs.sys

F7CF9000 - \SystemRoot\system32\dla\tfsndrct.sys

B8F59000 - \SystemRoot\system32\dla\tfsnudf.sys

B8F40000 - \SystemRoot\system32\dla\tfsnudfa.sys

B8F98000 - \SystemRoot\system32\DRIVERS\AegisP.sys

B8E12000 - \SystemRoot\system32\DRIVERS\irda.sys

B8F94000 - \SystemRoot\system32\DRIVERS\s24trans.sys

B8E5C000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

B8E58000 - \SystemRoot\system32\DRIVERS\netdevio.sys

B8E48000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS

F7BBA000 - \SystemRoot\System32\Drivers\SYMDNS.SYS

F26B5000 - \SystemRoot\System32\Drivers\SYMNDIS.SYS

B8B19000 - \SystemRoot\System32\Drivers\SYMFW.SYS

F7916000 - \SystemRoot\System32\Drivers\SYMIDS.SYS

B8AEE000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080122.002\symidsco.sys

B8791000 - \SystemRoot\system32\drivers\wdmaud.sys

B891E000 - \SystemRoot\system32\drivers\sysaudio.sys

B857E000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F7BA0000 - \SystemRoot\System32\Drivers\ASCTRM.SYS

B80A4000 - \SystemRoot\system32\DRIVERS\srv.sys

B82EE000 - \SystemRoot\system32\DRIVERS\secdrv.sys

F7926000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys

B7BFA000 - \SystemRoot\System32\Drivers\Cdfs.SYS

B78A1000 - \SystemRoot\System32\Drivers\HTTP.sys

B7A5A000 - \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

B75CE000 - \SystemRoot\system32\drivers\kmixer.sys

B732B000 - \SystemRoot\System32\Drivers\Fastfat.SYS

F7D74000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 169

 

Liste des programmes installes

 

¾©Áú¿Æ¼¼-Grand Theft Auto: Vice City

µTorrent

ACDSee 6.0 PowerPack

Adobe Acrobat 5.0

Adobe Reader 6.0.1

AOL You've Got Pictures Screensaver

AT&T Connection Services Manager

ATI Control Panel

ATI Display Driver

AutoCAD 2006 - English

Avira AntiVir PersonalEdition Classic

BearShare

Block Manager

Bluetooth Stack for Windows by Toshiba

ccCommon

CD/DVD Drive Acoustic Silencer

CDex extraction audio

Civilization III

Colin McRae Rally 2

Copernic Agent Basic

Cypress USB Mass Storage Driver Installation

Desert Storm

Disc2Phone

DVD-RAM Driver

DVD Shrink 3.2

ECHO is off.

Encyclopédie Microsoft Encarta 99

Hard Disk Recovery Utilities

HijackThis 1.99.1

Hotfix for Windows XP (KB915865)

Intel® PROSet/Wireless Software

Internet Worm Protection

InterVideo WinDVD for TOSHIBA

iPod for Windows 2005-06-26

iPod for Windows 2005-06-26

iTunes

iTunes

J2SE Runtime Environment 5.0

Learn2 Player (Uninstall Only)

LiveReg (Symantec Corporation)

LiveUpdate 3.0 (Symantec Corporation)

MATLAB Family of Products Release 14

mCore

mDrWiFi

Medal of Honor Allied Assault

Medal of Honor Allied Assault Spearhead

mEoU.msi

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Works

mIWA

mIWCA

mLogView

mMHouse

mPfMgr

mPfWiz

mProSafe

MSRedist

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

mWlsSafe

mXML

mZConfig

Napster

Nero 6 Ultra Edition

Norton AntiVirus 2005

Norton AntiVirus Parent MSI

Norton SystemWorks

Norton SystemWorks 2005

Norton SystemWorks 2005 (Symantec Corporation)

Norton Utilities

Norton WMI Update

NSW_DRM_COLLECTION

PCFriendly

Pipe Flow Expert v1.09

PowerDVD

Prevx CSI Plus

QuickTime

RealPlayer Basic

Roxio Burn Engine

SD Secure Module

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

SMSC IrCC V5.1.3600.5 SP2

Sonic DLA

Sonic RecordNow!

