Alerte troj vundo . wz
Dernière réponse : dans Sécurité
Bonjour
Depuis quelques jours j'ai une fenêtre de mon antivirus qui s'ouvre, et qui m'alerte sur une attaque de virus ou programme espion, son nom est troj vundo.wz sous le dossier vturo.dll. J'ai tenté plusieur scan comme secuser, house call, ad aware, spy bot, ccleaner.... rien n'y fait cet intrus se plait sur mon pc. J'ai donc lancé hijack dont voici le log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:15:30, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Philippe\Mes documents\HiJackThis_v2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\system32\fccaxwu.dll
O2 - BHO: (no name) - {334E72E9-D07E-4A96-B5C0-6D9A7EE32E64} - C:\WINDOWS\system32\bfpkrvtc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {70B9ED61-F988-45A8-BE1E-17968199432a} - C:\WINDOWS\system32\bfpkrvtc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E57BEF2F-2FE6-4B8D-8A50-D2C5E90AD884} - C:\WINDOWS\system32\vturo.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - Winlogon Notify: fccaxwu - C:\WINDOWS\SYSTEM32\fccaxwu.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 9251 bytes
Y aurait il quelqu'un pour me venir en aide, la fenêtre d'alerte est permanente et je craint que cela empire sans tarder
Merci d'avance
Depuis quelques jours j'ai une fenêtre de mon antivirus qui s'ouvre, et qui m'alerte sur une attaque de virus ou programme espion, son nom est troj vundo.wz sous le dossier vturo.dll. J'ai tenté plusieur scan comme secuser, house call, ad aware, spy bot, ccleaner.... rien n'y fait cet intrus se plait sur mon pc. J'ai donc lancé hijack dont voici le log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:15:30, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Philippe\Mes documents\HiJackThis_v2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\system32\fccaxwu.dll
O2 - BHO: (no name) - {334E72E9-D07E-4A96-B5C0-6D9A7EE32E64} - C:\WINDOWS\system32\bfpkrvtc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {70B9ED61-F988-45A8-BE1E-17968199432a} - C:\WINDOWS\system32\bfpkrvtc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E57BEF2F-2FE6-4B8D-8A50-D2C5E90AD884} - C:\WINDOWS\system32\vturo.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - Winlogon Notify: fccaxwu - C:\WINDOWS\SYSTEM32\fccaxwu.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 9251 bytes
Y aurait il quelqu'un pour me venir en aide, la fenêtre d'alerte est permanente et je craint que cela empire sans tarder
Merci d'avance
Autres pages sur : alerte troj vundo
Lassé par la pub ? Créez un compte
Bonjour,
Merci d'utiliser l'ancienne version d'Hijackthis :
http://www.merijn.org/files/hijackthis.zip
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Merci d'utiliser l'ancienne version d'Hijackthis :
http://www.merijn.org/files/hijackthis.zip
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Merci de répondre si rapidement.
Voici le log hijackthis après vundo fix(je l'ai lancé avant de te lire)
Logfile of HijackThis v1.99.1
Scan saved at 21:54:39, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ainsi que le resultat de vundo fix:
VundoFix V6.3.17
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 21:28:31 22/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\fccaxwu.dll
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\vturo.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fccaxwu.dll
C:\WINDOWS\system32\fccaxwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Has been deleted!
Performing Repairs to the registry.
Done!
Voici le log hijackthis après vundo fix(je l'ai lancé avant de te lire)
Logfile of HijackThis v1.99.1
Scan saved at 21:54:39, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ainsi que le resultat de vundo fix:
VundoFix V6.3.17
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 21:28:31 22/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\fccaxwu.dll
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\vturo.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fccaxwu.dll
C:\WINDOWS\system32\fccaxwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Has been deleted!
Performing Repairs to the registry.
Done!
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
voilà le rapport
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le jeu. 22/03/2007 a 22:07:45,14
*** Recherche de fichiers sur C:
C:\StubInstaller.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\Nx.exe FOUND
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le jeu. 22/03/2007 a 22:07:45,14
*** Recherche de fichiers sur C:
C:\StubInstaller.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\Nx.exe FOUND
*** Fin du rapport !
Re,
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur Boonty Games
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape BOONTY puis valide.
----------
Supprime ce dossier :
C:\Program Files\Fichiers communs\BOONTY Shared
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur Boonty Games
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape BOONTY puis valide.
----------
Supprime ce dossier :
C:\Program Files\Fichiers communs\BOONTY Shared
c'est fait, à suivre un log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:24:20, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:24:20, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ZSScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
On n'a pas fini...
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur AVG Antispyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions"
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur AVG Antispyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions"
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
Bonsoir
Excuse mon empressement, voici le resultat du scan AVG
ainsi que le log hijackthis:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:09:27 23/03/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Philippe\Cookies\philippe@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Philippe\Cookies\philippe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Philippe\Cookies\philippe@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 23:10:58, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
A plus tard
Excuse mon empressement, voici le resultat du scan AVG
ainsi que le log hijackthis:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:09:27 23/03/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Philippe\Cookies\philippe@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Philippe\Cookies\philippe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Philippe\Cookies\philippe@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Elisabeth\Cookies\elisabeth@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 23:10:58, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
A plus tard
bonsoir. J'ai un peu le même pb et j'ai suivi le tutorial mais cela n'a rien donné (ou du moins pas grand chose).
le vundofix ne parvient pas à enlever 2 fichiers infectés même après un reboot.
