Ravmon et autorun.inf sur ma carte micro sd
Dernière réponse : dans Sécurité
Bonjour
J'ai un gros problème au niveau de la carte sd de mon téléphone (nokia 5200).Un virus du nom de ravmon s y est introduit et pas moyens de le délogé.J'ai lu presque toutes les solutions qui peuvent se trouver dans ce sites et je les ai essayer mais rien n'y fait.de plus mon téléphone au bout de quel jours ne s'allume plus.
SVP aider moi![:cry:]( ":cry:")
J'ai un gros problème au niveau de la carte sd de mon téléphone (nokia 5200).Un virus du nom de ravmon s y est introduit et pas moyens de le délogé.J'ai lu presque toutes les solutions qui peuvent se trouver dans ce sites et je les ai essayer mais rien n'y fait.de plus mon téléphone au bout de quel jours ne s'allume plus.
SVP aider moi
Autres pages sur : ravmon autorun inf carte micro
Lassé par la pub ? Créez un compte
Faudrait éviter de revenir 13 jours après une réponse...
Branche ta carte puis fais ceci :
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Branche ta carte puis fais ceci :
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
voila et excuse moi pour le retard :
ComboFix 08-05-15.3 - moatadid 2008-05-17 9:59:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.90 [GMT 0:00]
Endroit: C:\Documents and Settings\moatadid\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 09:39 . 2008-05-17 09:39 <REP> d-------- C:\WINDOWS\LastGood
2008-05-13 18:56 . 2008-05-13 18:56 221 --a------ C:\WINDOWS\NCLogConfig.ini
2008-05-11 09:22 . 2008-05-11 09:22 104,253 -r-hs---- C:\r6r.exe
2008-05-10 12:03 . 2008-05-10 12:03 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\ABBYY
2008-05-10 11:49 . 2008-05-12 19:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ABBYY
2008-05-09 16:56 . 2008-05-09 16:56 292,890 --a------ C:\Document_20080509_165609.pdf
2008-05-09 16:50 . 2008-05-09 16:50 <REP> d-------- C:\WINDOWS\Documalis Free Scanner 1.0
2008-05-09 16:50 . 2008-05-09 16:50 <REP> d-------- C:\Program Files\Documalis Free
2008-05-09 16:48 . 2008-05-09 16:48 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\GetRightToGo
2008-05-09 15:20 . 2008-05-10 12:47 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Image Zone Express
2008-05-08 11:24 . 2005-12-28 20:43 402,432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-05-08 09:01 . 2008-05-08 09:08 171 --a------ C:\ASWL2K.ini
2008-05-08 08:54 . 2005-02-02 17:56 147,328 -ra------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-05-08 08:54 . 2008-05-08 08:54 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-05-08 08:54 . 2005-02-02 14:52 656 --a------ C:\WINDOWS\Un1500.iss
2008-05-08 08:53 . 2003-04-29 16:46 61,440 --a------ C:\WINDOWS\system32\ASW32N50.dll
2008-05-08 08:53 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-05-08 08:53 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-05-08 08:52 . 2005-04-20 14:19 180,224 --a------ C:\WINDOWS\SetupDungle.exe
2008-05-05 22:24 . 2004-08-04 00:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-05 22:15 . 2008-05-05 22:15 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-05 12:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 12:47 . 2008-05-05 12:49 <REP> d-------- C:\Program Files\Java
2008-05-04 21:22 . 2008-05-16 19:02 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-04 21:22 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-03 01:14 . 2008-05-03 01:14 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\dvdcss
2008-05-01 18:18 . 2008-05-01 18:18 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Ulead Systems
2008-05-01 18:17 . 2008-05-01 18:17 87 --a------ C:\WINDOWS\dswplug.ini
2008-05-01 18:15 . 2000-12-22 22:27 73,728 --a------ C:\WINDOWS\system32\mplaw7.dll
2008-05-01 18:15 . 2000-12-22 22:19 73,728 --a------ C:\WINDOWS\system32\mplaa6.dll
2008-05-01 18:15 . 2000-12-22 22:19 61,440 --a------ C:\WINDOWS\system32\mplam6.dll
2008-05-01 18:15 . 2000-12-22 14:11 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-05-01 18:13 . 2008-05-01 18:13 <REP> d-------- C:\Program Files\Ulead Systems
2008-05-01 18:13 . 2008-05-01 18:13 <REP> d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2008-05-01 18:13 . 2008-05-01 18:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-05-01 18:01 . 2008-05-13 18:56 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\HP
2008-05-01 18:01 . 2008-05-01 18:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-05-01 17:55 . 2008-05-01 17:55 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-01 17:54 . 2006-04-12 02:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-01 17:54 . 2006-04-12 02:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-01 17:53 . 2006-01-03 08:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-05-01 17:53 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2008-05-01 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-01 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-01 17:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 17:51 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-01 17:51 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-01 17:51 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-01 17:51 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-01 17:51 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-01 17:51 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-01 17:49 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\HP
