|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour à tous,
J'ai un très gros problème : il y a deux jours mon antispyware s'est désinstallé tout seul, je le réinstalle et là impossible de l'ouvrir et de charger ses services! Un message d'erreur se lance à la place :
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe n'est pas une application Win32 valide.
De plus mon antivirus (norton) ne peut plus lancer ses services non plus ! Mon pc est donc sans défense. J'ai lut sur le net qu'un trojan est à l'origine de ce problème, ceci est vrai puisque en fesant un scan en ligne je voit que mon pc est infecté par plusieurs trojans 
Enfin, je ne peut pas démarrer mon pc en mode sans échec car celui-ci redémarre à l'infini lors de cette manipulation  Pouvez-vous m'aider svp ?
Merci d'avance.
-->Message édité par non phixion le 23/01/2008 12:44:25<--
|
|
|
|
|
Télécharge ELIBAGLA en bas de cette page: ==> http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Lance le en double cliquant dessus.
Assure toi que le bouton " Eliminar Ficheros Automaticamente " soit coché.
Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
Clique sur le bouton Explorar.
à la fin poste le rapport C:\infoSat.txt
*******************
Télécharge Combofix sUBs :
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Tuto : http://bibou0007.forumpro.fr/tutos-f45/combofix-t121.htm
Copie/colle un nouveau rapport HiJackThis avec.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
*********************
# Télécharge HijackThis v2.0.2
# ==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu dans ton prochain message.
|
|
|
|
|
Merci pour ta réponse, voici le rapport avec ELIBAGLA :
Sun Jan 20 16:53:47 2008
EliBagle v10.89 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Sun Jan 20 16:55:06 2008
EliBagle v10.89 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\14475750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14483062.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\27892859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\27903437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\48546.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\48843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\48859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\50171.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\51703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\54187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\55859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\61625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\61703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\64703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\66203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\67046.EXE --> Eliminado Bagle
Nº Total de Directorios: 15705
Nº Total de Ficheros: 167178
Nº de Ficheros Analizados: 14205
Nº de Ficheros Infectados: 17
Nº de Ficheros Limpiados: 16
|
|
|
|
|
Et voila le rapport de combofix sUBs :
ComboFix 08-01-20.1 - Arthur 2008-01-20 17:03:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1428 [GMT 1:00]
Running from: C:\Documents and Settings\Arthur\Bureau\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arthur\Application Data\FunWebProducts
C:\Documents and Settings\Nicolas Fran‡oise\Menu D‚marrer\Programmes\InternetGameBox
C:\Documents and Settings\Nicolas Fran‡oise\Mes documents\DOBE~1
C:\Documents and Settings\Nicolas Fran‡oise\Mes documents\SSTEM3~1
C:\Documents and Settings\Nicolas Fran‡oise\Mes documents\WNSXS~1
C:\Documents and Settings\Nicolas Fran‡oise\new.txt
C:\Documents and Settings\Nicolas Françoise\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\Nicolas Françoise\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\Nicolas Françoise\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Nicolas Françoise\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Program Files\crosof~1.net
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\bdir
C:\WINDOWS\icroso~1
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\abeorbeilv.dat
C:\WINDOWS\system32\abeorbeilv_nav.dat
C:\WINDOWS\system32\abeorbeilv_navps.dat
C:\WINDOWS\system32\bnzgsnzgsh.dat
C:\WINDOWS\system32\bnzgsnzgsh_nav.dat
C:\WINDOWS\system32\bnzgsnzgsh_navps.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\?racle\
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\vfuipo.dat
C:\WINDOWS\system32\vfuipo_nav.dat
C:\WINDOWS\system32\vfuipo_navps.dat
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wnsintisv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\nm
-------\srosa
((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
.
