pages internet intempestives
Forum Sécurité - Virus : pages internet intempestives
salut a tous.
depuis quelques jours j ai des pages internet qui s ouvre continuellement et ca devient desagreable.
je vous envoi le rapport de hijack this.
en esperant un coup de main, merci....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:48, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\documents and settings\administrateur.titanium\local settings\application data\sqgss.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {040CEA2D-217A-4339-AC6E-6B55548D8531} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {449ecfc3-49d6-5c89-df54-ae5ffde41b44} - {44b14edf-f5ea-45fd-98c5-6d943cfce944} - C:\WINDOWS\system32\iudtqz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9950772D-AF73-4AEA-80B6-C251EC40EA30} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [1c166a9b] rundll32.exe "C:\WINDOWS\system32\qrarjpnl.dll",b
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [sqgss] "c:\documents and settings\administrateur.titanium\local settings\application data\sqgss.exe" sqgss
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] _0_3_5.cab
O20 - AppInit_DLLs: iudtqz.dll
O20 - Winlogon Notify: efcDUmJB - efcDUmJB.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 5654 bytes
Bonjour,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
rapport de combofix
ComboFix 08-11-13.01 - Administrateur 2008-11-15 15:18:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1577 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.TITANIUM\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\sqgss.dat
c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\sqgss.exe
c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\sqgss_nav.dat
c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\sqgss_navps.dat
c:\documents and settings\Administrateur\Application Data\m
c:\documents and settings\Administrateur\Application Data\m\list.oct
c:\documents and settings\Administrateur\Application Data\m\shared\(Whil)Kaspersky.Antivirus.For.Windows.Server.4.5.0.94.zip
c:\documents and settings\Administrateur\Application Data\m\shared\@PROMT_German-Russian_Internet_Translator_7.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\007 Spy Software 3.87.zip
c:\documents and settings\Administrateur\Application Data\m\shared\3D Shed & Shop Designer 2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\811 Toolbar for Firefox 3.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Acid_Dreams_2.33.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Advanced SQL Query 2.03.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Age_of_Mythology_-_Blank_maps.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AGUTA PAD Submitter 1.0 Patch.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Alien Countdown 4.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AlphaLPD_3.0c.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AMI GIF Transitions 2 2.0a.03.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Anti_Tracks_6.9.23_(Patch).zip
c:\documents and settings\Administrateur\Application Data\m\shared\Antivirus.kaspersky.+.NOD32.+.keys.&.passwords.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AppAway 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\ASX_Playlist_Buddy_3.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Atmosphere_Lite_6.0_[Key+Serial].zip
c:\documents and settings\Administrateur\Application Data\m\shared\AutoDWG_DWG2Image_Converter_3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\AVG.Antivirus.Pro_Network_Plus.Firewall.v7.0.344a618_key.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Babimals 1.01.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Barcode_Label_Workshop_Standard_Edition_6.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Berkeley DB 4.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\BlazingTools_Instant_Source_1.45.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Calendar Mine 2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\CD & DVD Burner & Grabber Core 4.05.zip
c:\documents and settings\Administrateur\Application Data\m\shared\CDR_Tools_Front_End_1.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Chapmaker 1.51.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Club_Football_2005_Ajax_demo.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Costume_Vision_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Crack_Panda_Platinum_Internet_Security_v.8.05.00+codigo_acti.zip
c:\documents and settings\Administrateur\Application Data\m\shared\CSAutoDoc_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\DefPrin_1.72.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Desktop Macros 2.10.zip
c:\documents and settings\Administrateur\Application Data\m\shared\DesktopRTA 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Discstarter_1.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Easy File Protector 4.82.zip