Voici mes rapports :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:41:20, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Félicité\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B3D60D-2F11-4169-B003-F4B3161F1B3E} - C:\WINDOWS\system32\mllmk.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {33CFF9A3-7ECB-4382-806D-AB0138BC7386} - C:\WINDOWS\system32\ssqnnmk.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {9CDF2642-2AA8-49C2-9B45-E9AB2A5B669C} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E137A0BC-7BFE-4FFC-9D4D-26E2343602C2} - C:\WINDOWS\system32\xnqyilnp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ajkjopqv.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: mllmk - C:\WINDOWS\system32\mllmk.dll
O20 - Winlogon Notify: ssqnnmk - C:\WINDOWS\SYSTEM32\ssqnnmk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 10027 bytes
Et le cleaner :
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 24/03/2007 a 21:57:14,37
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Fin du rapport !
J'ai fait aussi un scan en ligne avec securiser.com. Le troyen est trouvé, mais impossible de l'enlever.
merci de votre aide.
le vundofix ne parvient pas à enlever 2 fichiers infectés même après un reboot.
Voici mes rapports :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:41:20, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Félicité\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B3D60D-2F11-4169-B003-F4B3161F1B3E} - C:\WINDOWS\system32\mllmk.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {33CFF9A3-7ECB-4382-806D-AB0138BC7386} - C:\WINDOWS\system32\ssqnnmk.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {9CDF2642-2AA8-49C2-9B45-E9AB2A5B669C} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E137A0BC-7BFE-4FFC-9D4D-26E2343602C2} - C:\WINDOWS\system32\xnqyilnp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ajkjopqv.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: mllmk - C:\WINDOWS\system32\mllmk.dll
O20 - Winlogon Notify: ssqnnmk - C:\WINDOWS\SYSTEM32\ssqnnmk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 10027 bytes
Et le cleaner :
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 24/03/2007 a 21:57:14,37
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Fin du rapport !
J'ai fait aussi un scan en ligne avec securiser.com. Le troyen est trouvé, mais impossible de l'enlever.
merci de votre aide.
Re,
Télécharge ce fichier Combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs !
Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v mllmk
puis clic sur OK.
Suis les invites.
Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Télécharge ce fichier Combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs !
Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v mllmk
puis clic sur OK.
Suis les invites.
Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Voilà c'est fait :
"F‚licit‚" - 07-03-24 22:56:44 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\F‚licit‚\Bureau"
Command switches used :: /v mllmk
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\kmllm.ini
"C:\WINDOWS\system32\mllmk.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))
2007-03-24 22:53 <REP> d-------- C:\WINDOWS\AU_Temp
2007-03-24 20:26 65,536 --a------ C:\WINDOWS\system32\DragnDropCopyHook.dll
2007-03-24 20:26 241,664 --a------ C:\WINDOWS\system32\SerialPortLib.dll
2007-03-24 20:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartCom
2007-03-24 20:25 <REP> d-------- C:\Program Files\SmartCom
2007-03-24 20:23 132,116 --a------ C:\WINDOWS\system32\xnqyilnp.dll
2007-03-24 20:23 123,972 --a------ C:\WINDOWS\system32\ajkjopqv.dll
2007-03-24 20:04 <REP> d-------- C:\VundoFix Backups
2007-03-24 19:06 51,456 --a------ C:\WINDOWS\system32\drivers\UsbSagCom.sys
2007-03-24 19:06 <REP> d-------- C:\Program Files\SAGEM
2007-03-24 18:27 <REP> d-------- C:\Program Files\The Cleaner
2007-03-24 17:23 <REP> d-------- C:\TEMP
2007-03-24 16:33 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-03-24 16:33 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-03-24 16:33 229,957 --a------ C:\WINDOWS\tsc.exe
2007-03-24 16:33 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2007-03-24 16:33 <REP> d-------- C:\WINDOWS\report
2007-03-24 16:33 <REP> d-------- C:\WINDOWS\AU_Backup
2007-03-24 16:32 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-03-24 16:32 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-03-24 16:32 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-03-24 16:32 <REP> d-------- C:\WINDOWS\AU_Log
2007-03-24 11:48 <REP> d-------- C:\Program Files\BitComet
2007-03-24 11:48 <REP> d-------- C:\Downloads
2007-03-24 11:43 26,697 --a------ C:\WINDOWS\system32\ssqnnmk.dll
2007-03-23 22:26 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\TransRender
2007-03-23 22:26 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Temporary
2007-03-23 22:25 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\ConvertTemp
2007-03-23 18:30 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Samsung
2007-03-23 18:27 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-03-23 18:27 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-03-23 18:26 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2007-03-23 18:26 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2007-03-23 18:26 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2007-03-23 18:26 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2007-03-23 18:26 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2007-03-23 18:26 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2007-03-23 18:26 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2007-03-23 18:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-03-23 18:26 <REP> d-------- C:\Program Files\Samsung
2007-03-23 17:19 <REP> d-------- C:\Program Files\MSXML 4.0
2007-03-22 22:53 <REP> d-------- C:\WINDOWS\system32\Lang
2007-03-22 21:43 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Nokia Multimedia Player
2007-03-22 21:37 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Nokia
2007-03-22 21:37 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\DataLayer
2007-03-22 21:36 <REP> d-------- C:\DOCUME~1\FLICIT~1\Phone Browser
2007-03-22 21:36 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\PC Suite
2007-03-22 21:34 <REP> d-------- C:\Program Files\Nokia
2007-03-22 21:34 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-03-22 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-03-22 21:30 <REP> d-------- C:\DOCUME~1\FLICIT~1\Bluetooth Software
2007-03-22 21:28 <REP> d-------- C:\Program Files\Belkin
2007-03-22 21:24 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Logitech
2007-03-22 21:23 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-03-22 21:23 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-03-22 21:23 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-03-22 21:23 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-03-22 21:23 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-03-22 21:23 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-03-22 21:23 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-03-22 21:23 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-03-22 21:23 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 21:23 <REP> d-------- C:\Program Files\Logitech
2007-03-22 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-03-22 21:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-03-22 21:17 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-03-22 21:12 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Skype
2007-03-22 21:12 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Adobe
2007-03-22 21:08 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-03-22 21:06 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 21:06 <REP> d-------- C:\WINDOWS\network diagnostic
2007-03-22 21:05 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-22 21:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-22 21:03 <REP> d-------- C:\Program Files\Skype
2007-03-22 21:03 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-03-22 21:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-03-22 21:02 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Google
2007-03-22 21:01 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-22 21:01 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-22 21:01 <REP> d-------- C:\Program Files\Picasa2
2007-03-22 21:01 <REP> d-------- C:\Program Files\Lavasoft
2007-03-22 21:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-22 21:00 <REP> d-------- C:\Program Files\Google
2007-03-22 21:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 21:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-03-22 20:58 <REP> d---s---- C:\DOCUME~1\FLICIT~1\UserData
2007-03-22 20:54 <REP> d-------- C:\Program Files\adslTV
2007-03-22 20:51 <REP> d-------- C:\Program Files\VideoLAN
2007-03-22 20:51 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\vlc
2007-03-22 20:43 <REP> d--hs---- C:\RECYCLER
2007-03-22 20:40 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Talkback
2007-03-22 20:39 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Thunderbird
2007-03-22 20:35 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-22 20:30 4,114 --a------ C:\WINDOWS\mozver.dat
2007-03-22 20:30 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-03-22 20:30 <REP> d-------- C:\Program Files\MozBackup
