Bonsoir, j'ai régulièrement avast qui trouve un virus dans le dossier appdata il s'appelle : hmunmlc11.exe.
J'ai fait un scan en mode sans echec puis après redémarrage j'ai fait un scan navilog mais je ne sais pas le lire.
Quelqu'un peut il m'aider ?
Voici le rapport :
Search Navipromo version 3.6.8 commencé le 04/11/2008 à 18:59:57,66
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "sabeddy"
Mise à jour le 03.11.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16757
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\users\sabeddy\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\sabeddy\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\sabeddy\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\sabeddy\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\sabeddy\AppData\Local\Microsoft" :
* Dans "C:\Users\sabeddy\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 04/11/2008 à 19:13:43,27 ***
merci à ceux qui pourront m'aider.
Ce sujet a été déplacé de la catégorie Logiciels vers la catégorie Sécurité - Virus par Yama310
Mon inconnue du Métro 6
Répondre à Yama310
Bonsoir, Bonsoir Yama 
Deauclair, désinstalle Navilog, il ne nous est pas utile ici.
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
- Double clique sur HJTInstall.exe pour lancer l'installation.
- Clique sur Install.
- Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
- Accepte la licence en cliquant sur Yes.
- Clique sur Do a system scan and save a logfile.
- Poste ici le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
Merci de ton aide FanDANGELDARK,
voila le rapport.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:39, on 05/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\installés\WinZip\WZQKPICK.EXE
C:\Windows\System32\drivers\comrepl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\System32\drivers\comrepl.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinService32] ssmon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\sabeddy\AppData\Roaming\MICROS~1\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\INSTAL~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\installés\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 7226 bytes
Re,
Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.
- Double-clique sur RSIT.exe afin de lancer RSIT.
- Clique Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (qui sera affiché)
ainsi que de info.txt (qui sera réduit dans la Barre des Tâches)
- NB : Les rapports sont sauvegardés dans le dossier C:\rsit
- Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
re !
voici log.txt :
Logfile of random's system information tool 1.04 (written by random/random)
Run by sabeddy at 2008-11-06 10:03:46
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 142 GB (62%) free of 230 GB
Total RAM: 1022 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:53, on 06/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\installés\WinZip\WZQKPICK.EXE
C:\Windows\System32\drivers\comrepl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\sabeddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3DAMXA3\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\sabeddy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\System32\drivers\comrepl.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinService32] ssmon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\sabeddy\AppData\Roaming\MICROS~1\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\INSTAL~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\installés\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 7297 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\Recovery DVD Creator.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-08-26 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-01 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-01 7753728]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-01 81920]
"HostManager"=C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe [2006-11-14 50736]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-08-25 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-08-25 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"WinService32"=ssmon []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"MstInit"=C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe [2008-09-03 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-08-26 1232896]
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ClipSrv"=C:\Users\sabeddy\AppData\Roaming\MICROS~1\clipsrv.exe [2008-09-03 86016]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe
WinZip Quick Pick.lnk - C:\Program Files\installés\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2315a2-7301-11dd-acdb-806e6f6e6963}]
shell\AutoRun\command - D:\Autorun.exe
======List of files/folders created in the last 1 months======
2008-11-06 10:03:46 ----D---- C:\rsit
2008-11-05 10:10:22 ----D---- C:\Program Files\Trend Micro
2008-11-04 18:59:57 ----A---- C:\fixnavi.txt
2008-11-04 18:59:13 ----D---- C:\Program Files\Navilog1
2008-11-04 18:00:19 ----A---- C:\Windows\ntbtlog.txt
2008-10-31 08:16:02 ----D---- C:\Windows\report
2008-10-31 08:08:11 ----A---- C:\xscan.txt
2008-10-28 23:34:38 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 23:34:38 ----A---- C:\Windows\system32\printcom.dll
2008-10-28 07:42:11 ----A---- C:\Windows\system32\EncDec.dll
2008-10-28 07:42:10 ----A---- C:\Windows\system32\mcmde.dll
2008-10-28 07:42:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-23 19:09:44 ----A---- C:\Windows\system32\netapi32.dll
2008-10-15 11:11:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 11:11:14 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 11:10:47 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 11:10:46 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 11:10:45 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 11:10:45 ----A---- C:\Windows\system32\mstime.dll
2008-10-15 11:10:44 ----A---- C:\Windows\system32\urlmon.dll
2008-10-15 11:10:44 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-15 11:10:43 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-15 11:10:43 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 11:10:43 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-15 11:10:43 ----A---- C:\Windows\system32\icardie.dll
2008-10-15 11:10:43 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-15 11:10:42 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-15 11:10:42 ----A---- C:\Windows\system32\advpack.dll
2008-10-15 11:10:41 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-15 11:10:41 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-15 11:10:41 ----A---- C:\Windows\system32\ieui.dll
2008-10-15 11:10:41 ----A---- C:\Windows\system32\iesetup.dll
2008-10-15 11:10:41 ----A---- C:\Windows\system32\iernonce.dll
2008-10-15 11:10:41 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-08 16:07:28 ----D---- C:\KPCMS
2008-10-08 16:07:28 ----A---- C:\Windows\system32\pcdlib32.dll
2008-10-08 16:07:28 ----A---- C:\Windows\system32\MSVCRT10.DLL
2008-10-08 16:07:28 ----A---- C:\Windows\sprof32.dll
2008-10-08 16:07:27 ----A---- C:\Windows\pfpick.dll
2008-10-08 16:07:27 ----A---- C:\Windows\kpsys32.dll
2008-10-08 16:07:27 ----A---- C:\Windows\kpcp32.dll
2008-10-08 16:07:27 ----A---- C:\Windows\KPCMS.INI
2008-10-08 16:07:27 ----A---- C:\Windows\KPAPI32.DLL
2008-10-08 16:07:27 ----A---- C:\Windows\icccodes.dll
2008-10-08 16:07:24 ----D---- C:\Windows\system32\COLOR
2008-10-08 16:07:19 ----D---- C:\Program Files\Adobe
2008-10-08 16:05:53 ----A---- C:\Windows\unin040c.exe
======List of files/folders modified in the last 1 months======
2008-11-06 10:03:46 ----D---- C:\Windows\Prefetch
2008-11-06 09:06:03 ----D---- C:\Windows\Temp
2008-11-06 00:00:12 ----SHD---- C:\System Volume Information
2008-11-05 19:27:42 ----D---- C:\Windows\inf
2008-11-05 19:27:42 ----AD---- C:\Windows\System32
2008-11-05 19:27:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-05 19:25:17 ----SHD---- C:\Windows\Installer
2008-11-05 10:10:22 ----RD---- C:\Program Files
2008-11-04 18:00:19 ----D---- C:\Windows
2008-11-04 10:22:47 ----D---- C:\Windows\system32\wbem
2008-11-04 10:21:56 ----D---- C:\Windows\system32\config
2008-11-04 10:21:40 ----D---- C:\Windows\Tasks
2008-11-04 10:21:40 ----D---- C:\Windows\system32\spool
2008-11-04 10:21:40 ----D---- C:\Windows\system32\catroot2
2008-11-04 10:21:40 ----D---- C:\Windows\Minidump
2008-11-04 10:21:35 ----D---- C:\Program Files\Sysmnt
2008-11-04 10:21:34 ----D---- C:\Windows\registration
2008-11-02 19:49:18 ----D---- C:\Windows\Debug
2008-10-31 08:08:10 ----SD---- C:\Windows\Downloaded Program Files
2008-10-29 03:15:09 ----D---- C:\Windows\Microsoft.NET
2008-10-29 03:15:08 ----RSD---- C:\Windows\assembly
2008-10-29 03:07:35 ----D---- C:\Windows\ehome
2008-10-29 03:01:39 ----D---- C:\Windows\winsxs
2008-10-28 23:33:48 ----D---- C:\Windows\system32\catroot
2008-10-19 07:31:42 ----D---- C:\Windows\system32\WDI
2008-10-16 02:12:07 ----D---- C:\Windows\system32\drivers
2008-10-16 02:12:07 ----D---- C:\Program Files\Windows Mail
2008-10-16 02:12:06 ----D---- C:\Windows\system32\migration
2008-10-16 02:12:06 ----D---- C:\Windows\AppPatch
2008-10-16 02:12:06 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:05:52 ----A---- C:\Windows\win.ini
2008-10-15 15:23:12 ----D---- C:\ProgramData\eMule
2008-10-15 15:22:51 ----D---- C:\Program Files\eMule
2008-10-08 16:07:27 ----D---- C:\Program Files\Common Files\Adobe
2008-10-07 20:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-07 18:50:23 ----SD---- C:\Users\sabeddy\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\Windows\system32\drivers\btserial.sys [2004-10-01 23271]
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\Windows\system32\drivers\btslbcsp.sys [2004-10-01 222876]
R3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-01 4452288]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-08-26 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-08-26 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-08-26 29184]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2004-10-01 54488]
S3 catchme;catchme; \??\C:\Users\sabeddy\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\installés\aawservice.exe [2008-08-26 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2004-10-01 163840]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
et voici info.txt :
info.txt logfile of random's system information tool 1.04 2008-11-06 10:03:56
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.0 Limited Edition-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Adobe\Photoshop 5.0 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0 LE\Uninst.dll"
AOL - Assistant de désinstallation-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 8.02-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Audacity 1.2.6-->"C:\Program Files\installés\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Ciel Devis Factures 6.0-->MsiExec.exe /I{F29DDAD0-447D-4BDB-80CB-4276B4D5C9A7}
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Les Sims 2-->C:\Program Files\installés\EAUninstall.exe
Les Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe
livebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NIS2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NIS2007_FR*
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OFFICE One 150 Templates v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA147801-8946-4BBE-BE17-A2199CE52C81}\setup.exe" -l0x40c -removeonly
OFFICE One 7.0-->MsiExec.exe /I{1EF377AC-035A-48BE-8EF7-D18D36308CE9}
OFFICE One ClipArt v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8F3555E-B918-445E-97D1-BC4861C4EF59}\setup.exe" -l0x40c -removeonly
OFFICE One Fonts v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}\setup.exe" -l0x40c -removeonly
OFFICE One License v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1A7B28B-AA31-442C-A4FA-598B65A7F5DA}\setup.exe" -l0x40c -removeonly
OFFICE One Menu v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85C5827E-106F-4497-8066-B7CFEBBEA91D}\setup.exe" -l0x40c -removeonly
OFFICE One Notes v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D2683BE-2C44-4DB5-BECD-87B324077A7F}\setup.exe" -l0x40c -removeonly
OFFICE One QuickZip v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87DEF84E-51A5-4A0E-91C2-E012E92DE69B}\setup.exe" -l0x40c -removeonly
OFFICE One Safety-Box v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B243ABE9-57C2-4B97-BA6B-37DF6C0208ED}\setup.exe" -l0x40c -removeonly
OFFICE One Startup v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEC30F06-A382-47D1-B828-859AC641EB1D}\setup.exe" -l0x40c -removeonly
Office One-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFFICE*
Packard Bell - Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek HD Audio V6.0.1.5322-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Skype 2.5.2.151-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Video NVIDIA v97.19-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\installés\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
======Security center information======
AV: avast! antivirus 4.8.1229 [VPS 081105-0]
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1229 [VPS 081105-0]
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Re,
Télécharge ComboFix (de sUBs) sur ton Bureau.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Sélectionne l'intégralité du cadre ci-dessous :
File::
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
impossible de télécharger COMBOFIX car un message s'affiche disant : some installation files are corrupt. Et il plante.