2008-05-01 17:46 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-01 17:46 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-01 17:45 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-01 17:45 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-01 17:29 . 2008-05-01 18:03 132,832 --a------ C:\WINDOWS\hpoins11.dat
2008-05-01 10:33 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-01 09:19 . 2008-05-17 08:58 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\skypePM
2008-05-01 09:19 . 2008-05-01 09:19 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-30 12:42 . 2008-04-30 12:42 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\vlc
2008-04-30 12:41 . 2008-04-30 12:41 <REP> d-------- C:\Program Files\VideoLAN
2008-04-30 09:19 . 2008-05-12 18:52 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-30 09:10 . 2008-04-30 09:10 <REP> d-------- C:\Program Files\MegauploadToolbar
2008-04-30 09:10 . 2008-05-05 14:46 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\MegauploadToolbar
2008-04-30 09:05 . 2008-04-30 09:05 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-30 08:59 . 2008-04-30 08:59 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-04-30 08:50 . 2008-04-30 08:50 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Design Science
2008-04-29 21:05 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-29 21:05 . 2008-04-29 21:05 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 21:03 . 2008-04-29 21:03 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-29 21:01 . 2008-04-29 21:01 <REP> d-------- C:\Program Files\Microsoft Works
2008-04-29 20:52 . 2008-05-17 10:01 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Skype
2008-04-29 20:49 . 2008-04-29 20:49 <REP> d-------- C:\Program Files\Skype
2008-04-29 20:49 . 2008-04-29 20:49 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-29 20:49 . 2008-04-29 20:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-04-29 19:46 . 2008-04-29 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-04-29 19:46 . 2008-04-29 19:46 <REP> d-------- C:\Program Files\Ahead
2008-04-29 19:46 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-29 19:46 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-29 19:46 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-29 19:46 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-29 19:46 . 2004-03-03 21:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-04-29 19:46 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-29 19:46 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-29 19:46 . 2004-03-03 21:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-29 19:43 . 2008-04-29 19:43 <REP> d-------- C:\Program Files\SuperCopier2
2008-04-29 19:40 . 2008-04-29 19:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-29 19:35 . 2008-04-29 19:35 <REP> d---s---- C:\Documents and Settings\moatadid\UserData
2008-04-29 18:02 . 2008-04-29 17:07 <REP> d--h----- C:\Documents and Settings\moatadid\Voisinage réseau
2008-04-29 18:02 . 2008-04-29 17:07 <REP> d--h----- C:\Documents and Settings\moatadid\Voisinage d'impression
2008-04-29 18:02 . 2008-04-29 17:21 <REP> d--h----- C:\Documents and Settings\moatadid\Modèles
2008-04-29 18:02 . 2008-05-12 20:08 <REP> dr------- C:\Documents and Settings\moatadid\Mes documents
2008-04-29 18:02 . 2008-04-29 17:07 <REP> dr------- C:\Documents and Settings\moatadid\Menu Démarrer
2008-04-29 18:02 . 2008-04-29 18:03 <REP> dr------- C:\Documents and Settings\moatadid\Favoris
2008-04-29 18:02 . 2008-05-17 09:36 <REP> d-------- C:\Documents and Settings\moatadid\Bureau
2008-04-29 18:02 . 2008-05-16 22:43 <REP> d-------- C:\Documents and Settings\moatadid
2008-04-29 18:02 . 2008-05-17 10:04 1,024 --ah----- C:\Documents and Settings\moatadid\NTUSER.DAT.LOG
2008-04-29 18:02 . 2008-05-17 09:59 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT.LOG
2008-04-29 18:00 . 2008-04-29 18:00 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT
2008-04-29 18:00 . 2008-05-17 08:59 1,024 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG
2008-04-29 17:37 . 2008-04-29 17:37 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT
2008-04-29 17:37 . 2008-04-29 17:37 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-29 17:37 . 2008-05-17 08:59 1,024 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG
2008-04-29 17:33 . 2001-08-28 12:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-04-29 17:32 . 2004-08-04 00:54 563,712 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-04-29 17:31 . 2001-08-28 12:00 514,587 --a--c--- C:\WINDOWS\system32\dllcache\edb500.dll