2008-01-20 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 15:59 . 2008-01-20 15:59 <REP> d-------- C:\Program Files\inKline Global
2008-01-20 15:58 . 2008-01-20 15:58 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2008-01-20 03:04 . 2008-01-20 03:04 <REP> d-------- C:\Program Files\Uniblue
2008-01-20 03:04 . 2008-01-20 03:04 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\Uniblue
2008-01-20 02:51 . 2008-01-20 02:51 <REP> d-------- C:\Program Files\Panda Security
2008-01-20 02:06 . 2008-01-20 02:06 <REP> d-------- C:\Kaspersky
2008-01-20 01:22 . 2008-01-20 01:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 00:12 . 2008-01-20 00:12 <REP> d-------- C:\Program Files\xp-AntiSpy
2008-01-19 21:33 . 2008-01-19 21:33 1,480 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-19 21:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-19 21:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-19 21:32 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-19 21:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-19 21:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-19 21:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-18 19:05 . 2008-01-18 19:08 <REP> d-------- C:\WINDOWS\avxoscan
2008-01-17 21:21 . 2008-01-19 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-17 21:16 . 2008-01-17 21:16 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 19:54 . 2008-01-20 15:26 70,660 --------- C:\WINDOWS\system32\mdelk.exe
2008-01-17 19:52 . 2008-01-20 17:01 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-01-17 19:35 . 2008-01-17 19:48 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\flightgear.org
2008-01-13 00:25 . 2008-01-17 13:25 88 -r-hs---- C:\WINDOWS\system32\FA163F3569.sys
2008-01-13 00:18 . 2008-01-13 00:22 <REP> d-------- C:\Program Files\Corel
2008-01-13 00:18 . 2008-01-13 00:18 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\InstallShield
2008-01-13 00:18 . 2008-01-13 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-01-12 16:10 . 2008-01-12 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-12 16:03 . 2008-01-12 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia Shared
2008-01-09 21:06 . 2008-01-09 21:10 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\U3
2008-01-09 17:39 . 2008-01-09 17:39 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-09 17:02 . 2008-01-09 17:02 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-09 17:02 . 2008-01-09 17:02 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-08 14:06 . <REP> C:\Documents and Settings\Nicolas Françoise\Application Data\Talkback
2008-01-06 18:31 . 2008-01-06 18:32 <REP> d-------- C:\Program Files\TVAnts
2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 22:59 . 2008-01-04 22:59 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 22:56 . 2008-01-04 22:56 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-01-04 22:56 . 2008-01-04 22:56 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Rhyme & Verse Demo
2008-01-02 15:20 . 2008-01-02 15:20 <REP> d-------- C:\Program Files\NewR&V
2008-01-01 21:03 . <REP> C:\Documents and Settings\Hélène\Application Data\VMNTOOLBAR
2007-12-31 11:54 . 2007-12-31 11:54 <REP> d-------- C:\Program Files\CpuIdle
2007-12-31 00:15 . 2007-12-31 00:15 4,484 --a------ C:\WINDOWS\system32\drivers\cpuidlep.sys
2007-12-30 10:48 . 2007-12-30 10:48 <REP> d-------- C:\Program Files\Lavalys
2007-12-29 23:50 . 2007-12-29 23:50 <REP> d-------- C:\Program Files\MRU-Blaster
2007-12-29 21:50 . 2007-12-29 21:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-29 21:19 . 2007-12-29 21:19 <REP> d-------- C:\Program Files\Microsoft Bootvis
2007-12-29 21:19 . 2007-12-29 21:19 0 --a------ C:\Documents and Settings\Arthur\TRACE_BOOT+DRIVERS_1_1.BIN
2007-12-23 21:46 . <REP> C:\Documents and Settings\Nicolas Françoise\Application Data\VMNTOOLBAR
2007-12-22 14:33 . 2007-12-22 14:33 <REP> d-------- C:\Game
2007-12-21 20:40 . 2008-01-19 13:14 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-21 20:40 . 2008-01-19 13:15 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\FileZilla
2007-12-21 19:27 . 2007-12-21 19:27 366 --a------ C:\WINDOWS\Raccourci vers WINDOWS.lnk
2007-12-20 19:06 . 2008-01-12 12:34 <REP> d-------- C:\Program Files\Visicom Media
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 15:04 --------- d-----w C:\Program Files\eMule
2008-01-20 14:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 14:26 --------- d-----w C:\Program Files\Wanadoo
2008-01-19 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-18 22:25 4,442 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-18 17:59 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-18 17:29 --------- d-----w C:\Program Files\Lavasoft
2008-01-18 17:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-17 10:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 20:15 --------- d-----w C:\Program Files\Dofus
2008-01-14 14:04 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\U3
2008-01-12 23:25 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Corel
2008-01-12 23:23 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-01-12 15:01 --------- d-----w C:\Program Files\Macromedia
2008-01-10 17:35 --------- d-----w C:\Program Files\DivX
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-02 15:51 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Apple Computer