2007-03-22 20:28 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-22 20:19 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\PCToolsFirewallPlus
2007-03-22 20:18 99,936 --a------ C:\WINDOWS\system32\drivers\pctfw1.sys
2007-03-22 20:18 51,808 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2007-03-22 20:18 <REP> d-------- C:\Program Files\PC Tools Firewall Plus
2007-03-22 20:09 9,709,568 --a------ C:\WINDOWS\RTLCPL.exe
2007-03-22 20:09 86,016 --a------ C:\WINDOWS\SoundMan.exe
2007-03-22 20:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-03-22 20:09 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-03-22 20:09 4,484,608 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-03-22 20:09 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-03-22 20:09 2,879,488 --a------ C:\WINDOWS\SkyTel.exe
2007-03-22 20:09 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2007-03-22 20:09 2,157,568 --a------ C:\WINDOWS\MicCal.exe
2007-03-22 20:09 16,125,440 --a------ C:\WINDOWS\RTHDCPL.exe
2007-03-22 20:09 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2007-03-22 20:09 <REP> d-------- C:\WINDOWS\system32\RTCOM
2007-03-22 20:09 <REP> d-------- C:\Program Files\Realtek
2007-03-22 20:08 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-22 20:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-22 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-22 20:08 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-22 20:08 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-22 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-22 20:08 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-22 20:08 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-22 20:08 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-22 20:08 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-22 20:08 <REP> d-------- C:\Program Files\Alwil Software
2007-03-22 20:05 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 20:04 9,728 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-03-22 20:04 11,264 -ra------ C:\WINDOWS\system32\drivers\xfilt.sys
2007-03-22 20:04 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-22 20:04 <REP> d-------- C:\Program Files\VIA
2007-03-22 19:57 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-03-22 19:57 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-03-22 19:57 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-03-22 19:57 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-03-22 19:57 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-22 19:57 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-22 19:57 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-03-22 19:57 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-03-22 19:57 1,622,016 --a------ C:\WINDOWS\system32\nwiz.exe
2007-03-22 19:57 1,470,464 --a------ C:\WINDOWS\system32\nview.dll
2007-03-22 19:57 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-03-22 19:57 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-03-22 19:57 <REP> d-------- C:\WINDOWS\nview
2007-03-22 19:57 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-03-22 19:56 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-03-22 19:56 81,920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-03-22 19:56 7,933,952 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-03-22 19:56 6,541,312 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-03-22 19:56 577,536 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-03-22 19:56 5,957,024 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-22 19:56 5,365,504 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-22 19:56 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-03-22 19:56 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2007-03-22 19:56 303,104 --a------ C:\WINDOWS\system32\nvapi.dll
2007-03-22 19:56 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-03-22 19:56 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-03-22 19:56 2,379,776 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-03-22 19:56 2,097,152 --a------ C:\WINDOWS\system32\nvwss.dll
2007-03-22 19:56 163,908 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-03-22 19:54 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Windows Desktop Search
2007-03-22 19:53 389,120 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-22 19:53 389,120 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-22 19:53 1,835,008 --ah----- C:\DOCUME~1\FLICIT~1\NTUSER.DAT
2007-03-22 19:53 <REP> dr------- C:\DOCUME~1\FLICIT~1\Mes documents
2007-03-22 19:53 <REP> dr------- C:\DOCUME~1\FLICIT~1\Menu D‚marrer
2007-03-22 19:53 <REP> dr------- C:\DOCUME~1\FLICIT~1\Favoris
2007-03-22 19:53 <REP> d--hs---- C:\WINDOWS\CSC
2007-03-22 19:53 <REP> d--h----- C:\DOCUME~1\FLICIT~1\Voisinage r‚seau
2007-03-22 19:53 <REP> d--h----- C:\DOCUME~1\FLICIT~1\Voisinage d'impression
2007-03-22 19:53 <REP> d--h----- C:\DOCUME~1\FLICIT~1\ModŠles
2007-03-22 19:53 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-22 19:53 <REP> d-------- C:\WINDOWS\Prefetch
2007-03-22 19:53 <REP> d-------- C:\DOCUME~1\FLICIT~1\Bureau
2007-03-22 19:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 19:52 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 19:52 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 19:52 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 19:52 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 19:52 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 19:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 19:52 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 19:52 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 19:52 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 19:52 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 19:52 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 19:52 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 19:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 19:52 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 19:52 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 19:52 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 19:52 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 19:51 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-22 19:51 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-22 19:51 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 19:51 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-22 19:51 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 19:51 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2007-03-22 19:51 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-03-22 19:51 42,496 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-03-22 19:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 19:51 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-03-22 19:51 389,120 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-22 19:51 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2007-03-22 19:51 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-22 19:51 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-22 19:51 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2007-03-22 19:51 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-03-22 19:51 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-03-22 19:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-22 19:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-03-22 19:51 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-22 19:51 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 19:51 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-03-22 19:51 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-22 19:51 <REP> d-------- C:\WINDOWS\system32\xircom
2007-03-22 19:51 <REP> d-------- C:\Program Files\microsoft frontpage
2007-03-22 19:50 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-22 19:50 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-03-22 19:50 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-03-22 19:49 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-22 19:49 9,104 --a------ C:\WINDOWS\system\VER.DLL
2007-03-22 19:49 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-22 19:49 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-22 19:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-22 19:49 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-22 19:49 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-22 19:49 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-22 19:49 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-22 19:49 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-22 19:49 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-22 19:49 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-22 19:49 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-22 19:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-22 19:49 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-22 19:49 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-22 19:49 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-22 19:49 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-22 19:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-22 19:49 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-22 19:49 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-22 19:49 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-22 19:49 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-22 19:49 <REP> dr------- C:\Program Files