2008-04-29 17:30 . 2008-04-29 17:30 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-29 17:30 . 2004-08-04 00:54 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-29 17:28 . 2008-04-29 17:28 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-29 17:28 . 2008-04-29 17:28 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-04-29 17:28 . 2008-04-29 17:28 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-29 17:28 . 2008-04-29 17:28 3,072 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-04-29 17:28 . 2008-04-29 17:28 0 --a------ C:\WINDOWS\control.ini
2008-04-29 17:26 . 2008-05-01 18:13 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-29 17:26 . 2008-04-29 17:28 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-04-29 17:26 . 2008-04-29 17:26 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-04-29 17:26 . 2008-04-29 17:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-29 17:25 . 2001-08-28 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 09:12 --------- d-----w C:\Program Files\WLAN Card Utilities
2008-05-08 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 18:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-05-01 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-08-08 11:36 19,560 ----a-w C:\Documents and Settings\MOATADID ABDELALI\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 16:45 1052672]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:54 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service []
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-28 20:43]
R4 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver;E:\Setup\WinXP\ASNDIS5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c199210-176a-11dd-bfdd-0004753ab84e}]
\Shell\AutoRun\command - G:\v.exe
\Shell\explore\Command - G:\v.exe
\Shell\open\Command - G:\v.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64648e30-772d-11dc-b9aa-0004753ab84e}]
\Shell\AutoRun\command - H:\r6r.exe
\Shell\explore\Command - H:\r6r.exe
\Shell\open\Command - H:\r6r.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{980c61fa-5d1e-11dc-b986-0004753ab84e}]
\Shell\AutoRun\command - G:\v.exe
\Shell\explore\Command - G:\v.exe
\Shell\open\Command - G:\v.exe
*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:03:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\moatadid\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-05-17 10:07:59
ComboFix-quarantined-files.txt 2008-05-17 10:07:02
Pre-Run: 966,860,800 octets libres
Post-Run: 1,725,571,072 octets libres
229 --- E O F --- 2008-05-05 22:34:22
ComboFix 08-05-15.3 - moatadid 2008-05-17 9:59:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.90 [GMT 0:00]
Endroit: C:\Documents and Settings\moatadid\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 09:39 . 2008-05-17 09:39 <REP> d-------- C:\WINDOWS\LastGood
2008-05-13 18:56 . 2008-05-13 18:56 221 --a------ C:\WINDOWS\NCLogConfig.ini
2008-05-11 09:22 . 2008-05-11 09:22 104,253 -r-hs---- C:\r6r.exe
2008-05-10 12:03 . 2008-05-10 12:03 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\ABBYY
2008-05-10 11:49 . 2008-05-12 19:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ABBYY
2008-05-09 16:56 . 2008-05-09 16:56 292,890 --a------ C:\Document_20080509_165609.pdf
2008-05-09 16:50 . 2008-05-09 16:50 <REP> d-------- C:\WINDOWS\Documalis Free Scanner 1.0
2008-05-09 16:50 . 2008-05-09 16:50 <REP> d-------- C:\Program Files\Documalis Free
2008-05-09 16:48 . 2008-05-09 16:48 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\GetRightToGo
2008-05-09 15:20 . 2008-05-10 12:47 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Image Zone Express
2008-05-08 11:24 . 2005-12-28 20:43 402,432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-05-08 09:01 . 2008-05-08 09:08 171 --a------ C:\ASWL2K.ini
2008-05-08 08:54 . 2005-02-02 17:56 147,328 -ra------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-05-08 08:54 . 2008-05-08 08:54 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-05-08 08:54 . 2005-02-02 14:52 656 --a------ C:\WINDOWS\Un1500.iss
2008-05-08 08:53 . 2003-04-29 16:46 61,440 --a------ C:\WINDOWS\system32\ASW32N50.dll
2008-05-08 08:53 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-05-08 08:53 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-05-08 08:52 . 2005-04-20 14:19 180,224 --a------ C:\WINDOWS\SetupDungle.exe
2008-05-05 22:24 . 2004-08-04 00:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-05 22:15 . 2008-05-05 22:15 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-05 12:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 12:47 . 2008-05-05 12:49 <REP> d-------- C:\Program Files\Java
2008-05-04 21:22 . 2008-05-16 19:02 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-04 21:22 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-03 01:14 . 2008-05-03 01:14 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\dvdcss
2008-05-01 18:18 . 2008-05-01 18:18 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Ulead Systems