SoundMAX

SPBBC

Symantec Network Drivers Update

Symantec Script Blocking Installer

SymNet

Synaptics Pointing Device Driver

Tactical Ops 2

Texas Instruments PCIxx21/x515 drivers.

TIxx21/x515

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Hotkey Utility

TOSHIBA Mobile Extension 3

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

Toshiba Registration

TOSHIBA SD Memory Card Format

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

Toshiba Tbiosdrv Driver

TOSHIBA TouchPad ON/Off Utility

TOSHIBA Utilities

TOSHIBA Virtual Sound

TOSHIBA Zooming Utility

Touch and Launch

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

USB Storage Adapter FX (SM1)

Viewpoint Media Player

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884018

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

WinRAR archiver

 

 

 

Volume in drive C is SQ003558

Volume Serial Number is B4BD-A73C

 

Directory of C:\Program Files

 

01/30/2008 02:55 PM <DIR> .

01/30/2008 02:55 PM <DIR> ..

10/22/2005 10:04 AM <DIR> ACD Systems

10/22/2005 10:13 AM <DIR> Adobe

10/22/2005 10:40 AM <DIR> Ahead

01/13/2006 01:21 PM <DIR> Alcohol Soft

12/31/2004 06:40 AM <DIR> Analog Devices

10/22/2005 10:27 AM <DIR> AnswerWorks 4.0

01/05/2005 09:55 PM <DIR> AT&T

03/09/2005 03:25 AM <DIR> ATI Technologies

12/02/2007 09:59 PM <DIR> AutoCAD 2006

07/19/2006 11:50 PM <DIR> AutoCAD R14

12/02/2007 11:09 AM <DIR> Autodesk Drawing Explorer

01/30/2008 10:14 AM <DIR> Avira

04/23/2007 05:15 PM <DIR> BearShare

01/28/2008 11:09 AM <DIR> CDex_170b2

01/24/2008 01:38 PM <DIR> Codemasters

01/30/2008 02:55 PM <DIR> Common Files

12/31/2004 03:50 AM <DIR> ComPlus Applications

11/21/2005 09:27 PM <DIR> Copernic Agent

10/22/2005 10:45 AM <DIR> CyberLink

12/31/2004 07:25 AM <DIR> DataLode

01/26/2007 10:14 AM <DIR> Disc2Phone

11/20/2005 06:41 PM <DIR> DVD Region-Free

01/28/2008 03:17 PM <DIR> DVD Shrink

03/17/2005 12:05 PM <DIR> DVDIdle Pro

12/31/2004 06:58 AM <DIR> DVD-RAM

10/29/2005 11:10 AM <DIR> EA GAMES

01/13/2006 02:07 PM <DIR> Firaxis Games

01/06/2005 06:14 AM <DIR> Google

01/30/2008 09:17 AM <DIR> Greatis

01/30/2008 01:30 PM <DIR> HijackThis

01/14/2006 03:07 PM <DIR> Infogrames Interactive

10/21/2005 05:36 PM <DIR> Intel

01/29/2008 06:30 PM <DIR> Internet Explorer

03/09/2005 03:27 AM <DIR> InterVideo

10/22/2005 06:39 PM <DIR> iPod

10/22/2005 06:40 PM <DIR> iTunes

01/22/2005 09:34 PM <DIR> Java

01/05/2005 09:52 PM <DIR> Learn2.com

12/31/2004 06:54 AM <DIR> ltmoh

10/31/2005 12:42 PM <DIR> Messenger

10/22/2005 09:38 AM <DIR> Microsoft ActiveSync

12/31/2004 03:54 AM <DIR> microsoft frontpage