2007-03-22 19:49 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-03-22 19:49 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-03-22 19:49 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-22 19:49 <REP> d--hs---- C:\WINDOWS\Installer
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-03-22 19:49 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-22 19:49 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-03-22 19:49 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-22 19:49 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-03-22 19:48 <REP> d--hs---- C:\System Volume Information
2007-03-22 19:48 <REP> d-------- C:\Documents and Settings
2007-03-22 19:45 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-22 19:45 <REP> dr--s---- C:\WINDOWS\Fonts
2007-03-22 19:45 <REP> dr------- C:\WINDOWS\Web
2007-03-22 19:45 <REP> d--h----- C:\WINDOWS\inf
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\WinSxS
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\twain_32
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\wins
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\wbem
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\usmt
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\spool
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\Setup
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\ras
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\oobe
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\npp
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\mui
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\inetsrv
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\IME
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\icsxml
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\ias
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\export
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\drivers
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\dhcp
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\config
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\3076
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\2052
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1054
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1042
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1041
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1037
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1036
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1033
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1031
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1028
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1025
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\security
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Resources
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\repair
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Provisioning
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\PeerNet
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\pchealth
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\NLDRV
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\mui
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\msapps
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\msagent
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Media
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\java
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\ime
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Help
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\ehome
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Driver Cache
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Debug
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Cursors
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Connection Wizard
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Config
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\AppPatch
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\addins
2007-03-22 19:45 <REP> d-------- C:\WINDOWS
2007-03-22 19:38 <REP> d-------- C:\Program Files\Windows Desktop Search
2007-03-22 19:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-22 19:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 19:34 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-03-22 19:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-22 19:31 0 -rahs---- C:\MSDOS.SYS
2007-03-22 19:31 0 -rahs---- C:\IO.SYS
2007-03-22 19:31 0 --a------ C:\CONFIG.SYS
2007-03-22 19:31 0 --a------ C:\AUTOEXEC.BAT
2007-03-22 19:31 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-03-22 19:30 <REP> dr------- C:\WINDOWS\Offline Web Pages
2007-03-22 19:30 <REP> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-22 19:30 <REP> d--h----- C:\Program Files\WindowsUpdate
2007-03-22 19:30 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-22 19:30 <REP> d-------- C:\WINDOWS\system32\DirectX
2007-03-22 19:30 <REP> d-------- C:\Program Files\Services en ligne
2007-03-22 19:29 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-22 19:29 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-22 19:29 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-22 19:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-22 19:29 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-22 19:29 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-22 19:29 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-22 19:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-22 19:29 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-22 19:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-22 19:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-22 19:29 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-22 19:29 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-22 19:29 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-22 19:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-22 19:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-22 19:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-22 19:29 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-22 19:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-22 19:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-22 19:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-22 19:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-22 19:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-22 19:29 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-22 19:29 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-22 19:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-22 19:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-22 19:29 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-22 19:29 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-22 19:29 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-22 19:29 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-22 19:29 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-22 19:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-22 19:29 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-22 19:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-22 19:29 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-22 19:29 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-22 19:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-22 19:29 128,896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-22 19:29 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-22 19:29 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-22 19:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-22 19:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-22 19:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-22 19:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-22 19:29 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-22 19:29 <REP> d---s---- C:\WINDOWS\Tasks
2007-03-22 19:29 <REP> d-------- C:\WINDOWS\system32\Restore
2007-03-22 19:29 <REP> d-------- C:\WINDOWS\system32\Macromed
2007-03-22 19:29 <REP> d-------- C:\WINDOWS\srchasst
2007-03-22 19:29 <REP> d-------- C:\Program Files\Movie Maker
2007-03-22 19:29 <REP> d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-22 19:28 97,792 -ra------ C:\WINDOWS\system32\comrepl.dll
2007-03-22 19:28 956,416 -ra------ C:\WINDOWS\system32\msdtctm.dll
2007-03-22 19:28 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-22 19:28 91,136 -ra------ C:\WINDOWS\system32\mtxoci.dll
2007-03-22 19:28 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-22 19:28 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-22 19:28 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-22 19:28 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-22 19:28 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-22 19:28 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-22 19:28 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-22 19:28 625,152 -ra------ C:\WINDOWS\system32\catsrvut.dll
2007-03-22 19:28 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-22 19:28 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-22 19:28 60,416 -ra------ C:\WINDOWS\system32\colbact.dll
2007-03-22 19:28 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-22 19:28 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-22 19:28 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-22 19:28 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-22 19:28 540,160 -ra------ C:\WINDOWS\system32\comuid.dll