2008-05-01 18:17 . 2008-05-01 18:17 87 --a------ C:\WINDOWS\dswplug.ini
2008-05-01 18:15 . 2000-12-22 22:27 73,728 --a------ C:\WINDOWS\system32\mplaw7.dll
2008-05-01 18:15 . 2000-12-22 22:19 73,728 --a------ C:\WINDOWS\system32\mplaa6.dll
2008-05-01 18:15 . 2000-12-22 22:19 61,440 --a------ C:\WINDOWS\system32\mplam6.dll
2008-05-01 18:15 . 2000-12-22 14:11 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-05-01 18:13 . 2008-05-01 18:13 <REP> d-------- C:\Program Files\Ulead Systems
2008-05-01 18:13 . 2008-05-01 18:13 <REP> d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2008-05-01 18:13 . 2008-05-01 18:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-05-01 18:01 . 2008-05-13 18:56 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\HP
2008-05-01 18:01 . 2008-05-01 18:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-05-01 17:55 . 2008-05-01 17:55 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-01 17:54 . 2006-04-12 02:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-01 17:54 . 2006-04-12 02:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-01 17:53 . 2006-01-03 08:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-05-01 17:53 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2008-05-01 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-01 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-01 17:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 17:51 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-01 17:51 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-01 17:51 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-01 17:51 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-01 17:51 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-01 17:51 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-01 17:49 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\HP
2008-05-01 17:46 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-01 17:46 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-01 17:45 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-01 17:45 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-01 17:29 . 2008-05-01 18:03 132,832 --a------ C:\WINDOWS\hpoins11.dat
2008-05-01 10:33 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-01 09:19 . 2008-05-17 08:58 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\skypePM
2008-05-01 09:19 . 2008-05-01 09:19 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-30 12:42 . 2008-04-30 12:42 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\vlc
2008-04-30 12:41 . 2008-04-30 12:41 <REP> d-------- C:\Program Files\VideoLAN
2008-04-30 09:19 . 2008-05-12 18:52 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-30 09:10 . 2008-04-30 09:10 <REP> d-------- C:\Program Files\MegauploadToolbar
2008-04-30 09:10 . 2008-05-05 14:46 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\MegauploadToolbar
2008-04-30 09:05 . 2008-04-30 09:05 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-30 08:59 . 2008-04-30 08:59 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-04-30 08:50 . 2008-04-30 08:50 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Design Science
2008-04-29 21:05 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-29 21:05 . 2008-04-29 21:05 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 21:03 . 2008-04-29 21:03 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-29 21:01 . 2008-04-29 21:01 <REP> d-------- C:\Program Files\Microsoft Works
2008-04-29 20:52 . 2008-05-17 10:01 <REP> d-------- C:\Documents and Settings\moatadid\Application Data\Skype
2008-04-29 20:49 . 2008-04-29 20:49 <REP> d-------- C:\Program Files\Skype
2008-04-29 20:49 . 2008-04-29 20:49 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-29 20:49 . 2008-04-29 20:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-04-29 19:46 . 2008-04-29 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-04-29 19:46 . 2008-04-29 19:46 <REP> d-------- C:\Program Files\Ahead
2008-04-29 19:46 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-29 19:46 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-29 19:46 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-29 19:46 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-29 19:46 . 2004-03-03 21:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-04-29 19:46 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-29 19:46 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-29 19:46 . 2004-03-03 21:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-29 19:43 . 2008-04-29 19:43 <REP> d-------- C:\Program Files\SuperCopier2
2008-04-29 19:40 . 2008-04-29 19:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-29 19:35 . 2008-04-29 19:35 <REP> d---s---- C:\Documents and Settings\moatadid\UserData
2008-04-29 18:02 . 2008-04-29 17:07 <REP> d--h----- C:\Documents and Settings\moatadid\Voisinage réseau
2008-04-29 18:02 . 2008-04-29 17:07 <REP> d--h----- C:\Documents and Settings\moatadid\Voisinage d'impression