10/22/2005 10:27 AM <DIR> Microsoft Office

10/26/2005 07:00 PM <DIR> Microsoft Référence

10/22/2005 09:37 AM <DIR> Microsoft Visual Studio

03/09/2005 03:28 AM <DIR> Microsoft Works

10/22/2005 09:36 AM <DIR> Microsoft.NET

12/31/2004 03:51 AM <DIR> Movie Maker

12/31/2004 03:49 AM <DIR> MSN

12/31/2004 03:50 AM <DIR> MSN Gaming Zone

12/02/2006 08:02 AM <DIR> MSXML 4.0

10/22/2005 11:34 AM <DIR> Napster

12/31/2004 03:51 AM <DIR> NetMeeting

10/22/2005 09:47 AM <DIR> Norton AntiVirus

01/28/2008 12:11 PM <DIR> Norton SystemWorks

12/31/2004 03:52 AM <DIR> Online Services

07/18/2007 07:30 AM <DIR> Outlook Express

06/01/2007 12:15 PM <DIR> PCFriendly

10/07/2007 03:01 PM <DIR> Pipe Flow Expert

01/30/2008 12:33 PM <DIR> PrevxCSI

10/22/2005 09:33 AM <DIR> Pure Networks

10/22/2005 06:41 PM <DIR> QuickTime

01/05/2005 09:51 PM <DIR> Real

02/25/2006 05:03 AM <DIR> SCi

03/14/2005 11:10 PM <DIR> SlySoft

12/31/2004 07:45 AM <DIR> Sonic

01/29/2008 05:13 PM <DIR> Symantec

11/25/2005 04:12 PM <DIR> SymNetDrv

12/31/2004 06:53 AM <DIR> Synaptics

01/22/2005 11:34 PM <DIR> TOSHIBA

11/24/2005 09:08 PM <DIR> Ubisoft

01/30/2008 02:49 PM <DIR> UnHackMe

07/13/2007 01:21 PM <DIR> uTorrent

01/05/2005 09:52 PM <DIR> Viewpoint

02/10/2006 06:59 AM <DIR> Windows Media Player

12/31/2004 03:50 AM <DIR> Windows NT

12/01/2007 01:26 PM <DIR> WinRAR

12/31/2004 03:54 AM <DIR> xerox

0 File(s) 0 bytes

80 Dir(s) 4,992,507,904 bytes free

Volume in drive C is SQ003558

Volume Serial Number is B4BD-A73C

 

Directory of C:\Program Files\common files

 

01/30/2008 02:55 PM <DIR> .

01/30/2008 02:55 PM <DIR> ..

09/10/2007 01:05 PM <DIR> ACD Systems

10/22/2005 11:32 AM <DIR> Adobe

10/22/2005 10:40 AM <DIR> Ahead

10/22/2005 09:23 AM <DIR> AOL

01/13/2006 02:06 PM <DIR> Autodesk Shared

10/29/2005 08:58 AM <DIR> Copernic

10/22/2005 09:37 AM <DIR> DESIGNER

12/31/2004 06:53 AM <DIR> InstallShield

01/22/2005 09:34 PM <DIR> Java

10/22/2005 09:39 AM <DIR> L&H

10/26/2005 07:00 PM <DIR> Microsoft Shared

12/31/2004 03:51 AM <DIR> MSSoap

01/05/2005 09:51 PM <DIR> Nullsoft

12/30/2004 07:44 PM <DIR> ODBC

01/05/2005 09:51 PM <DIR> Real

12/31/2004 07:43 AM <DIR> Roxio Shared

12/31/2004 03:51 AM <DIR> Services

08/28/2003 12:19 AM 36,963 SM1updtr.dll

12/30/2004 07:44 PM <DIR> SpeechEngines

01/29/2008 06:30 PM <DIR> Symantec Shared

07/18/2007 07:30 AM <DIR> System

1 File(s) 36,963 bytes

22 Dir(s) 4,992,507,904 bytes free

Volume in drive C is SQ003558

Volume Serial Number is B4BD-A73C

 

Directory of C:\

 

12/21/2002 10:00 AM 53,248 gendel32.exe

1 File(s) 53,248 bytes

0 Dir(s) 4,992,507,904 bytes free

 

 

Attention : C:\autorun.inf existe

 