J'ai pourtant bien vérifié d'avoir tous désactivé.
J'ai essayé de le télécharger sur un autre site mais le résultat est le même.
Est ce que mon ordi est très infecté ?
Re,
Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
:processes
|
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
voila le raport :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HostManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinService32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\MstInit deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"load"|"" /E : value set successfully!
========== FILES ==========
C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe moved successfully.
C:\Windows\System32\drivers\comrepl.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\sabeddy\AppData\Local\Temp\~DF2E36.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\sabeddy\AppData\Local\Temp\~DF4D00.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\sabeddy\AppData\Local\Temp\~DFBA68.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\sabeddy\AppData\Local\Temp\~DFBA6F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET4735.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11082008_062109
Files moved on Reboot...
C:\Users\sabeddy\AppData\Local\Temp\~DF2E36.tmp moved successfully.
C:\Users\sabeddy\AppData\Local\Temp\~DF4D00.tmp moved successfully.
File C:\Users\sabeddy\AppData\Local\Temp\~DFBA68.tmp not found!
File C:\Users\sabeddy\AppData\Local\Temp\~DFBA6F.tmp not found!
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\JET4735.tmp moved successfully.
Re,
Poste un nouveau rapport HijackThis.
re, voila le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:50, on 08/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Users\sabeddy\AppData\Roaming\Microsoft\clipsrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\installés\WinZip\WZQKPICK.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sysmnt\ssmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\logman.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinService32] ssmon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\Windows\System\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\sabeddy\AppData\Roaming\MICROS~1\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\INSTAL~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\installés\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6477 bytes
Re,
1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
- Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
- Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!
Aide :
2) Désinstalle via Ajout/Suppression de Programmes (si présents) :
- Avast!
Télécharge et exécute le Désinstalleur d'Avast!.
Ceci effacera la majorité des traces du produit Avast! d'Alwil Software.
Télécharge Ccleaner sur ton Bureau.
- Clique sur "download the latest version"
- Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
- Lance le Nettoyage
- Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
***************
Télécharge AntiVir sur ton Bureau.
- Double clique sur l'exécutable téléchargé pour lancer l'installation.
- A la fin de l'installation, clique sur Finish.
- Ouvre Antivir, assure-toi qu’il soit bien à jour !
- Dans l'onglet Local Protection, choisis Scanner.
- Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
- Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
- Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir.
Aide : Comment installer et utiliser AntiVir.
re,
voila le rapport malware :
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1276
Windows 6.0.6000
10/11/2008 11:39:13
mbam-log-2008-11-10 (11-39-13).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 140712
Temps écoulé: 23 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 189
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Sysmnt\faq.url (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\help.chm (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\license.txt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\unins000.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\unins000.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\website.url (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\Apps.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\Files.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\Keystrokes.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\LogStatistic.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\Screenshots.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\Urls.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110921871.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110921901.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110921932.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110921962.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110921992.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110922022.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938492.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938523.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938553.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938583.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938613.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938643.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110938673.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942123.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942153.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942183.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942213.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942244.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942274.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942304.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110942334.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110943894.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110943924.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110943954.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110943984.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944014.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944044.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944074.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944104.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944134.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944164.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944195.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944225.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944255.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944285.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944315.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944345.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944375.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944405.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944435.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944465.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944495.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944525.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944556.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944586.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944616.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944646.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944676.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944706.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944736.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944766.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944796.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944826.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944857.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944887.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944917.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944947.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110944977.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945007.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945037.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945067.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945097.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945127.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945158.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945188.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945218.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945248.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945278.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945308.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945338.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945368.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945399.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945429.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945459.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945489.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945519.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945549.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945579.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945609.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945640.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945670.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945700.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945730.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945760.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945790.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945820.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945850.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945881.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945911.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110945941.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110946391.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110946421.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110946451.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110946481.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110946511.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110946541.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952362.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952392.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952422.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952452.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952482.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952512.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952542.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952572.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952603.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952633.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952663.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952693.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952723.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952753.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952783.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952813.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952843.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952873.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952904.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952934.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952964.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110952994.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953024.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953054.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953084.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953114.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953144.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953174.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953205.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953235.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953265.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953295.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953325.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953355.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953385.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953415.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953446.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953476.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953506.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953536.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110953566.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956477.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956507.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956537.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956567.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956597.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956627.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956657.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956687.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956717.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956747.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956778.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956808.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110956838.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962328.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962358.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962388.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962418.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962449.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962479.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962509.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962539.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962569.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962599.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962629.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962659.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962689.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962720.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962750.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110962780.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971751.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971781.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971811.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971842.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971872.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971902.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971932.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971962.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110971992.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\ssdata\SnapShots\2008110972022.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\system\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
et voila le rapport antivir :
Avira AntiVir Personal
Report file date: lundi 10 novembre 2008 12:14
Scanning for 1022611 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: sabeddy
Computer name: PC-DE-SABEDDY
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:09:32
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 11:09:40
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 11:09:40
ANTIVIR3.VDF : 7.1.0.60 19968 Bytes 10/11/2008 11:09:41
Engineversion : 8.2.0.29
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.13 332156 Bytes 10/11/2008 11:10:03
AESCN.DLL : 8.1.1.5 123251 Bytes 10/11/2008 11:10:02
AERDL.DLL : 8.1.1.3 438645 Bytes 10/11/2008 11:10:01
AEPACK.DLL : 8.1.3.3 393591 Bytes 10/11/2008 11:09:58
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 10/11/2008 11:09:54
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 10/11/2008 11:09:52
AEHELP.DLL : 8.1.1.3 119157 Bytes 10/11/2008 11:09:46
AEGEN.DLL : 8.1.1.0 319859 Bytes 10/11/2008 11:09:45
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 10/11/2008 11:09:43
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/11/2008 11:09:41
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:, H:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 10 novembre 2008 12:14
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'logman.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '46' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\sabeddy\AppData\Local\Temp\~tmp\hmunmlcn01\hmunmlcn01.exe
[DETECTION] Is the TR/Agent.iob Trojan
[NOTE] The file was deleted!
C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007ssinstall.exe
[DETECTION] Contains recognition pattern of the DR/007SpySoft.342 dropper
[WARNING] The file was ignored!
C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007 Spy SoftWare(KeyLogger+) Plus Serial By DeeOhGee\007 Spy SoftWare SetUp.exe
[DETECTION] Contains recognition pattern of the DR/007SpySoft.342.1 dropper
[WARNING] The file was ignored!
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: lundi 10 novembre 2008 13:14
Used time: 1:00:34 Hour(s)
The scan has been done completely.
15179 Scanning directories
431758 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
431753 Files not concerned
2517 Archives were scanned
8 Warnings
1 Notes
Bien, poste un nouveau rapport HJT
voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:17, on 11/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\installés\WinZip\WZQKPICK.EXE
C:\Windows\logman.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\logman.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinService32] ssmon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Users\sabeddy\AppData\Roaming\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\sabeddy\AppData\Roaming\MICROS~1\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Users\sabeddy\AppData\Local\Temp\mstinit.exe /waitservice (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\INSTAL~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\installés\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6390 bytes
Re,
Evite les cracks
Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
O4 - HKLM\..\Run: [WinService32] ssmon
|
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !
j'ai fait ce que tu as dis mais je n'ai pas eu de rapport.
Est ce normal ?
Re,
antivir vient de me détecter hmunmlc12.exe.
Comment se fait il que ce virus revienne? Je n'ai pourtant rien fait de spécial. D'ou peut il bien venir ?
Re,
Télécharge ComboFix (de sUBs) sur ton Bureau.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
re,
impossible de le télécharger. Il me dit qu'il est impossible de le renomer en combofix 1 alors que je n'ai rien fait.
Re,
Essaie de le renommer avant téléchargement :
Fais un clic droit sur ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.
- Choisis le Bureau, insère un trait d'union entre Combo et Fix de telle manière à obtenir Combo-Fix.exe, puis choisis Enregistrer.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
re voila le rapprot combofix :
ComboFix 08-11-12.01 - sabeddy 2008-11-14 9:11:50.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.409 [GMT 1:00]
Lancé depuis: c:\users\sabeddy\Desktop\Combo-Fix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Sysmnt
c:\program files\Sysmnt\faq.url
c:\program files\Sysmnt\help.chm
c:\program files\Sysmnt\license.txt
c:\program files\Sysmnt\ssdata\Apps.dat
c:\program files\Sysmnt\ssdata\Keystrokes.dat
c:\program files\Sysmnt\ssdata\LogStatistic.ini
c:\program files\Sysmnt\ssdata\Screenshots.dat
c:\program files\Sysmnt\ssdata\SnapShots\2008111341575.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341605.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341635.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341665.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341695.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341725.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341755.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341785.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341815.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341846.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341876.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341906.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341936.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111341966.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111372836.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111372866.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111372896.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111372926.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111372956.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111372986.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373047.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373077.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373107.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373137.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373167.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373197.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373227.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373257.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373287.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373317.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373347.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373378.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373408.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373858.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373888.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373918.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373948.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111373978.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374008.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374038.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374068.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374098.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374129.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374279.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374309.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374339.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374369.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374399.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374429.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374459.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374489.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374519.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374549.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374580.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111374610.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375390.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375420.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375450.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375480.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375510.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375540.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111375570.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376110.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376140.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376170.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376201.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376231.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376261.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376291.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376321.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376351.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376381.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376411.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376441.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376471.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111376501.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377551.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377581.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377612.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377642.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377672.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377702.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377732.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377762.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377792.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377822.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377852.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377882.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377912.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377943.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111377973.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378003.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378033.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378063.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378093.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378123.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378153.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378183.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378213.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378244.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378274.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378304.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378334.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378364.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378394.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378424.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378454.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378484.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378514.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378545.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378575.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378605.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378635.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378665.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378695.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378725.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378755.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378785.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111378815.jpg
c:\program files\Sysmnt\ssdata\Urls.dat
c:\program files\Sysmnt\unins000.dat
c:\program files\Sysmnt\unins000.exe
c:\program files\Sysmnt\website.url
c:\windows\system32\ijl11pro.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-14 au 2008-11-14 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 11:04 --------- d-----w c:\programdata\Avira
2008-11-10 11:04 --------- d-----w c:\program files\Avira