2008-04-29 18:02 . 2008-04-29 17:21 <REP> d--h----- C:\Documents and Settings\moatadid\Modèles
2008-04-29 18:02 . 2008-05-12 20:08 <REP> dr------- C:\Documents and Settings\moatadid\Mes documents
2008-04-29 18:02 . 2008-04-29 17:07 <REP> dr------- C:\Documents and Settings\moatadid\Menu Démarrer
2008-04-29 18:02 . 2008-04-29 18:03 <REP> dr------- C:\Documents and Settings\moatadid\Favoris
2008-04-29 18:02 . 2008-05-17 09:36 <REP> d-------- C:\Documents and Settings\moatadid\Bureau
2008-04-29 18:02 . 2008-05-16 22:43 <REP> d-------- C:\Documents and Settings\moatadid
2008-04-29 18:02 . 2008-05-17 10:04 1,024 --ah----- C:\Documents and Settings\moatadid\NTUSER.DAT.LOG
2008-04-29 18:02 . 2008-05-17 09:59 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT.LOG
2008-04-29 18:00 . 2008-04-29 18:00 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT
2008-04-29 18:00 . 2008-05-17 08:59 1,024 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG
2008-04-29 17:37 . 2008-04-29 17:37 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT
2008-04-29 17:37 . 2008-04-29 17:37 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-29 17:37 . 2008-05-17 08:59 1,024 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG
2008-04-29 17:33 . 2001-08-28 12:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-04-29 17:32 . 2004-08-04 00:54 563,712 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-04-29 17:31 . 2001-08-28 12:00 514,587 --a--c--- C:\WINDOWS\system32\dllcache\edb500.dll
2008-04-29 17:30 . 2008-04-29 17:30 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-29 17:30 . 2004-08-04 00:54 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-29 17:28 . 2008-04-29 17:28 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-29 17:28 . 2008-04-29 17:28 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-04-29 17:28 . 2008-04-29 17:28 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-29 17:28 . 2008-04-29 17:28 3,072 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-04-29 17:28 . 2008-04-29 17:28 0 --a------ C:\WINDOWS\control.ini
2008-04-29 17:26 . 2008-05-01 18:13 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-29 17:26 . 2008-04-29 17:28 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-04-29 17:26 . 2008-04-29 17:26 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-04-29 17:26 . 2008-04-29 17:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-29 17:25 . 2001-08-28 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-29 17:25 . 2008-04-29 17:25 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 09:12 --------- d-----w C:\Program Files\WLAN Card Utilities
2008-05-08 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 18:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-05-01 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-08-08 11:36 19,560 ----a-w C:\Documents and Settings\MOATADID ABDELALI\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 16:45 1052672]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:54 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service []
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-28 20:43]
R4 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver;E:\Setup\WinXP\ASNDIS5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c199210-176a-11dd-bfdd-0004753ab84e}]
\Shell\AutoRun\command - G:\v.exe
\Shell\explore\Command - G:\v.exe
\Shell\open\Command - G:\v.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64648e30-772d-11dc-b9aa-0004753ab84e}]
\Shell\AutoRun\command - H:\r6r.exe
\Shell\explore\Command - H:\r6r.exe
\Shell\open\Command - H:\r6r.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{980c61fa-5d1e-11dc-b986-0004753ab84e}]
\Shell\AutoRun\command - G:\v.exe
\Shell\explore\Command - G:\v.exe
\Shell\open\Command - G:\v.exe
*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:03:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\moatadid\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-05-17 10:07:59
ComboFix-quarantined-files.txt 2008-05-17 10:07:02
Pre-Run: 966,860,800 octets libres
Post-Run: 1,725,571,072 octets libres
229 --- E O F --- 2008-05-05 22:34:22
Re,
Télécharge puis installe HijackThis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser HijackThis v2.0.2
Télécharge puis installe HijackThis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser HijackThis v2.0.2
et voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:50, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4652 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:50, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4652 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumCarte micro sd en mini sd
- ForumSupport carte micro sd
- ForumFormat carte micro sd
- ForumLecture carte micro sd
- ForumCarte micro sd ne marche plus
- ForumCarte micro sd illisible
- solutionsCarte micro sd hc
- ForumCarte micro sd mobile
- ForumCarte micro sd non compatible
- ForumCarte micro sd pas detecter
- Voir plus