2007-03-22 19:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-22 19:28 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-22 19:28 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-22 19:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-22 19:28 498,688 -ra------ C:\WINDOWS\system32\clbcatq.dll
2007-03-22 19:28 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-22 19:28 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-22 19:28 426,496 -ra------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-22 19:28 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-22 19:28 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-22 19:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-22 19:28 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-22 19:28 354,304 -ra------ C:\WINDOWS\system32\hypertrm.dll
2007-03-22 19:28 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-22 19:28 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-22 19:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-22 19:28 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-22 19:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-22 19:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-22 19:28 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-22 19:28 225,792 -ra------ C:\WINDOWS\system32\catsrv.dll
2007-03-22 19:28 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-22 19:28 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-22 19:28 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-22 19:28 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-22 19:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-22 19:28 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-22 19:28 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-22 19:28 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-22 19:28 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-22 19:28 161,280 -ra------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-22 19:28 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-22 19:28 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-22 19:28 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-22 19:28 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-22 19:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-22 19:28 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-22 19:28 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-22 19:28 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-22 19:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-22 19:28 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-22 19:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-22 19:28 139,528 -ra------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-22 19:28 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-22 19:28 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-22 19:28 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-22 19:28 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-22 19:28 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-22 19:28 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-22 19:28 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-22 19:28 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-22 19:28 110,080 -ra------ C:\WINDOWS\system32\clbcatex.dll
2007-03-22 19:28 11,776 -ra------ C:\WINDOWS\system32\xolehlp.dll
2007-03-22 19:28 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-22 19:28 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-22 19:28 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-03-22 19:28 1,267,200 -ra------ C:\WINDOWS\system32\comsvcs.dll
2007-03-22 19:28 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-22 19:28 <REP> d-------- C:\WINDOWS\system32\MsDtc
2007-03-22 19:28 <REP> d-------- C:\WINDOWS\system32\Com
2007-03-22 19:28 <REP> d-------- C:\WINDOWS\Registration
2007-03-22 19:28 <REP> d-------- C:\Program Files\Windows NT
2007-03-22 19:28 <REP> d-------- C:\Program Files\Online Services
2007-03-22 19:28 <REP> d-------- C:\Program Files\MSN Gaming Zone
2007-03-22 19:28 <REP> d-------- C:\Program Files\Messenger
2007-03-22 19:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-22 19:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-22 19:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-22 19:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-22 19:27 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-22 19:27 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-24 20:22 71248 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-24 20:22 458230 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-24 11:48 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"00PCTFW"="\"C:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe\" -s"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
"DataLayer"="C:\\PROGRA~1\\FICHIE~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\ajkjopqv.dll\",setvm"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\
61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\
69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{33CFF9A3-7ECB-4382-806D-AB0138BC7386}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnmk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-24 23:02:23
"F‚licit‚" - 07-03-24 22:56:44 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\F‚licit‚\Bureau"
Command switches used :: /v mllmk
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\kmllm.ini
"C:\WINDOWS\system32\mllmk.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))
2007-03-24 22:53 <REP> d-------- C:\WINDOWS\AU_Temp
2007-03-24 20:26 65,536 --a------ C:\WINDOWS\system32\DragnDropCopyHook.dll
2007-03-24 20:26 241,664 --a------ C:\WINDOWS\system32\SerialPortLib.dll
2007-03-24 20:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartCom
2007-03-24 20:25 <REP> d-------- C:\Program Files\SmartCom
2007-03-24 20:23 132,116 --a------ C:\WINDOWS\system32\xnqyilnp.dll
2007-03-24 20:23 123,972 --a------ C:\WINDOWS\system32\ajkjopqv.dll
2007-03-24 20:04 <REP> d-------- C:\VundoFix Backups
2007-03-24 19:06 51,456 --a------ C:\WINDOWS\system32\drivers\UsbSagCom.sys
2007-03-24 19:06 <REP> d-------- C:\Program Files\SAGEM
2007-03-24 18:27 <REP> d-------- C:\Program Files\The Cleaner
2007-03-24 17:23 <REP> d-------- C:\TEMP
2007-03-24 16:33 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-03-24 16:33 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-03-24 16:33 229,957 --a------ C:\WINDOWS\tsc.exe
2007-03-24 16:33 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2007-03-24 16:33 <REP> d-------- C:\WINDOWS\report
2007-03-24 16:33 <REP> d-------- C:\WINDOWS\AU_Backup
2007-03-24 16:32 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-03-24 16:32 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-03-24 16:32 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-03-24 16:32 <REP> d-------- C:\WINDOWS\AU_Log
2007-03-24 11:48 <REP> d-------- C:\Program Files\BitComet
2007-03-24 11:48 <REP> d-------- C:\Downloads
2007-03-24 11:43 26,697 --a------ C:\WINDOWS\system32\ssqnnmk.dll
2007-03-23 22:26 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\TransRender
2007-03-23 22:26 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Temporary
2007-03-23 22:25 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\ConvertTemp
2007-03-23 18:30 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Samsung
2007-03-23 18:27 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-03-23 18:27 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-03-23 18:26 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2007-03-23 18:26 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2007-03-23 18:26 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2007-03-23 18:26 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2007-03-23 18:26 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2007-03-23 18:26 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2007-03-23 18:26 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2007-03-23 18:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-03-23 18:26 <REP> d-------- C:\Program Files\Samsung
2007-03-23 17:19 <REP> d-------- C:\Program Files\MSXML 4.0
2007-03-22 22:53 <REP> d-------- C:\WINDOWS\system32\Lang
2007-03-22 21:43 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Nokia Multimedia Player
2007-03-22 21:37 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Nokia
2007-03-22 21:37 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\DataLayer
2007-03-22 21:36 <REP> d-------- C:\DOCUME~1\FLICIT~1\Phone Browser
2007-03-22 21:36 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\PC Suite
2007-03-22 21:34 <REP> d-------- C:\Program Files\Nokia
2007-03-22 21:34 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-03-22 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-03-22 21:30 <REP> d-------- C:\DOCUME~1\FLICIT~1\Bluetooth Software
2007-03-22 21:28 <REP> d-------- C:\Program Files\Belkin
2007-03-22 21:24 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Logitech
2007-03-22 21:23 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-03-22 21:23 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-03-22 21:23 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-03-22 21:23 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-03-22 21:23 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-03-22 21:23 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-03-22 21:23 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-03-22 21:23 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-03-22 21:23 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 21:23 <REP> d-------- C:\Program Files\Logitech