2008-11-10 10:56 --------- d-----w c:\program files\CCleaner
2008-11-10 10:06 --------- d-----w c:\users\sabeddy\AppData\Roaming\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\programdata\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-05 09:10 --------- d-----w c:\program files\Trend Micro
2008-11-05 09:10 --------- d-----w c:\program files\Navilog1
2008-10-16 19:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-16 19:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 01:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 14:23 --------- d-----w c:\programdata\eMule
2008-10-15 14:22 --------- d-----w c:\program files\eMule
2008-10-08 15:07 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 18:11 --------- d-----w c:\program files\Samsung
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 12:53 --------- d-----w c:\program files\Apple Software Update
2008-09-29 12:52 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 12:52 --------- d-----w c:\program files\iTunes
2008-09-29 12:52 --------- d-----w c:\program files\iPod
2008-09-29 12:50 --------- d-----w c:\program files\QuickTime
2008-09-29 12:50 --------- d-----w c:\program files\Common Files\Apple
2008-09-29 12:50 --------- d-----w c:\program files\Bonjour
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-10 13:02 208,896 ----a-w c:\windows\System32\lame_enc.dll
2008-09-10 03:25 1,341,440 ----a-w c:\windows\System32\msxml6.dll
2008-09-10 03:21 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-09-05 04:48 1,194,496 ----a-w c:\windows\System32\msxml3.dll
2008-09-05 04:45 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-09-03 09:21 86,016 ----a-w c:\windows\logman.exe
2008-09-03 09:21 86,016 ----a-w c:\windows\dllhst3g.exe
2008-09-03 09:21 86,016 ----a-w c:\users\sabeddy\AppData\Roaming\esentutl.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-27 17:49 268,800 ----a-w c:\windows\System32\es.dll
2008-08-26 15:41 174 --sha-w c:\program files\desktop.ini
2008-08-26 15:21 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-08-26 15:21 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-08-26 15:21 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-08-26 15:20 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-08-26 15:20 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-08-26 15:20 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-08-26 15:20 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-08-26 15:20 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-08-26 15:20 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-08-26 15:20 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-08-26 15:20 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-08-26 15:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-08-26 15:19 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-08-26 15:18 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-08-26 15:18 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-08-26 15:13 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-26 15:12 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-08-26 15:11 414,208 ----a-w c:\windows\System32\msscp.dll
2008-08-26 15:10 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-08-26 15:10 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-08-26 15:10 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-08-26 15:10 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-08-26 15:09 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-08-26 15:09 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-08-26 15:09 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-08-26 15:09 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-08-26 15:09 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-08-26 15:09 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-08-26 15:06 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-08-26 15:03 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-08-26 14:59 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-26 14:58 1,585,664 ----a-w c:\windows\System32\setupapi.dll
2008-08-26 14:54 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-08-26 14:54 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-08-26 14:54 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-08-26 14:54 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-08-26 14:54 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-08-26 14:54 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-08-26 14:54 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-08-26 14:54 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\SLC.dll
2008-08-26 14:54 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-08-26 14:54 2,048 ----a-w c:\windows\System32\asferror.dll
2008-08-26 14:54 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-08-26 14:51 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-26 14:51 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-08-26 14:50 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-08-26 14:50 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-08-26 14:49 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-26 14:49 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-08-26 14:49 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-08-26 14:49 5,120 ----a-w c:\windows\System32\wmi.dll
2008-08-26 14:49 152,576 ----a-w c:\windows\System32\imagehlp.dll
2008-08-26 14:47 1,327,104 ----a-w c:\windows\System32\quartz.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-26 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinService32"="ssmon" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-01 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-01 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-01 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\System32\drivers\logman.exe" [2008-09-03 86016]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"DllHst"="c:\windows\dllhst3g.exe" [2008-09-03 86016]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rsvp"="c:\users\sabeddy\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe" [2008-09-03 86016]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-01-01 713728]
WinZip Quick Pick.lnk - c:\program files\install‚s\WinZip\WZQKPICK.EXE [2008-08-26 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DB5BD7B7-6F8C-496D-9C66-4B51F18880C1}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C67D978B-8B70-477E-83EB-13F68EFBBCD7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0FC07BB1-91AA-4551-BA78-774FF8BD5633}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CD286BC7-BCDD-4E8F-83D2-18048CD0C977}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2D781B63-7414-4C17-8974-064313E242F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AA0B950A-88AA-4D9F-BCE8-3A9DC9AF38A0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3C9298C2-F4E0-45DC-8136-F9EFB4F649C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{389EA1B2-0787-457B-8B2F-56091D267DB2}c:\\program files\\installés\\emule\\emule.exe"= UDP:c:\program files\installés\emule\emule.exe:eMule Plus
"UDP Query User{6CAC7629-2FF0-4434-8704-F2347464E244}c:\\program files\\installés\\emule\\emule.exe"= TCP:c:\program files\installés\emule\emule.exe:eMule Plus
"TCP Query User{CEC55ECA-9EBD-498D-84E7-339743BB80B3}c:\\users\\sabeddy\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:c:\users\sabeddy\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{F93D173C-81C9-4909-AF80-C4614F76D8B8}c:\\users\\sabeddy\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:c:\users\sabeddy\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"{D80ED80D-0BC1-4371-88B3-5FE515A266D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{54EC7999-5E6E-438F-9D71-D7567844FF8F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{181FF084-E616-406A-928E-3202D586870C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4C688D58-7D34-469E-950A-92935692ECFD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{831FC8D6-EE23-4C54-92D4-89ED978AE437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7C5B245-1325-456B-ADC4-F5648665EF2C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{59827A2A-090B-4F31-9B4B-A837CC61E6EC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Tâches planifiées'
2008-11-14 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2008-11-14 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/webhp?hl=fr
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 09:14:18
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-14 9:15:38
ComboFix-quarantined-files.txt 2008-11-14 08:15:35
Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 155,242,037,248 octets libres
354 --- E O F --- 2008-11-14 00:54:25
Re,
Sélectionne l'intégralité du cadre ci-dessous :
http://www.infos-du-net.com/forum/283321-11-rapport-navilog-decrypter#t346557
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- ComboFix créera ces fichiers sur ton Bureau :
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm
- ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
- Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
- Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
- Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
- Clique sur le bouton "Browse"("Parcourir" ) et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.
- Soumets le fichier en cliquant "OK"
- Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
re,
Ce matin Antivir à trouver deux nouveaux virus. Je ne met pas en doute tes talents d'exterminateur de virus mais crois tu en arriver à bout ? Parceque là je désespère; J'entends mon PC la nuit qui bip quand un virus est detecté. Je fini par me demander si un formatage ne serait pas envisagable. C'est un peu radical mais bon...
combi fix n'a pas fait tout à fait comme tu as dit. Il n'a pas créé de fichiers sur le bureau mais par contre une fenetre s'est ouvert et m'a demandé de copier un lien dans un endroit precis afin de lancer une vérification plus poussée.
VOILA LE RAPPORT :
ComboFix 08-11-12.01 - sabeddy 2008-11-15 6:12:26.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.491 [GMT 1:00]
Lancé depuis: c:\users\sabeddy\Desktop\Combo-Fix.exe
Commutateurs utilisés :: c:\users\sabeddy\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Sysmnt
c:\program files\Sysmnt\faq.url
c:\program files\Sysmnt\help.chm
c:\program files\Sysmnt\license.txt
c:\program files\Sysmnt\ssdata\Apps.dat
c:\program files\Sysmnt\ssdata\Files.dat
c:\program files\Sysmnt\ssdata\Keystrokes.dat
c:\program files\Sysmnt\ssdata\LogStatistic.ini
c:\program files\Sysmnt\ssdata\Screenshots.dat
c:\program files\Sysmnt\ssdata\SnapShots\2008111440144.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111440174.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111440205.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111440235.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111440265.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111440295.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441525.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441555.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441585.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441616.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441646.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441676.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441706.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441736.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441766.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441796.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441826.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441856.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441886.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441916.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441947.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111441977.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111442007.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463758.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463788.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463818.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463848.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463878.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463908.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463938.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463968.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111463998.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464028.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464058.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464088.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464118.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464149.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464179.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464209.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464239.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464269.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464299.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464329.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464359.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464389.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464419.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464450.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464480.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464510.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464540.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464570.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464601.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464631.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464661.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464691.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464721.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464751.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464901.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464931.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464961.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111464992.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465022.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465052.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465082.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465112.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465142.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465172.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465202.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465233.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465263.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465293.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465323.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465353.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465383.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465413.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111465443.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472404.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472434.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472464.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472494.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472525.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472556.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472586.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472616.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472646.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472676.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472706.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472736.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472766.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472796.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111472826.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111473337.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111473367.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111473397.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111473427.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111473457.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111473487.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111475258.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111475288.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111475318.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111475348.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111475378.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111475408.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482099.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482129.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482160.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482190.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482220.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482250.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111482280.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111485311.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111485341.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111485371.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111485401.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111485432.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111485462.jpg
c:\program files\Sysmnt\ssdata\Urls.dat
c:\program files\Sysmnt\unins000.dat
c:\program files\Sysmnt\unins000.exe
c:\program files\Sysmnt\website.url
c:\users\sabeddy\AppData\Roaming\esentutl.exe
c:\windows\dllhst3g.exe
c:\windows\logman.exe
c:\windows\System32\drivers\logman.exe
c:\windows\system32\ijl11pro.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 11:04 --------- d-----w c:\programdata\Avira
2008-11-10 11:04 --------- d-----w c:\program files\Avira
2008-11-10 10:56 --------- d-----w c:\program files\CCleaner
2008-11-10 10:06 --------- d-----w c:\users\sabeddy\AppData\Roaming\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\programdata\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-05 09:10 --------- d-----w c:\program files\Trend Micro
2008-11-05 09:10 --------- d-----w c:\program files\Navilog1
2008-10-16 19:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-16 19:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 01:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 14:23 --------- d-----w c:\programdata\eMule
2008-10-15 14:22 --------- d-----w c:\program files\eMule
2008-10-08 15:07 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 18:11 --------- d-----w c:\program files\Samsung
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 12:53 --------- d-----w c:\program files\Apple Software Update
2008-09-29 12:52 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 12:52 --------- d-----w c:\program files\iTunes
2008-09-29 12:52 --------- d-----w c:\program files\iPod
2008-09-29 12:50 --------- d-----w c:\program files\QuickTime
2008-09-29 12:50 --------- d-----w c:\program files\Common Files\Apple
2008-09-29 12:50 --------- d-----w c:\program files\Bonjour
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-10 13:02 208,896 ----a-w c:\windows\System32\lame_enc.dll
2008-09-10 03:25 1,341,440 ----a-w c:\windows\System32\msxml6.dll
2008-09-10 03:21 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-09-05 04:48 1,194,496 ----a-w c:\windows\System32\msxml3.dll
2008-09-05 04:45 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-27 17:49 268,800 ----a-w c:\windows\System32\es.dll
2008-08-26 15:41 174 --sha-w c:\program files\desktop.ini
2008-08-26 15:21 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-08-26 15:21 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-08-26 15:21 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-08-26 15:20 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-08-26 15:20 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-08-26 15:20 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-08-26 15:20 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-08-26 15:20 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-08-26 15:20 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-08-26 15:20 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-08-26 15:20 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-08-26 15:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-08-26 15:19 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-08-26 15:18 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-08-26 15:18 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-08-26 15:13 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-26 15:12 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-08-26 15:11 414,208 ----a-w c:\windows\System32\msscp.dll
2008-08-26 15:10 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-08-26 15:10 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-08-26 15:10 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-08-26 15:10 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-08-26 15:09 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-08-26 15:09 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-08-26 15:09 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-08-26 15:09 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-08-26 15:09 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-08-26 15:09 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-08-26 15:06 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-08-26 15:03 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-08-26 14:59 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-26 14:58 1,585,664 ----a-w c:\windows\System32\setupapi.dll
2008-08-26 14:54 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-08-26 14:54 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-08-26 14:54 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-08-26 14:54 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-08-26 14:54 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-08-26 14:54 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-08-26 14:54 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-08-26 14:54 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\SLC.dll
2008-08-26 14:54 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-08-26 14:54 2,048 ----a-w c:\windows\System32\asferror.dll
2008-08-26 14:54 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-08-26 14:51 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-26 14:51 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-08-26 14:50 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-08-26 14:50 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-08-26 14:49 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-26 14:49 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-08-26 14:49 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-08-26 14:49 5,120 ----a-w c:\windows\System32\wmi.dll
2008-08-26 14:49 152,576 ----a-w c:\windows\System32\imagehlp.dll
2008-08-26 14:47 1,327,104 ----a-w c:\windows\System32\quartz.dll
2008-08-26 14:46 974,336 ----a-w c:\windows\System32\crypt32.dll
2008-08-26 14:45 633,856 ----a-w c:\windows\System32\user32.dll
2008-08-26 14:44 750,080 ----a-w c:\windows\System32\qmgr.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-14_ 9.14.53,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-14 08:11:25 6,225,920 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-11-15 05:11:02 6,225,920 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
- 2008-11-14 08:06:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-15 05:12:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-14 08:06:45 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-15 05:12:50 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-14 08:06:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-15 05:12:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-13 02:15:12 107,416 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-14 16:57:45 107,416 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-13 02:15:12 121,814 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-14 16:57:45 121,814 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-13 02:15:12 618,272 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-14 16:57:45 618,272 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-13 02:15:12 699,984 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-14 16:57:45 699,984 ----a-w c:\windows\System32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-26 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-01 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-01 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-01 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-01-01 713728]
WinZip Quick Pick.lnk - c:\program files\install‚s\WinZip\WZQKPICK.EXE [2008-08-26 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DB5BD7B7-6F8C-496D-9C66-4B51F18880C1}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C67D978B-8B70-477E-83EB-13F68EFBBCD7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0FC07BB1-91AA-4551-BA78-774FF8BD5633}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CD286BC7-BCDD-4E8F-83D2-18048CD0C977}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2D781B63-7414-4C17-8974-064313E242F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AA0B950A-88AA-4D9F-BCE8-3A9DC9AF38A0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3C9298C2-F4E0-45DC-8136-F9EFB4F649C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{389EA1B2-0787-457B-8B2F-56091D267DB2}c:\\program files\\installés\\emule\\emule.exe"= UDP:c:\program files\installés\emule\emule.exe:eMule Plus
"UDP Query User{6CAC7629-2FF0-4434-8704-F2347464E244}c:\\program files\\installés\\emule\\emule.exe"= TCP:c:\program files\installés\emule\emule.exe:eMule Plus
"{D80ED80D-0BC1-4371-88B3-5FE515A266D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{54EC7999-5E6E-438F-9D71-D7567844FF8F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{181FF084-E616-406A-928E-3202D586870C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4C688D58-7D34-469E-950A-92935692ECFD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{831FC8D6-EE23-4C54-92D4-89ED978AE437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7C5B245-1325-456B-ADC4-F5648665EF2C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{59827A2A-090B-4F31-9B4B-A837CC61E6EC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Tâches planifiées'
2008-11-15 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2008-11-15 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 06:14:37
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-15 6:15:54
ComboFix-quarantined-files.txt 2008-11-15 05:15:50
ComboFix2.txt 2008-11-14 08:15:40
Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 146,027,995,136 octets libres
360 --- E O F --- 2008-11-14 00:54:25
Message édité par deauclair le 15-11-2008 à 07:50:10
Re,
Je ne peux pas te garantir qu'on y arrive forcément; en général oui, mais il arrive que non ^^
1) Peux-tu faire un scan complet de ta machine avec AntiVir en mode sans échec ?