c:\documents and settings\Administrateur\Application Data\m\shared\EasyEclipse Plugin Warrior 1.2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Ebstra-2bi_2BI.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Echo 1.00.0025.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Elvis_1.5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\EMCO Remote Desktop Professional 2.0 Cracked.zip
c:\documents and settings\Administrateur\Application Data\m\shared\English-French_@promt_Internet_Translator_7.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\EnvisionAide_4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Evolution_1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Expired_Domain_Sniffer_3.3_[Cracked].zip
c:\documents and settings\Administrateur\Application Data\m\shared\ezForm_Filler_1.0.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Far_Cry_MP_King_of_the_Hill_map_2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\FEP-Private_Hero_1.0.0.1_[Key].zip
c:\documents and settings\Administrateur\Application Data\m\shared\File Ace 1.04.zip
c:\documents and settings\Administrateur\Application Data\m\shared\File_Grabber.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Freaky_Burn_1.00.zip
c:\documents and settings\Administrateur\Application Data\m\shared\G-ColorPicker_1.01.zip
c:\documents and settings\Administrateur\Application Data\m\shared\GoodOK iPod Converter 6.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\GoSuRF Browser 2.76.705.8238 Beta.zip
c:\documents and settings\Administrateur\Application Data\m\shared\GrandBackup Ultimate 1.2 build 418 [Key+Serial].zip
c:\documents and settings\Administrateur\Application Data\m\shared\HallowFear_Screensaver_2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\HD_PowerBall_Lotto_Keeper_1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\HyperCoder_Standard_Edition_1.1.0_[With_Crack].zip
c:\documents and settings\Administrateur\Application Data\m\shared\iByte_1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Ideal_Body_Weight_Calculator_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Ie_Minder_1.0_[Patch].zip
c:\documents and settings\Administrateur\Application Data\m\shared\ImageQuery_1.4.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Imobis_R2_1.5.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Jetboat_Superchamps_2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Journal_Macro_1.84.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Kingthon_Arcade_Collection_1.30.zip
c:\documents and settings\Administrateur\Application Data\m\shared\LeaguePad_4.0.3.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Living Cell 3D Screensaver 1.4.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Logic_Protect_6.0_[KeyGen].zip
c:\documents and settings\Administrateur\Application Data\m\shared\Mafia_1.1_patch.zip
c:\documents and settings\Administrateur\Application Data\m\shared\MakeDocJr Editor 1.0.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\markNewestVersion 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Math ActiveX 1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Microsoft HealthVault Connection Center 1.2 Beta.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Microsoft IIS 6.0 Resource Kit Tools 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Mind_Twister_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Mixere_1.0.83.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Multi Translate 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\MyProBB 1.30.zip
c:\documents and settings\Administrateur\Application Data\m\shared\NOD32_2.51.30_PL_vitaminka_upload_by_Stefel.zip
c:\documents and settings\Administrateur\Application Data\m\shared\OdysseySuite_SBE_4.0.729.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Offbeat_Server_-_Developer_Edition_1.0.0p.zip
c:\documents and settings\Administrateur\Application Data\m\shared\OKey_v3.01_[With_Crack].zip
c:\documents and settings\Administrateur\Application Data\m\shared\Pamela for Skype Basic Version 3.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\PanaVue_ImageAssembler_3.5.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Parley_1.2_(Serial).zip
c:\documents and settings\Administrateur\Application Data\m\shared\PC Mark 2002.zip
c:\documents and settings\Administrateur\Application Data\m\shared\PDF_Maker_Class_.NET_3.2_With_Crack.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Personal_Anti-Phishing_Sidebar_0.6.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Pool_Shark_1.80.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Portable_EditPad_Pro_6.2.2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\PPWIZARD - HTML Preprocessor 08.071.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Private_Pix_2.93.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Queen_Hynde_3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Question_Writer_-_Personal_Edition_2.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\QuickMessenger_v3.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\QuizMaster_4.1.2_build_363.zip