 

c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}\KK.exe

c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}\KK.exe

c:\Documents and Settings\Sami Chacar\Application Data\Microsoft\Installer\{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}\KK.exe

c:\Documents and Settings\Sami Chacar\Desktop\blockman.exe

c:\Documents and Settings\Sami Chacar\Desktop\TPW.EXE

c:\Documents and Settings\Sami Chacar\Desktop\uTorrent-1.6.1-install.exe

c:\Documents and Settings\Sami Chacar\Desktop\bearshare\BSPROINSTALL.exe

c:\Documents and Settings\Sami Chacar\Desktop\bearshare\crack\BearShare.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\catchme.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\diff.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\dumphive.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\find2.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\Fport.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\grep.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\gzip.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\LFiles.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\md5sums.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\pslist.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\sigcheck.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\streams.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\swreg.exe

c:\Documents and Settings\Sami Chacar\Desktop\DiagHelp\DiagHelp\tar.exe

c:\Documents and Settings\Sami Chacar\Desktop\DVD Region-Free\DVDRegionFree.exe

c:\Documents and Settings\Sami Chacar\Desktop\DVD Region-Free\patch_dvd_region.exe

c:\Documents and Settings\Sami Chacar\Desktop\DVD Region-Free\unins000.exe

c:\Documents and Settings\Sami Chacar\Desktop\pipe flowv1.09 unit convert\convert units\Convert.exe

c:\Documents and Settings\Sami Chacar\Desktop\pipe flowv1.09 unit convert\Pipe_Flow_Expert_v1.09\crack\keygen.exe

c:\Documents and Settings\Sami Chacar\Desktop\pipe flowv1.09 unit convert\Pipe_Flow_Expert_v1.09\setup\version1.09\PipeFlowExpertSetup.exe

c:\Documents and Settings\Sami Chacar\Desktop\programs\ComboFix.exe

c:\Documents and Settings\Sami Chacar\Desktop\programs\Flash_Disinfector.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\Autorun.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\Civilization3.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\opengl95.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\Setup.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\crack\Civilization3.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\DirectX\dxsetup.exe

c:\Documents and Settings\Sami Chacar\Desktop\Sid Meier's Civilization III\Manual\ar500enu.exe