2) Télécharge Gmer.
- Dézippe-le dans un dossier dédié ou sur ton Bureau.
- Déconnecte toi d'Internet puis ferme tous les programmes.
- Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
- Clique sur l'onglet Rootkit.
- A droite, coche tout.
- Clique maintenant sur Scan.
- Lorsque le scan est terminé, clique sur Copy.
- Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton Bureau et poste le contenu ici.
Re,
Je ferai tout ça ce soir en rentrant car je travaille toute la journée.
En tout cas depuis hier aucun virus n'a été detecté.
A plus tard et merci encore de m'aider !
re,
alors, voila le rapport antivir en mode sans echec :
Avira AntiVir Personal
Report file date: dimanche 16 novembre 2008 20:10
Scanning for 1035343 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Save mode
Username: sabeddy
Computer name: PC-DE-SABEDDY
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:09:32
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 11:09:40
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 11:09:40
ANTIVIR3.VDF : 7.1.0.86 206848 Bytes 14/11/2008 11:05:34
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 11:05:45
AESCN.DLL : 8.1.1.5 123251 Bytes 10/11/2008 11:10:02
AERDL.DLL : 8.1.1.3 438645 Bytes 10/11/2008 11:10:01
AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 11:05:43
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 10/11/2008 11:09:54
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 10/11/2008 11:09:52
AEHELP.DLL : 8.1.1.3 119157 Bytes 10/11/2008 11:09:46
AEGEN.DLL : 8.1.1.0 319859 Bytes 10/11/2008 11:09:45
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 10/11/2008 11:09:43
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/11/2008 11:09:41
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Skipped files....................: C:\Program Files\Sysmnt, C:\Program Files\Sysmnt\ssmgr.exe, C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007 Spy Software v3.18 With Keygen\007ssinstall.exe, C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007ssinstall.exe,
Start of the scan: dimanche 16 novembre 2008 20:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
19 processes with 19 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '43' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
The directory 'C:\Program Files\Sysmnt\' was excluded from scanning!
C:\Qoobox\Quarantine\C\Users\sabeddy\AppData\Roaming\esentutl.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\Windows\dllhst3g.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\Windows\logman.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\Windows\System32\drivers\logman.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\Users\sabeddy\AppData\Local\Microsoft\rsvp.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was deleted!
End of the scan: dimanche 16 novembre 2008 20:54
Used time: 43:45 Minute(s)
The scan has been done completely.
15352 Scanning directories
433542 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
433536 Files not concerned
2533 Archives were scanned
5 Warnings
5 Notes
et voila le rapport de GMER :
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-16 21:32:09
Windows 6.0.6000
---- System - GMER 1.0.14 ----
SSDT 99629AF4 ZwCreateThread
SSDT 99629AE0 ZwOpenProcess
SSDT 99629AE5 ZwOpenThread
SSDT 99629AEF ZwTerminateProcess
SSDT 99629AEA ZwWriteVirtualMemory
---- User code sections - GMER 1.0.14 ----
.text C:\Users\sabeddy\Desktop\Nouveau dossier\gmer.exe[3876] ntdll.dll!NtCreateFile + 3 7722F417 2 Bytes [ E2, FA ]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741AFD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7417BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7416A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7416CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74168AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7417D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74167D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74167CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74166A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741FC1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741880FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741690CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7417223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74172267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [7417771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7417753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741A8585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d648646
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d648646
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.14 ----
Re,
Télécharge http://www2.gmer.net/mbr/mbr.exe et copie le dans C:\Windows\system32 .
Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
(Si tu es sous Vista, clique seulement sur démarrer, tape CMD et valide par entrée)
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
mbr.exe -f |
(N'oubliez pas l'espace entre le e et -f)
Fais un Clique Droit sur la Fenêtre et clique sur "Sélectionner Tout".
Tape entrée, et colle ici stp
re, voila :
Microsoft Windows [version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. Tous droits réservés.
C:\Users\sabeddy>
C:\Users\sabeddy>mbr.exe -f
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
C:\Users\sabeddy>
Re,
Poste un nouveau rapport ComboFix
re voila :
ComboFix 08-11-12.01 - sabeddy 2008-11-19 17:41:30.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.460 [GMT 1:00]
Lancé depuis: c:\users\sabeddy\Desktop\Combo-Fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Sysmnt
c:\program files\Sysmnt\faq.url
c:\program files\Sysmnt\help.chm
c:\program files\Sysmnt\license.txt
c:\program files\Sysmnt\ssdata\Apps.dat
c:\program files\Sysmnt\ssdata\Files.dat
c:\program files\Sysmnt\ssdata\Keystrokes.dat
c:\program files\Sysmnt\ssdata\LogStatistic.ini
c:\program files\Sysmnt\ssdata\Screenshots.dat
c:\program files\Sysmnt\ssdata\SnapShots\2008111848851.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111848881.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111848912.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111848942.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111848972.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849002.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849032.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849062.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849092.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849122.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849152.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849182.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849212.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849243.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849273.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849303.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849333.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849363.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849393.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849423.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849453.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849483.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849513.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849543.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849574.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849604.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849634.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849664.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849694.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849724.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849754.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849784.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849814.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849844.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849875.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849905.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111849935.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856175.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856205.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856235.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856265.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856296.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856326.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856356.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856386.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856416.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856446.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856476.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856506.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856536.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856566.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856597.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856627.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856657.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856687.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856717.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856747.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111856777.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857227.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857257.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857288.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857318.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857348.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857378.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857408.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857438.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857468.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111857498.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858038.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858068.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858099.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858129.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858159.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858189.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858219.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858249.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858279.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858339.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858369.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858399.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858429.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858460.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111858490.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864490.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864520.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864550.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864580.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864610.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864641.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864671.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864881.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864911.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864941.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111864971.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111865001.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111865031.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111865061.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111865091.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111865122.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111865152.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111868932.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111868962.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111868992.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869022.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869052.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869082.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869112.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869292.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869322.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869352.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869382.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869413.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869443.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869713.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869743.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869773.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869803.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869833.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869863.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111869894.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874034.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874064.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874094.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874124.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874155.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874185.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874215.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874245.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874275.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874635.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874665.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874695.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874725.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874756.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111874786.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875116.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875146.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875176.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875206.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875236.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875266.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875297.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875327.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875357.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875387.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875417.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875447.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875477.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875508.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875538.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875568.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875598.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875628.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875658.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875688.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875718.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111875749.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878239.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878269.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878299.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878329.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878359.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878389.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878420.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878450.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878480.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878510.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878540.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878570.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878600.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008111878630.jpg