c:\documents and settings\Administrateur\Application Data\m\shared\RealConcept_Privacy_Bar_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Refined Elliot Trader 1.0.9.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Remora_USB_File_Guard_Pro_1.9.0.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Rozmic_Firewall_1.2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\RvAlgo_Prof_2.11.6.3_(Key).zip
c:\documents and settings\Administrateur\Application Data\m\shared\SafeKuvert 1.0.1.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Save-It 2.2.01.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SeaStorm_3D_Screensaver_1.51_[Key].zip
c:\documents and settings\Administrateur\Application Data\m\shared\Simply_School_US_3.0.1_(KeyGen).zip
c:\documents and settings\Administrateur\Application Data\m\shared\SonicFolder 1.5.1.3.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SoundNet 1.1.13.zip
c:\documents and settings\Administrateur\Application Data\m\shared\SQL Log Rescue 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Strange_Adventures_in_Infinite_Space_Even_Stranger_Adventures_in_Infinite_Space_mod.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Studionics_1.0_beta_[Key].zip
c:\documents and settings\Administrateur\Application Data\m\shared\SwapKeys_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Symantec.Norton.Ghost.2003.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TablePlanner_2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Theme_Calendar_-_Motivational_Quotes_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\ThumbTweak_1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TickerShop_for_Amazon_2.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TOEFL Secrets Study Guide.zip
c:\documents and settings\Administrateur\Application Data\m\shared\TscExcelExport 3.7.zip
c:\documents and settings\Administrateur\Application Data\m\shared\UserGate Proxy Server 4.1 KeyGen.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Voice Insert ActiveX SDK 3.1.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Voodoo Chat Server 14p2.zip
c:\documents and settings\Administrateur\Application Data\m\shared\Watchdog_-_O_-_Matic_5.00_build_1078_[Key].zip
c:\documents and settings\Administrateur\Application Data\m\shared\WebTV Denial of Service Vulnerability Patch (Windows Me) (MS00-074).zip
c:\documents and settings\Administrateur\Application Data\m\shared\WinaXe Windows X Server 7.4 (Key).zip
c:\documents and settings\Administrateur\Application Data\m\shared\Wireless_Sales_for_Pocket_PC_1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\XPcop 1.0.zip
c:\documents and settings\Administrateur\Application Data\m\shared\XTS_keylogger_2.01_(KeyGen).zip
c:\documents and settings\Administrateur\Application Data\m\shared\YASA_DVD_to_3GP_Converter_2.6.82.2847.zip
c:\documents and settings\Administrateur\Application Data\m\srvlist.oct
c:\documents and settings\Administrateur\Application Data\ShoppingReport
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Administrateur\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Administrateur\Local Settings\Application Data\dfmjf.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\dfmjf_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\dfmjf_navps.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\lovmsisf.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\lovmsisf_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\lovmsisf_navps.dat
c:\documents and settings\P1\Application Data\DriveCleaner 2006 Free
c:\documents and settings\P1\Application Data\DriveCleaner 2006 Free\Logs\update.log
c:\documents and settings\P1\Favoris\Online Security Guide.lnk
c:\install\install.exe
c:\program files\INSTALL.LOG
c:\windows\system32\abdMmnpo.ini
c:\windows\system32\abdMmnpo.ini2
c:\windows\system32\cvoupmdj.dll
c:\windows\system32\drivers\downld
c:\windows\system32\iudtqz.dll
c:\windows\system32\lnpjrarq.ini
c:\windows\system32\qrarjpnl.dll
c:\windows\system32\sgbvugba.ini
c:\windows\system32\ymgessnt.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.
2008-11-15 09:59 . 2008-11-15 09:59 <REP> d-------- c:\program files\Trend Micro
2008-11-15 09:26 . 2008-11-15 09:27 33 --a------ c:\windows\CMSurround.ini
2008-11-14 17:05 . 2008-11-14 17:05 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Grisoft
2008-11-14 17:05 . 2008-11-14 17:05 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\Grisoft
2008-11-14 17:05 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-14 16:58 . 2008-11-14 17:04 <REP> d-------- c:\program files\Fighters
2008-11-14 16:58 . 2008-11-14 16:58 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Fighters
2008-11-14 16:52 . 2008-11-14 18:48 <REP> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-14 15:18 . 2008-11-14 15:19 <REP> d-------- c:\program files\Dell Photo AIO Printer 922
2008-11-10 17:07 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-10 09:09 . 2008-11-14 15:22 572 --a------ c:\windows\dellstat.ini