c:\Documents and Settings\Sami Chacar\Local Settings\Temp\nircmd.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\flash32.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\FlashPla.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\intro.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Acrobat\Acrobat.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Acrobat\Capture\Capserve.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Acrobat\plug_ins\OpenAll\Transform\OpenAll.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Catalog\acrocat.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Distillr\AcroDist.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Distillr\AcroTray.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\ESIB\1 AGC\ecologie\ENVIRONNEMT\finalcd\Acrobat 4.0\Registration\AdobeReg32.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\Library Autocad\New Folder\16_dwg_details.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\Library Autocad\New Folder\3DPipe.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\Library Autocad\New Folder\DE1.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\autorun.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\Crack\moh_spearhead.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\eReg\go_ez.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\eReg\Medal of Honor Allied Assault Spearhead_Code.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\eReg\Medal of Honor Allied Assault Spearhead_eReg.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\eReg\Medal of Honor Allied Assault Spearhead_EZ.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\eReg\Medal of Honor Allied Assault Spearhead_uninst.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\patch\patch111v9safedisk.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\redist\gamespy\ArcadeInstallMOHAAS11c.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\mohaas\setup\Setup.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\cdex_170b2_enu.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\ComboFix.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\copernicagentbasicfr.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\DVDIdlePro59.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\dvdshrink32setup.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\EasyDVDClone.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\Flash_Disinfector.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\hijackthis_sfx.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\PREVXCSIFREE.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\RivaFLVPlayerSetup.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\SetupAnyDVD5511.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\setup.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\ACTODAYMGR.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\AUTORUN.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\AUTOCAD 2000 UPDATE\PLOTUPDATE2.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\BUZZSAW\PLANS & SPEC DRIVERS\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\MIGRATE\HARVESTER.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\MIGRATE\SERHARV.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\MSI\INSTMSI.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\MSI\INSTMSIW.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\NETSETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\ADSKFLEX.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\LMGRD.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\LMTOOLS.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\LMUTIL.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\SAMREPORT-LITE\JRE1_2_2_007-WIN-I.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\SAMREPORT-LITE\JRE1_2_2-001-WIN.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\NETSETUP\SUPPORT\ADLM\SAMREPORT-LITE\SAMREPORT.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\AXDIST.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\DCOM95.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\HHUPD.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\MDAC_TYP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\AW\_ISDEL.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\AW\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\MSIE\DCOM95.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\MSIE\IE501DOM.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\MSIE\IE5COMP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\MSIE\IE5SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\MSIE\OAINST.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\NM\NM30.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\SUPPORT\WS2\W95WS2SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\VVE\_ISDEL.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\VVE\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\XML\MSXML3.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\AUTOCAD2002 (E)\XML\XMLINST.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\autocad2002\uninstall\uninstall.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\bearshare\wrar361.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\MSNFix\MSNFix\msnchk.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\MSNFix\MSNFix\incl\MD5File.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\MSNFix\MSNFix\incl\msnchk.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\MSNFix\MSNFix\incl\Process.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\MSNFix\MSNFix\incl\swreg.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\MSNFix\MSNFix\incl\zip.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\_ISDEL.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\AUTORUN.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\ASICFG.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\ASIDB3.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\ASIODBC.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\ASIORA7.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\MTSTACK.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\DRV\NTLOCK\SETUPX86.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\DRV\W95LOCK\SENTSTRT.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\DRV\W95LOCK\SENTW95.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\HELP\QTOUR.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\HELP\WNEW.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\HPMPLOT.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\L_ACLA.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\MC.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\SHSBSPAT.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\SLIDELIB.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\EBATCHP\EBATCHP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\ACAD\SUPPORT\EBATCHP\EBPH.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\DATA\WINT351.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\DATA\WINTDIST.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\NETSETUP\_ISDEL.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\NETSETUP\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\NETSETUP\DATA\WIN95\AD_ELMD.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\NETSETUP\DATA\WINNT\AD_ELMD.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\ACAD14\SYSTEM\MTSTACK.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Maple V\BIN.WIN\dosmaple.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Maple V\BIN.WIN\maple.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Maple V\BIN.WIN\MARCH.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Maple V\BIN.WIN\MINT.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Maple V\BIN.WIN\UPDTSRC.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Matlab\AUTORUN.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Matlab\SETUP.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Matlab\UNINST.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\Matlab\GHOSTSCRIPT\BIN\GS.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\T-Pascal\INSTALL.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\T-Pascal\TPREM.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\prog sup n\T-Pascal\UNPAK.EXE

c:\Documents and Settings\Sami Chacar\My Documents\documents\programs & setups\regressinew\Regressi.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\topographie\New Folder\basic.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\topographie\New Folder\Osw.exe

c:\Documents and Settings\Sami Chacar\My Documents\documents\topographie\New Folder\tableaux_2000.exe

c:\Documents and Settings\Sami Chacar\My Documents\RegRun2\Files\explorer.exe

c:\Documents and Settings\Sami Chacar\My Documents\RegRun2\Files\NTOSKRNL.EXE

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomLoader\zylom\Zuma\Zuma.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_TOSHIBA-USER.tar.gz a l'adresse http://upload.malekal.com

 

 

 

 

 

et celui de hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 3:39:10 PM, on 1/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe

C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S

O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\matlab\webserver\bin\win32\matlabserver.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: TME3SRV - IEC - C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe

 

 

merci

[Gof]

Re

 

Bien, l'outil a bien travaillé. On va nettoyer les traces restantes.

 

Télécharge CFScript.txt et enregistre le sur ton bureau.

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
   
  
  
• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  
• Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

Désinstalle via ton Panneau de configuration>Ajout/Suppression de programmes :

• Adobe Reader 6.0.1
  J2SE Runtime Environment 5.0
  

Ce sont des versions obsolètes qui introduisent des vulnérabilités. Rends toi sur les liens suivants afin de télécharger des versions à jour :

http://www.adobe.com/fr/products/acrobat/readstep2.html
http://www.java.com/fr/download/index.jsp