c:\program files\Sysmnt\ssdata\SnapShots\200811196331.jpg
c:\program files\Sysmnt\ssdata\SnapShots\200811196361.jpg
c:\program files\Sysmnt\ssdata\SnapShots\200811196391.jpg
c:\program files\Sysmnt\ssdata\SnapShots\200811196421.jpg
c:\program files\Sysmnt\ssdata\SnapShots\200811196451.jpg
c:\program files\Sysmnt\ssdata\SnapShots\200811196482.jpg
c:\program files\Sysmnt\ssdata\Urls.dat
c:\program files\Sysmnt\unins000.dat
c:\program files\Sysmnt\unins000.exe
c:\program files\Sysmnt\website.url
c:\windows\system32\ijl11pro.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-19 au 2008-11-19 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 10:58 66,048 ----a-w c:\windows\System32\mbr.exe
2008-11-10 11:04 --------- d-----w c:\programdata\Avira
2008-11-10 11:04 --------- d-----w c:\program files\Avira
2008-11-10 10:56 --------- d-----w c:\program files\CCleaner
2008-11-10 10:06 --------- d-----w c:\users\sabeddy\AppData\Roaming\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\programdata\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-05 09:10 --------- d-----w c:\program files\Trend Micro
2008-11-05 09:10 --------- d-----w c:\program files\Navilog1
2008-10-16 19:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-16 19:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 01:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 14:23 --------- d-----w c:\programdata\eMule
2008-10-15 14:22 --------- d-----w c:\program files\eMule
2008-10-08 15:07 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 18:11 --------- d-----w c:\program files\Samsung
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 12:53 --------- d-----w c:\program files\Apple Software Update
2008-09-29 12:52 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 12:52 --------- d-----w c:\program files\iTunes
2008-09-29 12:52 --------- d-----w c:\program files\iPod
2008-09-29 12:50 --------- d-----w c:\program files\QuickTime
2008-09-29 12:50 --------- d-----w c:\program files\Common Files\Apple
2008-09-29 12:50 --------- d-----w c:\program files\Bonjour
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-10 13:02 208,896 ----a-w c:\windows\System32\lame_enc.dll
2008-09-10 03:25 1,341,440 ----a-w c:\windows\System32\msxml6.dll
2008-09-10 03:21 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-09-05 04:48 1,194,496 ----a-w c:\windows\System32\msxml3.dll
2008-09-05 04:45 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-27 17:49 268,800 ----a-w c:\windows\System32\es.dll
2008-08-26 15:41 174 --sha-w c:\program files\desktop.ini
2008-08-26 15:21 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-08-26 15:21 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-08-26 15:21 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-08-26 15:20 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-08-26 15:20 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-08-26 15:20 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-08-26 15:20 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-08-26 15:20 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-08-26 15:20 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-08-26 15:20 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-08-26 15:20 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-08-26 15:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-08-26 15:19 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-08-26 15:18 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-08-26 15:18 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-08-26 15:13 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-26 15:12 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-08-26 15:11 414,208 ----a-w c:\windows\System32\msscp.dll
2008-08-26 15:10 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-08-26 15:10 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-08-26 15:10 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-08-26 15:10 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-08-26 15:09 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-08-26 15:09 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-08-26 15:09 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-08-26 15:09 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-08-26 15:09 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-08-26 15:09 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-08-26 15:06 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-08-26 15:03 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-08-26 14:59 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-26 14:58 1,585,664 ----a-w c:\windows\System32\setupapi.dll
2008-08-26 14:54 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-08-26 14:54 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-08-26 14:54 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-08-26 14:54 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-08-26 14:54 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-08-26 14:54 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-08-26 14:54 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-08-26 14:54 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\SLC.dll
2008-08-26 14:54 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-08-26 14:54 2,048 ----a-w c:\windows\System32\asferror.dll
2008-08-26 14:54 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-08-26 14:51 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-26 14:51 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-08-26 14:50 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-08-26 14:50 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-08-26 14:49 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-26 14:49 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-08-26 14:49 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-08-26 14:49 5,120 ----a-w c:\windows\System32\wmi.dll
2008-08-26 14:49 152,576 ----a-w c:\windows\System32\imagehlp.dll
2008-08-26 14:47 1,327,104 ----a-w c:\windows\System32\quartz.dll
2008-08-26 14:46 974,336 ----a-w c:\windows\System32\crypt32.dll
2008-08-26 14:45 633,856 ----a-w c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-14_ 9.14.53,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-16 20:00:44 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2008-11-13 02:10:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-18 10:05:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-13 02:10:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-18 10:05:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-13 02:11:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-18 10:07:11 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-18 10:07:11 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-13 02:11:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-18 10:07:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-18 10:07:16 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-14 08:06:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-19 16:40:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-14 08:06:45 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-19 16:40:06 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-14 08:06:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-19 16:40:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-16 20:00:44 85,969 ----a-w c:\windows\System32\drivers\gmer.sys
- 2008-11-13 02:15:12 107,416 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-19 16:04:38 107,416 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-13 02:15:12 121,814 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-19 16:04:38 121,814 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-13 02:15:12 618,272 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-19 16:04:38 618,272 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-13 02:15:12 699,984 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-19 16:04:38 699,984 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-13 02:11:31 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-15 10:02:03 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-11-10 10:53:16 6,308 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1461661561-1172589667-1858508981-1002_UserData.bin
+ 2008-11-18 10:07:36 6,772 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1461661561-1172589667-1858508981-1002_UserData.bin
- 2008-11-10 10:53:16 52,140 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-18 10:07:35 55,474 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-13 02:12:48 31,946 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-18 10:07:33 32,724 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-08-30 19:34:40 125,480 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-15 10:58:55 151,116 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-26 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinService32"="ssmon" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-01 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-01 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-01 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-01-01 713728]
WinZip Quick Pick.lnk - c:\program files\install‚s\WinZip\WZQKPICK.EXE [2008-08-26 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DB5BD7B7-6F8C-496D-9C66-4B51F18880C1}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C67D978B-8B70-477E-83EB-13F68EFBBCD7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0FC07BB1-91AA-4551-BA78-774FF8BD5633}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CD286BC7-BCDD-4E8F-83D2-18048CD0C977}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2D781B63-7414-4C17-8974-064313E242F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AA0B950A-88AA-4D9F-BCE8-3A9DC9AF38A0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3C9298C2-F4E0-45DC-8136-F9EFB4F649C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{389EA1B2-0787-457B-8B2F-56091D267DB2}c:\\program files\\installés\\emule\\emule.exe"= UDP:c:\program files\installés\emule\emule.exe:eMule Plus
"UDP Query User{6CAC7629-2FF0-4434-8704-F2347464E244}c:\\program files\\installés\\emule\\emule.exe"= TCP:c:\program files\installés\emule\emule.exe:eMule Plus
"{D80ED80D-0BC1-4371-88B3-5FE515A266D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{54EC7999-5E6E-438F-9D71-D7567844FF8F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{181FF084-E616-406A-928E-3202D586870C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4C688D58-7D34-469E-950A-92935692ECFD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{831FC8D6-EE23-4C54-92D4-89ED978AE437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7C5B245-1325-456B-ADC4-F5648665EF2C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{59827A2A-090B-4F31-9B4B-A837CC61E6EC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - MBR
.
Contenu du dossier 'Tâches planifiées'
2008-11-19 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2008-11-19 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/webhp?hl=fr
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 17:43:50
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-19 17:45:02
ComboFix-quarantined-files.txt 2008-11-19 16:44:59
ComboFix2.txt 2008-11-15 05:15:54
ComboFix3.txt 2008-11-14 08:15:40
Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 148,318,076,928 octets libres
447 --- E O F --- 2008-11-14 00:54:25
Re,
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Décoche Masquer les extensions des fichiers dont le type est connu
clique sur Appliquer, puis OK.
Sélectionne l’intégralité du cadre ci-dessous :
@echo off & cls
|
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
Message édité par FanDANGELDARK le 20-11-2008 à 19:22:26
re,
voila ce qu'il affiche :
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 40B4-0E1D
Répertoire de C:\Windows
18/11/2008 13:33 31 ssmon.pas
1 fichier(s) 31 octets
0 Rép(s) 143 963 885 568 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 40B4-0E1D
Répertoire de C:\Windows\System32
Re,
Sélectionne l'intégralité du cadre ci-dessous :
File::
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Message édité par FanDANGELDARK le 21-11-2008 à 22:21:59
re,
voila le rapport combofix:
ComboFix 08-11-21.04 - sabeddy 2008-11-22 5:57:00.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.424 [GMT 1:00]
Lancé depuis: c:\users\sabeddy\Desktop\Combo-Fix.exe
Commutateurs utilisés :: c:\users\sabeddy\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\users\sabeddy\Desktop\007 Spy Software.lnk
c:\windows\sslogo.bmp
c:\windows\ssmon.pas
c:\windows\system32\ssfaq.url
c:\windows\system32\sshelp.chm
c:\windows\system32\ssmon.lnk
c:\windows\system32\ssWebSite.url
c:\windows\system32\sysmnt.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Sysmnt
c:\program files\Sysmnt\faq.url
c:\program files\Sysmnt\help.chm
c:\program files\Sysmnt\license.txt
c:\program files\Sysmnt\ssdata\Apps.dat
c:\program files\Sysmnt\ssdata\Files.dat
c:\program files\Sysmnt\ssdata\Keystrokes.dat
c:\program files\Sysmnt\ssdata\LogStatistic.ini
c:\program files\Sysmnt\ssdata\Screenshots.dat
c:\program files\Sysmnt\ssdata\SnapShots\2008112221117.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221147.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221177.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221207.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221237.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221267.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221297.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221327.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221358.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221388.jpg
c:\program files\Sysmnt\ssdata\SnapShots\2008112221418.jpg
c:\program files\Sysmnt\ssdata\Urls.dat
c:\program files\Sysmnt\ssmgr.exe
c:\program files\Sysmnt\unins000.dat
c:\program files\Sysmnt\unins000.exe
c:\program files\Sysmnt\website.url
c:\windows\ssmon.pas
c:\windows\system32\ijl11pro.dll
c:\windows\system32\sysmnt.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 10:58 66,048 ----a-w c:\windows\System32\mbr.exe
2008-11-10 11:04 --------- d-----w c:\programdata\Avira
2008-11-10 11:04 --------- d-----w c:\program files\Avira
2008-11-10 10:56 --------- d-----w c:\program files\CCleaner
2008-11-10 10:06 --------- d-----w c:\users\sabeddy\AppData\Roaming\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\programdata\Malwarebytes
2008-11-10 10:06 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-05 09:10 --------- d-----w c:\program files\Trend Micro
2008-11-05 09:10 --------- d-----w c:\program files\Navilog1
2008-10-16 19:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-16 19:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 01:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 14:23 --------- d-----w c:\programdata\eMule
2008-10-15 14:22 --------- d-----w c:\program files\eMule
2008-10-08 15:07 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 18:11 --------- d-----w c:\program files\Samsung
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 12:53 --------- d-----w c:\program files\Apple Software Update
2008-09-29 12:52 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 12:52 --------- d-----w c:\program files\iTunes
2008-09-29 12:52 --------- d-----w c:\program files\iPod
2008-09-29 12:50 --------- d-----w c:\program files\QuickTime
2008-09-29 12:50 --------- d-----w c:\program files\Common Files\Apple
2008-09-29 12:50 --------- d-----w c:\program files\Bonjour
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-10 13:02 208,896 ----a-w c:\windows\System32\lame_enc.dll
2008-09-10 03:25 1,341,440 ----a-w c:\windows\System32\msxml6.dll
2008-09-10 03:21 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-09-05 04:48 1,194,496 ----a-w c:\windows\System32\msxml3.dll
2008-09-05 04:45 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-27 17:49 268,800 ----a-w c:\windows\System32\es.dll
2008-08-26 15:41 174 --sha-w c:\program files\desktop.ini