2008-11-10 09:08 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-10 09:08 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-10 09:08 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-10 09:08 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-10 09:06 . 2008-11-14 16:28 <REP> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-11-10 09:06 . 2008-11-10 09:06 <REP> d-------- C:\Dell922
2008-11-09 22:24 . 2008-11-09 22:24 <REP> dr-h----- c:\documents and settings\Administrateur.TITANIUM\Application Data\SecuROM
2008-11-09 22:21 . 2008-11-15 11:40 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-09 22:18 . 2008-11-09 22:18 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-09 22:18 . 2008-11-09 22:18 22,328 --a------ c:\documents and settings\Administrateur.TITANIUM\Application Data\PnkBstrK.sys
2008-11-09 22:17 . 2008-11-09 22:17 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-09 22:17 . 2008-11-09 22:18 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-09 22:17 . 2008-11-09 22:17 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-09 21:36 . 2008-11-09 21:36 <REP> d-------- c:\program files\VirtualDJ
2008-11-09 21:25 . 2008-11-09 21:25 <REP> d-------- c:\program files\wmp 11
2008-11-09 21:08 . 2008-11-09 21:08 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\OpenOffice.org
2008-11-09 21:06 . 2008-11-09 21:06 <REP> d-------- c:\program files\OpenOffice.org 3
2008-11-09 21:06 . 2008-11-09 21:06 <REP> d-------- c:\program files\JRE
2008-11-09 21:06 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-09 20:57 . 2008-11-09 20:57 45 ---h----- c:\windows\ddis2471.dat
2008-11-09 20:56 . 2008-11-09 20:57 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-09 20:32 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-09 20:19 . 2008-09-21 12:06 31,232 --a------ c:\windows\system\vdremote.dll
2008-11-09 20:19 . 2008-09-21 12:06 25,088 --a------ c:\windows\system\vdsvrlnk.dll
2008-11-09 20:12 . 2008-11-09 20:12 7,680 --ahs---- c:\windows\Thumbs.db
2008-11-09 20:12 . 2008-11-10 13:32 116 --a------ c:\windows\NeroDigital.ini
2008-11-09 20:10 . 2008-11-15 09:24 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\uTorrent
2008-11-09 20:00 . 2008-11-09 20:00 0 --a------ c:\windows\nsreg.dat
2008-11-09 19:51 . 2008-11-09 19:58 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Contacts
2008-11-09 19:43 . 2008-11-15 09:35 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller
2008-11-09 19:34 . 2007-07-30 19:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-11-09 19:34 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-09 19:34 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-09 19:34 . 2007-07-30 19:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-09 19:34 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-09 19:33 . 2008-11-09 19:33 <REP> d---s---- c:\documents and settings\Administrateur.TITANIUM\UserData
2008-11-09 19:29 . 2008-11-09 19:29 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\GRETECH
2008-11-09 19:29 . 2008-11-09 19:29 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\GRETECH
2008-11-09 19:20 . 2008-11-09 19:20 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\AdobeUM
2008-11-09 19:09 . 2008-11-09 19:10 242 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-09 18:58 . 2008-11-09 19:10 2,359,350 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-11-09 18:58 . 2008-11-09 19:10 64,610 --a------ c:\windows\BricoPackUninst.cmd
2008-11-09 18:42 . 2008-07-29 13:33 446,464 --a------ c:\windows\system32\nvunrm.exe
2008-11-09 18:42 . 2008-07-29 13:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2008-11-09 18:42 . 2008-07-08 01:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2008-11-09 18:32 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-09 18:32 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
2008-11-09 18:21 . 2008-11-09 18:21 <REP> d-------- c:\documents and settings\ADMINI~1~TIT\LOCALS~1
2008-11-09 18:21 . 2008-11-09 18:21 <REP> d-------- c:\documents and settings\ADMINI~1~TIT
2008-11-09 18:14 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-09 18:14 . 2008-11-15 15:22 195,368 --a------ c:\windows\system32\nvapps.xml
2008-11-09 18:14 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-09 18:13 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-09 18:06 . 2008-11-09 18:06 <REP> d-------- c:\program files\PCI Audio Applications
2008-11-09 18:06 . 1998-11-13 13:16 308,224 --a------ c:\windows\IsUn040c.exe
2008-11-09 18:06 . 2001-09-28 04:20 73,728 --------- c:\windows\system\CMedia.dll
2008-11-09 18:06 . 2004-08-03 23:08 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2008-11-09 18:06 . 2004-08-03 23:08 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-11-09 18:06 . 2008-11-09 18:16 4,346 --a------ c:\windows\mixerdef.ini
2008-11-09 18:05 . 2008-11-09 18:05 <REP> d-------- c:\program files\C-Media
2008-11-09 18:05 . 2008-11-09 18:05 <REP> d-------- C:\CMP-SOUNDCARD20_XP_NT_DRIVER