2008-01-01 20:01 --------- d-----w C:\Documents and Settings\Hélène\Application Data\Adobe
2008-01-01 16:55 --------- d-----w C:\Documents and Settings\Arthur\Application Data\SopCast
2007-12-30 23:23 --------- d-----w C:\Program Files\QuickTime
2007-12-27 12:52 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\Adobe
2007-12-26 15:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-19 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cast ping base frag
2007-12-19 15:18 --------- d-----w C:\Documents and Settings\Arthur\Application Data\ma-config.com
2007-12-19 15:17 --------- d-----w C:\Program Files\ma-config.com
2007-12-19 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-18 20:07 --------- d-----w C:\Program Files\MessengerAirLive
2007-12-18 19:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-13 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-12 11:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 11:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-11 17:52 --------- d-----w C:\Program Files\Windows Live
2007-12-11 17:45 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-11 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 14:32 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\Sports Interactive
2007-12-10 15:02 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\DivX
2007-12-09 16:53 --------- d-----w C:\Program Files\LiknoWebButtonMaker
2007-12-08 21:19 --------- d-----w C:\Documents and Settings\Arthur\Application Data\DivX
2007-12-04 14:32 --------- d-----w C:\Program Files\Object Software (Beijing) Co., Ltd
2007-12-01 10:34 --------- d-----w C:\Program Files\Google
2007-12-01 08:19 --------- d-----w C:\Program Files\CyberLink
2007-12-01 08:14 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\ArcSoft
2007-11-30 16:08 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\Ulead Systems
2007-11-30 16:06 --------- d-----w C:\Program Files\Digital Camera
2007-11-30 16:04 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-11-30 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-28 20:12 --------- d-----w C:\Program Files\SopCast
2007-11-28 18:05 --------- d-----w C:\Program Files\FM Modifier 2.2
2007-11-22 18:06 --------- d-----w C:\Program Files\Lingoes
2007-11-19 18:55 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-26 19:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-03-05 19:17 357 ----a-w C:\Documents and Settings\Arthur\.cb_layout.bin
2007-02-12 19:17 87,608 ----a-w C:\Documents and Settings\Arthur\Application Data\ezpinst.exe
2007-02-12 19:17 47,360 ----a-w C:\Documents and Settings\Arthur\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"strkjhk"="C:\WINDOWS\bdir\sdflkj4.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-20 17:04 1460560]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 20:43 7630848]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2008-01-20 17:04 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bootvis.lnk
backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Base frag grid bows]
C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Film Fast.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]
--a------ 2007-07-15 07:25 1335296 C:\Program Files\Lingoes\Translator\Lingoes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgairlive]
--a------ 2007-07-21 07:56 2265088 C:\Program Files\MessengerAirLive\msgairlive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-20 17:04 73728 C:\Program Files\NavNT\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-03 08:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-12-31 00:15]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 23:17]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-05-04 09:00]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-29 06:23:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:07:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
-> C:\Program Files\Unlocker\UnlockerCOM.dll
.
Completion time: 2008-01-20 17:09:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-20 16:09:17
.
2008-01-09 16:40:34 --- E O F ---
|
|
|
|
|
Et enfin le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:10, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2852089733-1704186777-3546183761-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm076YYFR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 11150 bytes
|
|
|
|
|
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\FA163F3569.sys
C:\WINDOWS\imsins.BAK
C:\WINDOWS\bdir\sdflkj4.exe
Regedit ::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sdflkj4.exe"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
|
|
|
|
|
|
Ok merci de ta réponse je vais faire sa tout de suite !
|
|
|
|
|
Mon pc n'a pas redémarrer par contre la première fois si ! Voici le rapport combofix :
ComboFix 08-01-20.1 - Arthur 2008-01-20 17:47:39.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1532 [GMT 1:00]
Running from: C:\Documents and Settings\Arthur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arthur\Bureau\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\bdir\sdflkj4.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\FA163F3569.sys
C:\WINDOWS\system32\mdelk.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\FA163F3569.sys
C:\WINDOWS\system32\mdelk.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
.