2008-08-26 15:21 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-08-26 15:21 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-08-26 15:21 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-08-26 15:20 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-08-26 15:20 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-08-26 15:20 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-08-26 15:20 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-08-26 15:20 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-08-26 15:20 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-08-26 15:20 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-08-26 15:20 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-08-26 15:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-08-26 15:19 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-08-26 15:18 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-08-26 15:18 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-08-26 15:13 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-26 15:12 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-08-26 15:11 414,208 ----a-w c:\windows\System32\msscp.dll
2008-08-26 15:10 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-08-26 15:10 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-08-26 15:10 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-08-26 15:10 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-08-26 15:09 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-08-26 15:09 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-08-26 15:09 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-08-26 15:09 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-08-26 15:09 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-08-26 15:09 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-08-26 15:06 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-08-26 15:03 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-08-26 14:59 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-26 14:58 1,585,664 ----a-w c:\windows\System32\setupapi.dll
2008-08-26 14:54 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-08-26 14:54 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-08-26 14:54 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-08-26 14:54 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-08-26 14:54 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-08-26 14:54 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-08-26 14:54 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-08-26 14:54 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\SLC.dll
2008-08-26 14:54 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-08-26 14:54 2,048 ----a-w c:\windows\System32\asferror.dll
2008-08-26 14:54 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-08-26 14:51 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-26 14:51 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-08-26 14:50 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-08-26 14:50 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-08-26 14:49 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-26 14:49 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-08-26 14:49 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-08-26 14:49 5,120 ----a-w c:\windows\System32\wmi.dll
2008-08-26 14:49 152,576 ----a-w c:\windows\System32\imagehlp.dll
2008-08-26 14:47 1,327,104 ----a-w c:\windows\System32\quartz.dll
2008-08-26 14:46 974,336 ----a-w c:\windows\System32\crypt32.dll
2008-08-26 14:45 633,856 ----a-w c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( snapshot_2008-11-19_17.44.17,64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-18 10:05:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-21 16:41:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-18 10:05:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-21 16:41:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-18 10:07:11 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-21 16:43:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-21 16:43:12 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-18 10:07:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-21 16:43:07 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-21 16:43:07 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-19 16:40:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-22 04:51:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-19 16:40:06 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-22 04:51:59 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-19 16:40:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-22 04:51:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-14 08:11:35 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-22 04:56:36 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-19 16:04:38 107,416 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-21 16:46:15 107,416 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-19 16:04:38 121,814 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-21 16:46:15 121,814 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-19 16:04:38 618,272 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-21 16:46:15 618,272 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-19 16:04:38 699,984 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-21 16:46:15 699,984 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-18 10:07:36 6,772 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1461661561-1172589667-1858508981-1002_UserData.bin
+ 2008-11-21 16:43:32 6,780 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1461661561-1172589667-1858508981-1002_UserData.bin
- 2008-11-18 10:07:35 55,474 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-21 16:43:32 55,624 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-18 10:07:33 32,724 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-21 16:43:29 32,804 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-26 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinService32"="ssmon" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-01 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-01 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-01 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-01-01 713728]
WinZip Quick Pick.lnk - c:\program files\install‚s\WinZip\WZQKPICK.EXE [2008-08-26 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DB5BD7B7-6F8C-496D-9C66-4B51F18880C1}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C67D978B-8B70-477E-83EB-13F68EFBBCD7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0FC07BB1-91AA-4551-BA78-774FF8BD5633}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CD286BC7-BCDD-4E8F-83D2-18048CD0C977}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2D781B63-7414-4C17-8974-064313E242F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AA0B950A-88AA-4D9F-BCE8-3A9DC9AF38A0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3C9298C2-F4E0-45DC-8136-F9EFB4F649C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{389EA1B2-0787-457B-8B2F-56091D267DB2}c:\\program files\\installés\\emule\\emule.exe"= UDP:c:\program files\installés\emule\emule.exe:eMule Plus
"UDP Query User{6CAC7629-2FF0-4434-8704-F2347464E244}c:\\program files\\installés\\emule\\emule.exe"= TCP:c:\program files\installés\emule\emule.exe:eMule Plus
"{D80ED80D-0BC1-4371-88B3-5FE515A266D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{54EC7999-5E6E-438F-9D71-D7567844FF8F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{181FF084-E616-406A-928E-3202D586870C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4C688D58-7D34-469E-950A-92935692ECFD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{831FC8D6-EE23-4C54-92D4-89ED978AE437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7C5B245-1325-456B-ADC4-F5648665EF2C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{59827A2A-090B-4F31-9B4B-A837CC61E6EC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'
2008-11-22 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2008-11-22 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 05:59:18
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-22 6:00:27
ComboFix-quarantined-files.txt 2008-11-22 05:00:23
ComboFix2.txt 2008-11-19 16:45:03
ComboFix3.txt 2008-11-15 05:15:54
ComboFix4.txt 2008-11-14 08:15:40
Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 144,517,144,576 octets libres
282 --- E O F --- 2008-11-19 21:59:49
Re,
Est-ce que c'est mieux cette fois ?
Poste un nouveau rapport RSIT 
Re,
Je n'ai plus aucune alerte, je suis ravie !!
c'est quoi RSIT ? je le trouve ou ?
Re,
On l'a utilisé au début Regarde.
re,
voila le rapport log.txt :
Logfile of random's system information tool 1.04 (written by random/random)
Run by sabeddy at 2008-11-22 21:03:04
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 136 GB (59%) free of 230 GB
Total RAM: 1022 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:13, on 22/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\installés\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\sabeddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GTAV6U6\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\sabeddy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinService32] ssmon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\INSTAL~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\installés\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 5304 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\Recovery DVD Creator.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-01 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-01 7753728]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-01 81920]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"WinService32"=ssmon []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-08-26 1232896]
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe
WinZip Quick Pick.lnk - C:\Program Files\installés\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-11-22 06:00:28 ----A---- C:\ComboFix.txt
2008-11-22 05:59:16 ----A---- C:\Windows\PSEXESVC.EXE
2008-11-22 05:55:45 ----A---- C:\Windows\zip.exe
2008-11-22 05:55:45 ----A---- C:\Windows\VFIND.exe
2008-11-22 05:55:45 ----A---- C:\Windows\SWXCACLS.exe
2008-11-22 05:55:45 ----A---- C:\Windows\SWSC.exe
2008-11-22 05:55:45 ----A---- C:\Windows\SWREG.exe
2008-11-22 05:55:45 ----A---- C:\Windows\sed.exe
2008-11-22 05:55:45 ----A---- C:\Windows\NIRCMD.exe
2008-11-22 05:55:45 ----A---- C:\Windows\grep.exe
2008-11-22 05:55:45 ----A---- C:\Windows\fdsv.exe
2008-11-22 05:55:41 ----D---- C:\Combo-Fix
2008-11-18 11:58:41 ----A---- C:\Windows\system32\mbr.exe
2008-11-16 21:00:45 ----A---- C:\Windows\gmer.ini
2008-11-16 21:00:44 ----A---- C:\Windows\gmer_uninstall.cmd
2008-11-16 21:00:44 ----A---- C:\Windows\gmer.exe
2008-11-16 21:00:44 ----A---- C:\Windows\gmer.dll
2008-11-16 20:09:16 ----A---- C:\Windows\ntbtlog.txt
2008-11-14 09:09:18 ----D---- C:\Windows\ERDNT
2008-11-14 09:09:18 ----D---- C:\Qoobox
2008-11-12 05:33:13 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 05:33:12 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-12 05:33:03 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 05:33:02 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-10 12:04:09 ----D---- C:\ProgramData\Avira
2008-11-10 12:04:09 ----D---- C:\Program Files\Avira
2008-11-10 11:56:32 ----D---- C:\Program Files\CCleaner
2008-11-10 11:06:06 ----D---- C:\Users\sabeddy\AppData\Roaming\Malwarebytes
2008-11-10 11:06:00 ----D---- C:\ProgramData\Malwarebytes
2008-11-10 11:06:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-08 06:21:09 ----D---- C:\_OTMoveIt
2008-11-06 10:03:46 ----D---- C:\rsit
2008-11-05 10:10:22 ----D---- C:\Program Files\Trend Micro
2008-11-04 18:59:57 ----A---- C:\fixnavi.txt
2008-11-04 18:59:13 ----D---- C:\Program Files\Navilog1
2008-10-31 08:16:02 ----D---- C:\Windows\report
2008-10-31 08:08:11 ----A---- C:\xscan.txt
2008-10-28 23:34:38 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 23:34:38 ----A---- C:\Windows\system32\printcom.dll
2008-10-28 07:42:11 ----A---- C:\Windows\system32\EncDec.dll
2008-10-28 07:42:10 ----A---- C:\Windows\system32\mcmde.dll
2008-10-28 07:42:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-23 19:09:44 ----A---- C:\Windows\system32\netapi32.dll
======List of files/folders modified in the last 1 months======
2008-11-22 21:03:13 ----D---- C:\Windows\Prefetch
2008-11-22 12:06:21 ----D---- C:\Windows\Temp
2008-11-22 06:00:30 ----AD---- C:\Windows\System32
2008-11-22 05:59:19 ----D---- C:\Windows
2008-11-22 05:59:19 ----A---- C:\Windows\system.ini
2008-11-22 05:58:34 ----D---- C:\Windows\system32\drivers
2008-11-22 05:58:34 ----D---- C:\Windows\AppPatch
2008-11-22 05:58:34 ----D---- C:\Program Files\Common Files
2008-11-22 05:57:21 ----RD---- C:\Program Files
2008-11-22 05:56:10 ----SHD---- C:\System Volume Information
2008-11-22 05:55:40 ----D---- C:\Windows\system32\en-US
2008-11-21 17:46:14 ----D---- C:\Windows\inf
2008-11-21 17:46:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-18 01:52:03 ----D---- C:\Windows\system32\catroot2
2008-11-15 23:41:54 ----D---- C:\Windows\system32\NDF
2008-11-14 09:29:42 ----SD---- C:\Users\sabeddy\AppData\Roaming\Microsoft
2008-11-13 03:11:11 ----D---- C:\Windows\winsxs
2008-11-13 03:11:07 ----D---- C:\Windows\system32\catroot
2008-11-13 03:02:23 ----D---- C:\Windows\Debug
2008-11-13 03:02:12 ----SHD---- C:\Windows\Installer
2008-11-10 12:04:09 ----HD---- C:\ProgramData
2008-11-10 11:56:59 ----D---- C:\Windows\Minidump
2008-11-08 06:25:06 ----D---- C:\Windows\system
2008-11-04 10:22:47 ----D---- C:\Windows\system32\wbem
2008-11-04 10:21:56 ----D---- C:\Windows\system32\config
2008-11-04 10:21:40 ----D---- C:\Windows\Tasks
2008-11-04 10:21:40 ----D---- C:\Windows\system32\spool
2008-11-04 10:21:34 ----D---- C:\Windows\registration
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-10-31 08:08:10 ----SD---- C:\Windows\Downloaded Program Files
2008-10-29 03:15:09 ----D---- C:\Windows\Microsoft.NET
2008-10-29 03:15:08 ----RSD---- C:\Windows\assembly
2008-10-29 03:07:35 ----D---- C:\Windows\ehome
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\Windows\system32\drivers\btserial.sys [2004-10-01 23271]
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\Windows\system32\drivers\btslbcsp.sys [2004-10-01 222876]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-01 4452288]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-08-26 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-08-26 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-08-26 29184]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2004-10-01 54488]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-16 85969]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mbr;mbr; \??\C:\Users\sabeddy\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\installés\aawservice.exe [2008-08-26 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2004-10-01 163840]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
par contre il n'y a aucun rapport info.txt, meme dans le dossier c
rsit.
Re,
Ok.
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Décoche Masquer les extensions des fichiers dont le type est connu
clique sur Appliquer, puis OK.
Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :
REGEDIT4
|
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.reg
Double-clique dessus, accepte l’inscription des données.
re,
j'ai fais ce que tu as dis mais est ce que quelque chose doit se passer ensuite ?
Re,
Poste un nouveau rapport HijackThis
re,
voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:50, on 25/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\installés\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sysmnt\ssmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinService32] ssmon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\INSTAL~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\INSTAL~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\installés\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 5364 bytes
Re,
L'infection est revenue ? 