2007-03-22 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-03-22 21:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-03-22 21:17 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-03-22 21:12 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Skype
2007-03-22 21:12 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Adobe
2007-03-22 21:08 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-03-22 21:06 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 21:06 <REP> d-------- C:\WINDOWS\network diagnostic
2007-03-22 21:05 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-22 21:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-22 21:03 <REP> d-------- C:\Program Files\Skype
2007-03-22 21:03 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-03-22 21:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-03-22 21:02 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Google
2007-03-22 21:01 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-22 21:01 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-22 21:01 <REP> d-------- C:\Program Files\Picasa2
2007-03-22 21:01 <REP> d-------- C:\Program Files\Lavasoft
2007-03-22 21:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-22 21:00 <REP> d-------- C:\Program Files\Google
2007-03-22 21:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 21:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-03-22 20:58 <REP> d---s---- C:\DOCUME~1\FLICIT~1\UserData
2007-03-22 20:54 <REP> d-------- C:\Program Files\adslTV
2007-03-22 20:51 <REP> d-------- C:\Program Files\VideoLAN
2007-03-22 20:51 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\vlc
2007-03-22 20:43 <REP> d--hs---- C:\RECYCLER
2007-03-22 20:40 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Talkback
2007-03-22 20:39 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Thunderbird
2007-03-22 20:35 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-22 20:30 4,114 --a------ C:\WINDOWS\mozver.dat
2007-03-22 20:30 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-03-22 20:30 <REP> d-------- C:\Program Files\MozBackup
2007-03-22 20:28 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-22 20:19 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\PCToolsFirewallPlus
2007-03-22 20:18 99,936 --a------ C:\WINDOWS\system32\drivers\pctfw1.sys
2007-03-22 20:18 51,808 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2007-03-22 20:18 <REP> d-------- C:\Program Files\PC Tools Firewall Plus
2007-03-22 20:09 9,709,568 --a------ C:\WINDOWS\RTLCPL.exe
2007-03-22 20:09 86,016 --a------ C:\WINDOWS\SoundMan.exe
2007-03-22 20:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-03-22 20:09 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-03-22 20:09 4,484,608 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-03-22 20:09 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-03-22 20:09 2,879,488 --a------ C:\WINDOWS\SkyTel.exe
2007-03-22 20:09 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2007-03-22 20:09 2,157,568 --a------ C:\WINDOWS\MicCal.exe
2007-03-22 20:09 16,125,440 --a------ C:\WINDOWS\RTHDCPL.exe
2007-03-22 20:09 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2007-03-22 20:09 <REP> d-------- C:\WINDOWS\system32\RTCOM
2007-03-22 20:09 <REP> d-------- C:\Program Files\Realtek
2007-03-22 20:08 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-22 20:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-22 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-22 20:08 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-22 20:08 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-22 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-22 20:08 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-22 20:08 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-22 20:08 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-22 20:08 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-22 20:08 <REP> d-------- C:\Program Files\Alwil Software
2007-03-22 20:05 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 20:04 9,728 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-03-22 20:04 11,264 -ra------ C:\WINDOWS\system32\drivers\xfilt.sys
2007-03-22 20:04 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-22 20:04 <REP> d-------- C:\Program Files\VIA
2007-03-22 19:57 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-03-22 19:57 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-03-22 19:57 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-03-22 19:57 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-03-22 19:57 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-22 19:57 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-22 19:57 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-03-22 19:57 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-03-22 19:57 1,622,016 --a------ C:\WINDOWS\system32\nwiz.exe
2007-03-22 19:57 1,470,464 --a------ C:\WINDOWS\system32\nview.dll
2007-03-22 19:57 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-03-22 19:57 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-03-22 19:57 <REP> d-------- C:\WINDOWS\nview
2007-03-22 19:57 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-03-22 19:56 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-03-22 19:56 81,920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-03-22 19:56 7,933,952 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-03-22 19:56 6,541,312 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-03-22 19:56 577,536 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-03-22 19:56 5,957,024 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-22 19:56 5,365,504 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-22 19:56 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-03-22 19:56 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2007-03-22 19:56 303,104 --a------ C:\WINDOWS\system32\nvapi.dll
2007-03-22 19:56 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-03-22 19:56 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-03-22 19:56 2,379,776 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-03-22 19:56 2,097,152 --a------ C:\WINDOWS\system32\nvwss.dll
2007-03-22 19:56 163,908 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-03-22 19:54 <REP> d-------- C:\DOCUME~1\FLICIT~1\APPLIC~1\Windows Desktop Search
2007-03-22 19:53 389,120 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-22 19:53 389,120 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-22 19:53 1,835,008 --ah----- C:\DOCUME~1\FLICIT~1\NTUSER.DAT
2007-03-22 19:53 <REP> dr------- C:\DOCUME~1\FLICIT~1\Mes documents
2007-03-22 19:53 <REP> dr------- C:\DOCUME~1\FLICIT~1\Menu D‚marrer
2007-03-22 19:53 <REP> dr------- C:\DOCUME~1\FLICIT~1\Favoris
2007-03-22 19:53 <REP> d--hs---- C:\WINDOWS\CSC
2007-03-22 19:53 <REP> d--h----- C:\DOCUME~1\FLICIT~1\Voisinage r‚seau
2007-03-22 19:53 <REP> d--h----- C:\DOCUME~1\FLICIT~1\Voisinage d'impression
2007-03-22 19:53 <REP> d--h----- C:\DOCUME~1\FLICIT~1\ModŠles
2007-03-22 19:53 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-22 19:53 <REP> d-------- C:\WINDOWS\Prefetch
2007-03-22 19:53 <REP> d-------- C:\DOCUME~1\FLICIT~1\Bureau
2007-03-22 19:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 19:52 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 19:52 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 19:52 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 19:52 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 19:52 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 19:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 19:52 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 19:52 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 19:52 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 19:52 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 19:52 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 19:52 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 19:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 19:52 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 19:52 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 19:52 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 19:52 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 19:51 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-22 19:51 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-22 19:51 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 19:51 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-22 19:51 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 19:51 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2007-03-22 19:51 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-03-22 19:51 42,496 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-03-22 19:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 19:51 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-03-22 19:51 389,120 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-22 19:51 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2007-03-22 19:51 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-22 19:51 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-22 19:51 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2007-03-22 19:51 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-03-22 19:51 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-03-22 19:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-22 19:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-03-22 19:51 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-22 19:51 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 19:51 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-03-22 19:51 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-22 19:51 <REP> d-------- C:\WINDOWS\system32\xircom