2008-01-20 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 15:59 . 2008-01-20 15:59 <REP> d-------- C:\Program Files\inKline Global
2008-01-20 15:58 . 2008-01-20 15:58 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2008-01-20 03:04 . 2008-01-20 03:04 <REP> d-------- C:\Program Files\Uniblue
2008-01-20 03:04 . 2008-01-20 03:04 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\Uniblue
2008-01-20 02:51 . 2008-01-20 02:51 <REP> d-------- C:\Program Files\Panda Security
2008-01-20 02:06 . 2008-01-20 02:06 <REP> d-------- C:\Kaspersky
2008-01-20 01:22 . 2008-01-20 01:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 00:12 . 2008-01-20 00:12 <REP> d-------- C:\Program Files\xp-AntiSpy
2008-01-19 21:33 . 2008-01-19 21:33 1,480 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-19 21:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-19 21:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-19 21:32 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-19 21:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-19 21:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-19 21:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-18 19:05 . 2008-01-18 19:08 <REP> d-------- C:\WINDOWS\avxoscan
2008-01-17 21:21 . 2008-01-19 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-17 21:16 . 2008-01-17 21:16 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 19:52 . 2008-01-20 17:01 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-01-17 19:35 . 2008-01-17 19:48 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\flightgear.org
2008-01-13 00:18 . 2008-01-13 00:22 <REP> d-------- C:\Program Files\Corel
2008-01-13 00:18 . 2008-01-13 00:18 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\InstallShield
2008-01-13 00:18 . 2008-01-13 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-01-12 16:10 . 2008-01-12 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-12 16:03 . 2008-01-12 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia Shared
2008-01-09 21:06 . 2008-01-09 21:10 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\U3
2008-01-09 17:02 . 2008-01-09 17:02 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-09 17:02 . 2008-01-09 17:02 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-08 14:06 . <REP> C:\Documents and Settings\Nicolas Françoise\Application Data\Talkback
2008-01-06 18:31 . 2008-01-06 18:32 <REP> d-------- C:\Program Files\TVAnts
2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 22:59 . 2008-01-04 22:59 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 22:56 . 2008-01-04 22:56 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-01-04 22:56 . 2008-01-04 22:56 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Rhyme & Verse Demo
2008-01-02 15:20 . 2008-01-02 15:20 <REP> d-------- C:\Program Files\NewR&V
2008-01-01 21:03 . <REP> C:\Documents and Settings\Hélène\Application Data\VMNTOOLBAR
2007-12-31 11:54 . 2007-12-31 11:54 <REP> d-------- C:\Program Files\CpuIdle
2007-12-31 00:15 . 2007-12-31 00:15 4,484 --a------ C:\WINDOWS\system32\drivers\cpuidlep.sys
2007-12-30 10:48 . 2007-12-30 10:48 <REP> d-------- C:\Program Files\Lavalys
2007-12-29 23:50 . 2007-12-29 23:50 <REP> d-------- C:\Program Files\MRU-Blaster
2007-12-29 21:50 . 2007-12-29 21:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-29 21:19 . 2007-12-29 21:19 <REP> d-------- C:\Program Files\Microsoft Bootvis
2007-12-29 21:19 . 2007-12-29 21:19 0 --a------ C:\Documents and Settings\Arthur\TRACE_BOOT+DRIVERS_1_1.BIN
2007-12-23 21:46 . <REP> C:\Documents and Settings\Nicolas Françoise\Application Data\VMNTOOLBAR
2007-12-22 14:33 . 2007-12-22 14:33 <REP> d-------- C:\Game
2007-12-21 20:40 . 2008-01-19 13:14 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-21 20:40 . 2008-01-19 13:15 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\FileZilla
2007-12-21 19:27 . 2007-12-21 19:27 366 --a------ C:\WINDOWS\Raccourci vers WINDOWS.lnk
2007-12-20 19:06 . 2008-01-12 12:34 <REP> d-------- C:\Program Files\Visicom Media
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 16:09 --------- d-----w C:\Program Files\Wanadoo
2008-01-20 15:04 --------- d-----w C:\Program Files\eMule
2008-01-20 14:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-18 22:25 4,442 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-18 17:59 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-18 17:29 --------- d-----w C:\Program Files\Lavasoft
2008-01-18 17:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-17 10:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 20:15 --------- d-----w C:\Program Files\Dofus
2008-01-14 14:04 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\U3
2008-01-12 23:25 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Corel
2008-01-12 23:23 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-01-12 15:01 --------- d-----w C:\Program Files\Macromedia
2008-01-10 17:35 --------- d-----w C:\Program Files\DivX
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-02 15:51 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Apple Computer
2008-01-01 20:01 --------- d-----w C:\Documents and Settings\Hélène\Application Data\Adobe
2008-01-01 16:55 --------- d-----w C:\Documents and Settings\Arthur\Application Data\SopCast
2007-12-30 23:23 --------- d-----w C:\Program Files\QuickTime
2007-12-27 12:52 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\Adobe
2007-12-26 15:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-19 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cast ping base frag
2007-12-19 15:18 --------- d-----w C:\Documents and Settings\Arthur\Application Data\ma-config.com
2007-12-19 15:17 --------- d-----w C:\Program Files\ma-config.com
2007-12-19 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-18 20:07 --------- d-----w C:\Program Files\MessengerAirLive
2007-12-18 19:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-13 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-12 11:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 11:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-11 17:52 --------- d-----w C:\Program Files\Windows Live