Poste un nouveau rapport ComboFix pour voir ..
re,
pas d'infection à l'hotizon depuis quelques jours; je suis trés contente !
voila le rapport :
ComboFix 08-11-26.03 - sabeddy 2008-11-26 14:45:21.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.460 [GMT 1:00]
Lancé depuis: c:\users\sabeddy\Desktop\Combo-Fix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Sysmnt
c:\program files\Sysmnt\faq.url
c:\program files\Sysmnt\help.chm
c:\program files\Sysmnt\license.txt
c:\program files\Sysmnt\ssdata\Apps.dat
c:\program files\Sysmnt\ssdata\Files.dat
c:\program files\Sysmnt\ssdata\Keystrokes.dat
c:\program files\Sysmnt\ssdata\LogStatistic.ini
c:\program files\Sysmnt\ssdata\Screenshots.dat
c:\program files\Sysmnt\ssdata\Urls.dat
c:\program files\Sysmnt\unins000.dat
c:\program files\Sysmnt\unins000.exe
c:\program files\Sysmnt\website.url
c:\windows\system32\ijl11pro.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.
2008-11-24 07:52 . 2008-11-24 07:52 244 --ah----- C:\sqmnoopt05.sqm
2008-11-24 07:52 . 2008-11-24 07:52 232 --ah----- C:\sqmdata05.sqm
2008-11-23 06:04 . 2008-11-25 06:49 78 --a------ c:\windows\System32\Sysmnt.dat
2008-11-18 11:58 . 2008-11-18 11:58 66,048 --a------ c:\windows\System32\mbr.exe
2008-11-16 21:00 . 2008-11-16 21:00 250 --a------ c:\windows\gmer.ini
2008-11-12 05:33 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:33 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:33 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 05:33 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 05:33 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 12:04 . 2008-11-10 12:04 <REP> d-------- c:\programdata\Avira
2008-11-10 12:04 . 2008-11-10 12:04 <REP> d-------- c:\program files\Avira
2008-11-10 11:56 . 2008-11-10 11:56 <REP> d-------- c:\program files\CCleaner
2008-11-10 11:06 . 2008-11-10 11:06 <REP> d-------- c:\users\sabeddy\AppData\Roaming\Malwarebytes
2008-11-10 11:06 . 2008-11-10 11:06 <REP> d-------- c:\programdata\Malwarebytes
2008-11-10 11:06 . 2008-11-10 11:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 11:06 . 2008-10-16 20:25 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 11:06 . 2008-10-16 20:25 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-08 06:21 . 2008-11-08 06:21 <REP> d-------- C:\_OTMoveIt
2008-11-06 10:12 . 2008-11-06 10:12 244 --ah----- C:\sqmnoopt04.sqm
2008-11-06 10:12 . 2008-11-06 10:12 232 --ah----- C:\sqmdata04.sqm
2008-11-06 10:03 . 2008-11-06 10:03 <REP> d-------- C:\rsit
2008-11-05 10:10 . 2008-11-05 10:10 <REP> d-------- c:\program files\Trend Micro
2008-11-04 18:59 . 2008-11-05 10:10 <REP> d-------- c:\program files\Navilog1
2008-10-31 08:16 . 2008-10-31 08:16 <REP> d-------- c:\windows\report
2008-10-28 23:34 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:34 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll
2008-10-28 07:42 . 2008-08-06 04:27 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-10-28 07:42 . 2008-08-06 04:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-10-28 07:42 . 2008-08-06 04:27 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-10-28 07:42 . 2008-08-06 04:26 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-28 07:42 . 2008-08-06 04:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-10-28 07:42 . 2008-08-06 04:26 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-28 07:42 . 2008-08-06 04:26 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-10-28 07:42 . 2008-08-06 04:26 57,856 --a------ c:\windows\System32\MSDvbNP.ax
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 01:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 14:23 --------- d-----w c:\programdata\eMule
2008-10-15 14:22 --------- d-----w c:\program files\eMule
2008-10-08 15:07 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 18:11 --------- d-----w c:\program files\Samsung
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 12:53 --------- d-----w c:\program files\Apple Software Update
2008-09-29 12:52 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 12:52 --------- d-----w c:\program files\iTunes
2008-09-29 12:52 --------- d-----w c:\program files\iPod
2008-09-29 12:50 --------- d-----w c:\program files\QuickTime
2008-09-29 12:50 --------- d-----w c:\program files\Common Files\Apple
2008-09-29 12:50 --------- d-----w c:\program files\Bonjour
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-10 13:02 208,896 ----a-w c:\windows\System32\lame_enc.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-27 17:49 268,800 ----a-w c:\windows\System32\es.dll
2008-08-26 15:41 174 --sha-w c:\program files\desktop.ini
2008-08-26 15:21 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-08-26 15:21 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-08-26 15:21 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-08-26 15:20 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-08-26 15:20 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-08-26 15:20 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-08-26 15:20 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-08-26 15:20 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-08-26 15:20 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-08-26 15:20 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-08-26 15:20 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-08-26 15:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-08-26 15:19 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-08-26 15:18 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-08-26 15:18 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-08-26 15:13 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-26 15:12 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-08-26 15:11 414,208 ----a-w c:\windows\System32\msscp.dll
2008-08-26 15:10 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-08-26 15:10 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-08-26 15:10 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-08-26 15:10 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-08-26 15:09 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-08-26 15:09 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-08-26 15:09 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-08-26 15:09 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-08-26 15:09 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-08-26 15:09 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-08-26 15:06 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-08-26 15:05 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-08-26 15:03 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-08-26 14:59 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-26 14:58 1,585,664 ----a-w c:\windows\System32\setupapi.dll
2008-08-26 14:54 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-08-26 14:54 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-08-26 14:54 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-08-26 14:54 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-08-26 14:54 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-08-26 14:54 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-08-26 14:54 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-08-26 14:54 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-08-26 14:54 223,232 ----a-w c:\windows\System32\SLC.dll
2008-08-26 14:54 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-08-26 14:54 2,048 ----a-w c:\windows\System32\asferror.dll
2008-08-26 14:54 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-08-26 14:51 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-26 14:51 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-08-26 14:50 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-08-26 14:50 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-08-26 14:49 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-26 14:49 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-08-26 14:49 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-08-26 14:49 5,120 ----a-w c:\windows\System32\wmi.dll
2008-08-26 14:49 152,576 ----a-w c:\windows\System32\imagehlp.dll
2008-08-26 14:47 1,327,104 ----a-w c:\windows\System32\quartz.dll
2008-08-26 14:46 974,336 ----a-w c:\windows\System32\crypt32.dll
2008-08-26 14:45 633,856 ----a-w c:\windows\System32\user32.dll
2008-08-26 14:44 750,080 ----a-w c:\windows\System32\qmgr.dll
2008-08-26 09:32 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( snapshot_2008-11-22_ 5.59.40,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 13:44:58 6,225,920 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
- 2008-11-21 16:41:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-25 19:27:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-21 16:41:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-25 19:27:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-21 16:43:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 19:29:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 19:29:48 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-21 16:43:07 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 19:29:43 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 19:29:43 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-22 04:51:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-26 13:39:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-22 04:51:59 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-26 13:39:48 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-22 04:51:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-26 13:39:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-22 04:56:36 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-26 13:45:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-26 13:45:07 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-11-11 11:06:04 75,072 ----a-w c:\windows\System32\drivers\avipbb.sys
+ 2008-11-25 11:07:34 75,072 ----a-w c:\windows\System32\drivers\avipbb.sys
- 2008-11-21 16:46:15 107,416 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-25 19:32:41 107,416 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-21 16:46:15 121,814 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-25 19:32:41 121,814 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-21 16:46:15 618,272 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-25 19:32:41 618,272 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-21 16:46:15 699,984 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-25 19:32:41 699,984 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-15 10:02:03 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-26 08:09:19 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-11-21 16:43:32 6,780 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1461661561-1172589667-1858508981-1002_UserData.bin
+ 2008-11-25 19:30:07 6,804 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1461661561-1172589667-1858508981-1002_UserData.bin
- 2008-11-21 16:43:32 55,624 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 19:30:06 55,840 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-21 16:43:29 32,804 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 19:30:05 32,900 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-13 02:01:18 118,931,996 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-26 08:09:31 121,591,527 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-26 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-01 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-01 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-01 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 565309]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-01-01 713728]
WinZip Quick Pick.lnk - c:\program files\install‚s\WinZip\WZQKPICK.EXE [2008-08-26 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DB5BD7B7-6F8C-496D-9C66-4B51F18880C1}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C67D978B-8B70-477E-83EB-13F68EFBBCD7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0FC07BB1-91AA-4551-BA78-774FF8BD5633}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CD286BC7-BCDD-4E8F-83D2-18048CD0C977}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2D781B63-7414-4C17-8974-064313E242F0}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AA0B950A-88AA-4D9F-BCE8-3A9DC9AF38A0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3C9298C2-F4E0-45DC-8136-F9EFB4F649C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{389EA1B2-0787-457B-8B2F-56091D267DB2}c:\\program files\\installés\\emule\\emule.exe"= UDP:c:\program files\installés\emule\emule.exe:eMule Plus
"UDP Query User{6CAC7629-2FF0-4434-8704-F2347464E244}c:\\program files\\installés\\emule\\emule.exe"= TCP:c:\program files\installés\emule\emule.exe:eMule Plus
"{D80ED80D-0BC1-4371-88B3-5FE515A266D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{54EC7999-5E6E-438F-9D71-D7567844FF8F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{181FF084-E616-406A-928E-3202D586870C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4C688D58-7D34-469E-950A-92935692ECFD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{831FC8D6-EE23-4C54-92D4-89ED978AE437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7C5B245-1325-456B-ADC4-F5648665EF2C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{59827A2A-090B-4F31-9B4B-A837CC61E6EC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'
2008-11-26 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2008-11-26 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 14:48:03
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\sabeddy\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-11-26 14:49:12
ComboFix-quarantined-files.txt 2008-11-26 13:49:10
ComboFix2.txt 2008-11-22 05:00:28
ComboFix3.txt 2008-11-19 16:45:03
ComboFix4.txt 2008-11-15 05:15:54
ComboFix5.txt 2008-11-26 13:43:59
Avant-CF: 148 682 350 592 octets libres
Après-CF: 148,704,129,024 octets libres
757 --- E O F --- 2008-11-24 17:06:42
Re,
Télécharge Gmer.
- Dézippe-le dans un dossier dédié ou sur ton Bureau.
- Déconnecte toi d'Internet puis ferme tous les programmes.
- Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
- Clique sur l'onglet Rootkit.
- A droite, coche tout.
- Clique maintenant sur Scan.
- Lorsque le scan est terminé, clique sur Copy.
- Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton Bureau et poste le contenu ici.
-------
Télécharge Lop S&D.exe (d’ Eric 71) sur ton Bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
- Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Message édité par FanDANGELDARK le 27-11-2008 à 19:42:52
re, voila le rapport gmer :
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-29 06:20:27
Windows 6.0.6000
---- System - GMER 1.0.14 ----
SSDT 9268B7C4 ZwCreateThread
SSDT 9268B7B0 ZwOpenProcess
SSDT 9268B7B5 ZwOpenThread
SSDT 9268B7BF ZwTerminateProcess
SSDT 9268B7BA ZwWriteVirtualMemory
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!PathIsExe + 820 764C3AB8 4 Bytes [ 41, 28, ED, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!PathIsExe + 828 764C3AC0 4 Bytes [ 4F, 27, ED, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!PathIsExe + 83C 764C3AD4 4 Bytes [ DE, 10, EC, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!PathIsExe + 844 764C3ADC 4 Bytes [ 4C, 11, EC, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!PathIsExe + 84C 764C3AE4 4 Bytes [ 70, 10, EC, 6C ]
.text ...