2007-03-22 19:51 <REP> d-------- C:\Program Files\microsoft frontpage
2007-03-22 19:50 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-22 19:50 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-03-22 19:50 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-03-22 19:49 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-22 19:49 9,104 --a------ C:\WINDOWS\system\VER.DLL
2007-03-22 19:49 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-22 19:49 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-22 19:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-22 19:49 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-22 19:49 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-22 19:49 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-22 19:49 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-22 19:49 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-22 19:49 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-22 19:49 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-22 19:49 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-22 19:49 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-22 19:49 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-22 19:49 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-22 19:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-22 19:49 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-22 19:49 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-22 19:49 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-22 19:49 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-22 19:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-22 19:49 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-22 19:49 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-22 19:49 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-22 19:49 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-22 19:49 <REP> dr------- C:\Program Files
2007-03-22 19:49 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-03-22 19:49 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-03-22 19:49 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-22 19:49 <REP> d--hs---- C:\WINDOWS\Installer
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-03-22 19:49 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-03-22 19:49 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-22 19:49 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-03-22 19:49 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-22 19:49 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-03-22 19:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-03-22 19:48 <REP> d--hs---- C:\System Volume Information
2007-03-22 19:48 <REP> d-------- C:\Documents and Settings
2007-03-22 19:45 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-22 19:45 <REP> dr--s---- C:\WINDOWS\Fonts
2007-03-22 19:45 <REP> dr------- C:\WINDOWS\Web
2007-03-22 19:45 <REP> d--h----- C:\WINDOWS\inf
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\WinSxS
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\twain_32
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\wins
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\wbem
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\usmt
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\spool
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\Setup
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\ras
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\oobe
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\npp
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\mui
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\inetsrv
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\IME
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\icsxml
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\ias
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\export
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\drivers
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\dhcp
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\config
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\3076
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\2052
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1054
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1042
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1041
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1037
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1036
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1033
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1031
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1028
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32\1025
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system32
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\system
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\security
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Resources
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\repair
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Provisioning
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\PeerNet
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\pchealth
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\NLDRV
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\mui
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\msapps
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\msagent
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Media
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\java
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\ime
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Help
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\ehome
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Driver Cache
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Debug
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Cursors
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Connection Wizard
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\Config
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\AppPatch
2007-03-22 19:45 <REP> d-------- C:\WINDOWS\addins
2007-03-22 19:45 <REP> d-------- C:\WINDOWS
2007-03-22 19:38 <REP> d-------- C:\Program Files\Windows Desktop Search
2007-03-22 19:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-22 19:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 19:34 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-03-22 19:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-22 19:31 0 -rahs---- C:\MSDOS.SYS
2007-03-22 19:31 0 -rahs---- C:\IO.SYS
2007-03-22 19:31 0 --a------ C:\CONFIG.SYS
2007-03-22 19:31 0 --a------ C:\AUTOEXEC.BAT
2007-03-22 19:31 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-03-22 19:30 <REP> dr------- C:\WINDOWS\Offline Web Pages
2007-03-22 19:30 <REP> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-22 19:30 <REP> d--h----- C:\Program Files\WindowsUpdate
2007-03-22 19:30 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-22 19:30 <REP> d-------- C:\WINDOWS\system32\DirectX
2007-03-22 19:30 <REP> d-------- C:\Program Files\Services en ligne
2007-03-22 19:29 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-22 19:29 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-22 19:29 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-22 19:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-22 19:29 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-22 19:29 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-22 19:29 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-22 19:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-22 19:29 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-22 19:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-22 19:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-22 19:29 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-22 19:29 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-22 19:29 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-22 19:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-22 19:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-22 19:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-22 19:29 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-22 19:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-22 19:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-22 19:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-22 19:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-22 19:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-22 19:29 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-22 19:29 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-22 19:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-22 19:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-22 19:29 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-22 19:29 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-22 19:29 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-22 19:29 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-22 19:29 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-22 19:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-22 19:29 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-22 19:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-22 19:29 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-22 19:29 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-22 19:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-22 19:29 128,896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-22 19:29 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-22 19:29 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-22 19:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-22 19:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-22 19:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-22 19:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-22 19:29 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-22 19:29 <REP> d---s---- C:\WINDOWS\Tasks