2007-12-11 17:45 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-11 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 14:32 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\Sports Interactive
2007-12-10 15:02 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\DivX
2007-12-09 16:53 --------- d-----w C:\Program Files\LiknoWebButtonMaker
2007-12-08 21:19 --------- d-----w C:\Documents and Settings\Arthur\Application Data\DivX
2007-12-04 14:32 --------- d-----w C:\Program Files\Object Software (Beijing) Co., Ltd
2007-12-01 10:34 --------- d-----w C:\Program Files\Google
2007-12-01 08:19 --------- d-----w C:\Program Files\CyberLink
2007-12-01 08:14 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\ArcSoft
2007-11-30 16:08 --------- d-----w C:\Documents and Settings\Nicolas Françoise\Application Data\Ulead Systems
2007-11-30 16:06 --------- d-----w C:\Program Files\Digital Camera
2007-11-30 16:04 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-11-30 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-28 20:12 --------- d-----w C:\Program Files\SopCast
2007-11-28 18:05 --------- d-----w C:\Program Files\FM Modifier 2.2
2007-11-22 18:06 --------- d-----w C:\Program Files\Lingoes
2007-11-19 18:55 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-26 19:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-03-05 19:17 357 ----a-w C:\Documents and Settings\Arthur\.cb_layout.bin
2007-02-12 19:17 87,608 ----a-w C:\Documents and Settings\Arthur\Application Data\ezpinst.exe
2007-02-12 19:17 47,360 ----a-w C:\Documents and Settings\Arthur\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-01-20_17.09.08.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 16:03:20 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-20 16:47:36 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 16:03:20 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-20 16:47:36 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 16:03:20 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-20 16:47:36 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-20 16:03:20 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-20 16:47:36 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-20 16:03:20 11,436,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-20 16:47:36 11,436,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-20 16:03:20 274,432 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-20 16:47:36 274,432 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-20 16:03:20 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\NTUSER.DAT
+ 2008-01-20 16:47:36 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\NTUSER.DAT
- 2008-01-20 16:03:20 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
+ 2008-01-20 16:47:36 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"strkjhk"="C:\WINDOWS\bdir\sdflkj4.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-20 17:04 1460560]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 20:43 7630848]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2008-01-20 17:04 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bootvis.lnk
backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Base frag grid bows]
C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Film Fast.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]
--a------ 2007-07-15 07:25 1335296 C:\Program Files\Lingoes\Translator\Lingoes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgairlive]
--a------ 2007-07-21 07:56 2265088 C:\Program Files\MessengerAirLive\msgairlive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-20 17:04 73728 C:\Program Files\NavNT\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-03 08:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-12-31 00:15]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 23:17]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-05-04 09:00]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-29 06:23:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:48:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2008-01-20 17:48:54
ComboFix-quarantined-files.txt 2008-01-20 16:48:53
ComboFix2.txt 2008-01-20 16:09:20
.
2008-01-09 16:40:34 --- E O F ---
|
|
|
|
|
Et enfin le rapport hijackthis qui n'a pas mis longtemps du tout :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:51, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2852089733-1704186777-3546183761-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm076YYFR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 11212 bytes
|
|
|
|
|
Execute une analyse online via Kaspersky---->
(avec Internet Explorer pas avec Firefox !)
http://www.pcinfo-web.com/tutoriaux/37-1-1-%5BGuide%5D-Analyse-Kaspersky-Onli(...)
[Guide] Analyse Kaspersky Online Scanner - PCInfo-Web
post le rapport!!
|
|
|
|
|
|
ok je le fais là mais sa à l'air d'être très long
|
|
|
|
|
l'analyse était terminée mais le rapport ne se chargeait pas  L'icône pour enregistrer le rapport n'était pas affichée donc je n'est pas de rapport. Je peut juste te dire que j'ai 12 virus sur mon pc c'est tout désolé mais le bouton ou la fenêtre pour affiché le rapport ne s'affichait pas, l'analyse était terminée mais il restait encore le bouton "stop analyse" 
Merci de comprendre et de m'aider.
|
|
|
|
|
|
salut jave le mem pbm que toi, ce que tu vas faire c'est redemarrer ton pc entrer au bios et active l'antivirus du bios et puis appuie sur f10 lorsque windows se redemarrera il sera indiqué ds une info bulle que des logiciels malveillants ont ete supprimés et comme ça tu peux installer ton antivirus de nouveau si tu veux plus d'aide voici mon mail miracle-lancome@hotmail.fr bye
|
|
|
|
|
|
K1Ks désolé pour le rapport ! As-tu une autre idée stp ?
|
|
|
|
|
Execute une analyse online via bitdefender----->
(avec Internet Explorer pas avec Firefox !)
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
Bitdefender : antivirus en ligne (tuto)
post le rapport!!
|
|
|
| |