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!SHGetSpecialFolderPathW + 1A2C 764CB814 4 Bytes [ 41, 28, ED, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!SHGetSpecialFolderPathW + 1A34 764CB81C 4 Bytes [ 4F, 27, ED, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!SHGetSpecialFolderPathW + 1A44 764CB82C 4 Bytes [ A4, 5A, E9, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!SHCreateDirectoryExW + 4EF 764D9BF8 4 Bytes [ 41, 28, ED, 6C ]
.text C:\Program Files\Sysmnt\ssmgr.exe[1672] SHELL32.dll!SHCreateDirectoryExW + 4F7 764D9C00 8 Bytes [ 4F, 27, ED, 6C, E0, 28, ED, ... ]
.text C:\Users\sabeddy\Desktop\Nouveau dossier\gmer.exe[3224] ntdll.dll!NtCreateFile + 3 777CF417 2 Bytes [ 88, FA ]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747AFD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7477BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7476A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7476CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74768AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7477D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74767D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74767CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74766A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747FC1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747880FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747690CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7477223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74772267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [7477771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7477753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747A8585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d648646
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d648646
---- EOF - GMER 1.0.14 ----
et voila le rapport lop :
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : sabeddy ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:135 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 29/11/2008| 6:22 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[26/08/2008|01:10] C:\Users\sabeddy\AppData\Local\AOL
[27/08/2008|00:01] C:\Users\sabeddy\AppData\Local\Apple
[09/09/2008|17:04] C:\Users\sabeddy\AppData\Local\Apple Computer
[26/08/2008|01:09] C:\Users\sabeddy\AppData\Local\Application Data
[26/08/2008|15:50] C:\Users\sabeddy\AppData\Local\ApplicationHistory
[01/09/2008|08:48] C:\Users\sabeddy\AppData\Local\ashampoo
[27/11/2008|17:45] C:\Users\sabeddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/10/2008|15:22] C:\Users\sabeddy\AppData\Local\eMule
[26/08/2008|15:49] C:\Users\sabeddy\AppData\Local\fusioncache.dat
[27/08/2008|18:53] C:\Users\sabeddy\AppData\Local\GDIPFONTCACHEV1.DAT
[26/08/2008|01:09] C:\Users\sabeddy\AppData\Local\Historique
[27/11/2008|03:06] C:\Users\sabeddy\AppData\Local\IconCache.db
[16/11/2008|20:36] C:\Users\sabeddy\AppData\Local\Microsoft
[29/11/2008|06:20] C:\Users\sabeddy\AppData\Local\Temp
[26/08/2008|01:09] C:\Users\sabeddy\AppData\Local\Temporary Internet Files
[26/08/2008|01:10] C:\Users\sabeddy\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[29/11/2008 06:00][--a------] C:\Windows\tasks\Extension de garantie.job
[29/11/2008 06:00][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[27/11/2008 03:08][--ah-----] C:\Windows\tasks\SA.DAT
[27/11/2008 03:06][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[29/09/2008|13:52] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/09/2008|07:25] C:\ProgramData\AOL
[27/08/2008|00:00] C:\ProgramData\Apple
[27/08/2008|00:03] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[01/09/2008|08:48] C:\ProgramData\ashampoo
[10/11/2008|12:04] C:\ProgramData\Avira
[26/08/2008|01:05] C:\ProgramData\Bureau
[01/01/2006|21:54] C:\ProgramData\Ciel
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[15/10/2008|15:23] C:\ProgramData\eMule
[26/08/2008|01:05] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[01/01/2006|21:49] C:\ProgramData\InstallShield
[26/08/2008|22:34] C:\ProgramData\Lavasoft
[10/11/2008|11:06] C:\ProgramData\Malwarebytes
[26/08/2008|01:05] C:\ProgramData\Menu D‚marrer
[26/08/2008|16:24] C:\ProgramData\Microsoft
[26/08/2008|01:05] C:\ProgramData\ModŠles
[01/01/2006|22:01] C:\ProgramData\OFFICE One v7
[01/01/2006|21:48] C:\ProgramData\Sonic
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[01/01/2006|21:45] C:\ProgramData\Viewpoint
[29/08/2008|21:14] C:\ProgramData\VistaCodecs
[28/08/2008|09:10] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[08/10/2008|16:07] C:\Program Files\Adobe
[26/08/2008|14:49] C:\Program Files\Alwil Software
[01/09/2008|07:25] C:\Program Files\AOL
[01/01/2006|21:46] C:\Program Files\AOL 9.0 VR
[29/09/2008|13:53] C:\Program Files\Apple Software Update
[01/09/2008|08:57] C:\Program Files\Ashampoo
[10/11/2008|12:04] C:\Program Files\Avira
[29/09/2008|13:50] C:\Program Files\Bonjour
[10/11/2008|11:56] C:\Program Files\CCleaner
[01/01/2006|21:54] C:\Program Files\Ciel
[26/11/2008|14:47] C:\Program Files\Common Files
[29/08/2008|21:52] C:\Program Files\DivX
[02/09/2008|09:44] C:\Program Files\EA GAMES
[15/10/2008|15:22] C:\Program Files\eMule
[26/08/2008|01:05] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[10/09/2008|11:44] C:\Program Files\install‚s
[30/09/2008|19:19] C:\Program Files\InstallShield Installation Information
[16/10/2008|02:12] C:\Program Files\Internet Explorer
[29/09/2008|13:52] C:\Program Files\iPod
[01/01/2006|21:58] C:\Program Files\ISSENDIS
[29/09/2008|13:52] C:\Program Files\iTunes
[10/11/2008|11:06] C:\Program Files\Malwarebytes' Anti-Malware
[26/08/2008|16:09] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[26/08/2008|16:24] C:\Program Files\Microsoft.NET
[02/01/2006|06:32] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/11/2006|13:37] C:\Program Files\MSN
[26/08/2008|15:46] C:\Program Files\MSXML 4.0
[05/11/2008|10:10] C:\Program Files\Navilog1
[01/01/2006|22:02] C:\Program Files\OFFICE ONE 7.0
[01/01/2006|22:01] C:\Program Files\OFFICE One v7
[01/01/2006|22:02] C:\Program Files\Packard Bell
[29/09/2008|13:50] C:\Program Files\QuickTime
[01/01/2006|21:42] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[01/01/2006|21:48] C:\Program Files\Roxio
[27/08/2008|20:16] C:\Program Files\SAGEM
[30/09/2008|19:11] C:\Program Files\Samsung
[26/08/2008|01:17] C:\Program Files\Securitoo
[01/01/2006|22:02] C:\Program Files\Skype
[29/11/2008|06:04] C:\Program Files\Sysmnt
[05/11/2008|10:10] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[01/01/2006|21:45] C:\Program Files\Viewpoint
[29/08/2008|21:15] C:\Program Files\VistaCodecPack
[03/09/2008|10:15] C:\Program Files\WIDCOMM
[26/08/2008|16:35] C:\Program Files\Windows Calendar
[02/01/2006|06:32] C:\Program Files\Windows Collaboration
[26/08/2008|16:35] C:\Program Files\Windows Defender
[02/01/2006|06:32] C:\Program Files\Windows Journal
[26/08/2008|23:54] C:\Program Files\Windows Live
[09/09/2008|20:41] C:\Program Files\Windows Live Safety Center
[16/10/2008|02:12] C:\Program Files\Windows Mail
[26/08/2008|16:35] C:\Program Files\Windows Media Player
[26/08/2008|01:05] C:\Program Files\Windows NT
[02/01/2006|06:32] C:\Program Files\Windows Photo Gallery
[26/08/2008|16:35] C:\Program Files\Windows Sidebar
[26/08/2008|23:31] C:\Program Files\WinRAR
[29/08/2008|22:48] C:\Program Files\Xvid
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[08/10/2008|16:07] C:\Program Files\Common Files\Adobe
[01/09/2008|07:25] C:\Program Files\Common Files\aol
[01/01/2006|21:45] C:\Program Files\Common Files\aolshare
[29/09/2008|13:50] C:\Program Files\Common Files\Apple
[01/01/2006|21:54] C:\Program Files\Common Files\Ciel
[26/08/2008|16:26] C:\Program Files\Common Files\DESIGNER
[27/08/2008|20:16] C:\Program Files\Common Files\InstallShield
[28/08/2008|18:15] C:\Program Files\Common Files\logishrd
[27/08/2008|18:46] C:\Program Files\Common Files\microsoft shared
[01/01/2006|21:54] C:\Program Files\Common Files\MSSoap
[01/01/2006|21:45] C:\Program Files\Common Files\Nullsoft
[26/08/2008|23:28] C:\Program Files\Common Files\PX Storage Engine
[01/01/2006|21:48] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[01/01/2006|21:48] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[01/01/2006|21:48] C:\Program Files\Common Files\SureThing Shared
[26/08/2008|22:58] C:\Program Files\Common Files\Symantec Shared
[26/08/2008|16:35] C:\Program Files\Common Files\System
[26/08/2008|23:54] C:\Program Files\Common Files\WindowsLiveInstaller
[26/08/2008|18:11] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 62 Processes )
iexplore.exe ~ [PID:3692]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Users\sabeddy\AppData\Roaming\MICROS~1\Windows\Cookies\sabeddy@advertising[1].txt
C:\Users\sabeddy\AppData\Roaming\MICROS~1\Windows\Cookies\sabeddy@adopt.euroclick[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 06:22:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Ashampoo Burning Studio 8.02 - Final 2008.Keygen - By Phoenix
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Crack
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Ashampoo Burning Studio 8.02 - Final 2008.Keygen - By Phoenix\30-06-2008 21-26-15.jpg
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Ashampoo Burning Studio 8.02 - Final 2008.Keygen - By Phoenix\ashampoo_burningstudio802_sm.exe
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Ashampoo Burning Studio 8.02 - Final 2008.Keygen - By Phoenix\info key.txt
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Ashampoo Burning Studio 8.02 - Final 2008.Keygen - By Phoenix\Phoenix...JPG
C:\Users\sabeddy\Documents\Ashampoo.Burning.Studio.8.v8.03-TE\Crack\burningstudio.exe
C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007 Spy Software v3.18 With Keygen
C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007 Spy Software v3.18 With Keygen\007ssinstall.exe
C:\Users\sabeddy\Documents\MICROSOFT 2003\jeux ds\007 Spy Software v3.18 With Keygen\keygen.exe
[F:13][D:24]-> C:\Users\sabeddy\AppData\Local\Temp
[F:218][D:0]-> C:\Users\sabeddy\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2161][D:8]-> C:\Users\sabeddy\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/11/2008| 6:23 - Option : [1]
--------------------\\ Fin du rapport a 6:23:24
[ UAC => 1 ]
Re,
Les cracks qu'on voit ici, tu les utilises ?
Réponds-moi franchement, car si c'est le cas, c'est sûrement eux qui relancent sans cesse l'infection ...
Désinstalle/supprime les.
Il y a 457 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