2007-03-22 19:29 <REP> d-------- C:\WINDOWS\system32\Restore
2007-03-22 19:29 <REP> d-------- C:\WINDOWS\system32\Macromed
2007-03-22 19:29 <REP> d-------- C:\WINDOWS\srchasst
2007-03-22 19:29 <REP> d-------- C:\Program Files\Movie Maker
2007-03-22 19:29 <REP> d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-22 19:28 97,792 -ra------ C:\WINDOWS\system32\comrepl.dll
2007-03-22 19:28 956,416 -ra------ C:\WINDOWS\system32\msdtctm.dll
2007-03-22 19:28 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-22 19:28 91,136 -ra------ C:\WINDOWS\system32\mtxoci.dll
2007-03-22 19:28 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-22 19:28 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-22 19:28 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-22 19:28 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-22 19:28 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-22 19:28 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-22 19:28 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-22 19:28 625,152 -ra------ C:\WINDOWS\system32\catsrvut.dll
2007-03-22 19:28 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-22 19:28 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-22 19:28 60,416 -ra------ C:\WINDOWS\system32\colbact.dll
2007-03-22 19:28 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-22 19:28 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-22 19:28 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-22 19:28 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-22 19:28 540,160 -ra------ C:\WINDOWS\system32\comuid.dll
2007-03-22 19:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-22 19:28 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-22 19:28 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-22 19:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-22 19:28 498,688 -ra------ C:\WINDOWS\system32\clbcatq.dll
2007-03-22 19:28 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-22 19:28 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-22 19:28 426,496 -ra------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-22 19:28 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-22 19:28 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-22 19:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-22 19:28 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-22 19:28 354,304 -ra------ C:\WINDOWS\system32\hypertrm.dll
2007-03-22 19:28 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-22 19:28 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-22 19:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-22 19:28 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-22 19:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-22 19:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-22 19:28 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-22 19:28 225,792 -ra------ C:\WINDOWS\system32\catsrv.dll
2007-03-22 19:28 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-22 19:28 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-22 19:28 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-22 19:28 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-22 19:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-22 19:28 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-22 19:28 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-22 19:28 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-22 19:28 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-22 19:28 161,280 -ra------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-22 19:28 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-22 19:28 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-22 19:28 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-22 19:28 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-22 19:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-22 19:28 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-22 19:28 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-22 19:28 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-22 19:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-22 19:28 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-22 19:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-22 19:28 139,528 -ra------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-22 19:28 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-22 19:28 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-22 19:28 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-22 19:28 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-22 19:28 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-22 19:28 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-22 19:28 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-22 19:28 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-22 19:28 110,080 -ra------ C:\WINDOWS\system32\clbcatex.dll
2007-03-22 19:28 11,776 -ra------ C:\WINDOWS\system32\xolehlp.dll
2007-03-22 19:28 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-22 19:28 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-22 19:28 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-03-22 19:28 1,267,200 -ra------ C:\WINDOWS\system32\comsvcs.dll
2007-03-22 19:28 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-22 19:28 <REP> d-------- C:\WINDOWS\system32\MsDtc
2007-03-22 19:28 <REP> d-------- C:\WINDOWS\system32\Com
2007-03-22 19:28 <REP> d-------- C:\WINDOWS\Registration
2007-03-22 19:28 <REP> d-------- C:\Program Files\Windows NT
2007-03-22 19:28 <REP> d-------- C:\Program Files\Online Services
2007-03-22 19:28 <REP> d-------- C:\Program Files\MSN Gaming Zone
2007-03-22 19:28 <REP> d-------- C:\Program Files\Messenger
2007-03-22 19:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-22 19:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-22 19:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-22 19:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-22 19:27 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-22 19:27 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-24 20:22 71248 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-24 20:22 458230 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-24 11:48 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"00PCTFW"="\"C:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe\" -s"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
"DataLayer"="C:\\PROGRA~1\\FICHIE~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\ajkjopqv.dll\",setvm"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\
61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\
69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{33CFF9A3-7ECB-4382-806D-AB0138BC7386}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnmk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-24 23:02:23
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\xnqyilnp.dll
C:\WINDOWS\system32\ajkjopqv.dll
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES !
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\xnqyilnp.dll
C:\WINDOWS\system32\ajkjopqv.dll
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES !
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
voilà c'est fait :
C:\WINDOWS\system32\xnqyilnp.dll unregistered successfully.
C:\WINDOWS\system32\xnqyilnp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ajkjopqv.dll
C:\WINDOWS\system32\ajkjopqv.dll NOT unregistered.
C:\WINDOWS\system32\ajkjopqv.dll moved successfully.
Created on 03/24/2007 23:10:40
C:\WINDOWS\system32\xnqyilnp.dll unregistered successfully.
C:\WINDOWS\system32\xnqyilnp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ajkjopqv.dll
C:\WINDOWS\system32\ajkjopqv.dll NOT unregistered.
C:\WINDOWS\system32\ajkjopqv.dll moved successfully.
Created on 03/24/2007 23:10:40
))) je lance securiser.com
je me suis fait piéger bêtement en téléchargant un drivers (en plus ce n'était même pas un truc illégal...). Comme je le trouvais pas sur le site du constructeur, je suis allé sur des sites plus louches. J'ai téléchargé le fichier. Je l'ai soumis à avast qui n'a rien trouvé. Et quand je l'ai lancé, il a disparu du bureau et tout a commencé.
Lassé par la pub ? Créez un compte