2008-11-09 18:05 . 2001-10-22 11:24 1,216,512 --a------ c:\windows\mixer.exe
2008-11-09 18:05 . 2001-01-11 08:02 794,624 --a--c--- c:\windows\system32\dllcache\a3d.dll
2008-11-09 18:05 . 2001-01-11 08:02 794,624 --a------ c:\windows\system32\Audio3D.dll
2008-11-09 18:05 . 2001-01-11 08:02 794,624 --a------ c:\windows\system32\a3d.dll
2008-11-09 18:05 . 2000-10-20 12:28 765,952 --a------ c:\windows\system\crlds3d.dll
2008-11-09 18:05 . 2001-10-30 13:01 280,782 --a------ c:\windows\system32\drivers\cmaudio.sys
2008-11-09 18:05 . 2001-10-22 11:01 122,880 --a------ c:\windows\cmuninst.exe
2008-11-09 18:05 . 2001-10-22 11:02 122,880 --a------ c:\windows\cmuninst.dat
2008-11-09 18:05 . 2001-10-16 11:00 28,672 --a------ c:\windows\system32\cmnprop.dll
2008-11-09 18:05 . 2008-11-09 18:16 171 --a------ c:\windows\CMISETUP.INI
2008-11-09 18:05 . 2008-11-09 18:16 26 --a------ c:\windows\CMCDPLAY.INI
2008-11-09 18:02 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-09 17:59 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-09 17:56 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-11-09 17:56 . 2008-11-09 17:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-09 17:53 . 2008-11-15 09:25 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com
2008-11-09 17:28 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-09 17:28 . 2004-08-03 23:15 145,792 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-11-09 17:28 . 2004-08-04 00:55 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-11-09 17:28 . 2004-08-04 00:55 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-11-09 17:28 . 2004-08-04 01:54 77,312 --a------ c:\windows\system32\usbui.dll
2008-11-09 17:28 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-09 17:28 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-11-09 17:28 . 2004-08-04 01:39 58,496 --a------ c:\windows\system32\drivers\redbook.sys
2008-11-09 17:28 . 2001-08-17 22:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-11-09 17:28 . 2004-08-04 00:54 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-09 17:28 . 2004-08-04 00:54 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-11-09 17:28 . 2001-08-17 23:00 2,944 --a------ c:\windows\system32\drivers\msmpu401.sys
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d--h----- c:\documents and settings\Default User.WINDOWS\Voisinage réseau
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d--h----- c:\documents and settings\Default User.WINDOWS\Voisinage d'impression
2008-11-09 17:25 . 2008-11-09 16:30 <REP> d--h----- c:\documents and settings\Default User.WINDOWS\Modèles
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\Default User.WINDOWS\Mes documents
2008-11-09 17:25 . 2008-11-09 17:25 <REP> dr------- c:\documents and settings\Default User.WINDOWS\Menu Démarrer
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\Default User.WINDOWS\Favoris
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\Default User.WINDOWS\Bureau
2008-11-09 17:25 . 2008-11-09 16:34 <REP> d--h----- c:\documents and settings\Default User.WINDOWS
2008-11-09 17:25 . 2008-11-09 21:07 <REP> d--h----- c:\documents and settings\All Users.WINDOWS\Modèles
2008-11-09 17:25 . 2008-11-09 16:36 <REP> dr------- c:\documents and settings\All Users.WINDOWS\Menu Démarrer
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Favoris
2008-11-09 17:25 . 2008-11-09 16:31 <REP> dr------- c:\documents and settings\All Users.WINDOWS\Documents
2008-11-09 17:25 . 2008-11-14 17:08 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Bureau
2008-11-09 17:24 . 2008-11-09 16:36 1,340 --a------ c:\windows\system32\$winnt$.inf
2008-11-09 16:54 . 2005-06-01 05:04 408,064 -ra------ c:\windows\system32\drivers\O4501U.sys
2008-11-09 16:43 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-09 16:42 . 2008-11-09 16:42 <REP> d-------- c:\program files\Satsuki Decodeur Pack
2008-11-09 16:42 . 2008-11-09 16:42 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-11-09 16:41 . 2004-08-23 15:38 <REP> d-------- c:\program files\WINAMP
2008-11-09 16:41 . 2004-03-03 20:30 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2008-11-09 16:41 . 2004-03-03 20:30 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\MSN Messenger 6.2.0137
2008-11-09 16:40 . 2004-07-20 16:24 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-09 16:40 . 2004-07-20 16:24 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-09 16:40 . 2004-07-20 16:24 471,040 --------- c:\windows\system32\ImagXRA7.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 08:25 --------- d-----w c:\program files\ma-config.com
2008-11-14 18:47 --------- d-----w c:\program files\eMule
2008-11-14 17:52 --------- d-----w c:\program files\dl_Cats
2008-11-09 20:06 --------- d-----w c:\program files\Java
2008-11-09 19:52 --------- d-----w c:\program files\Azureus
2008-11-09 19:50 --------- d-----w c:\program files\Microsoft LifeCam
2008-11-09 19:28 --------- d-----w c:\program files\VideoCap
2008-11-09 19:24 --------- d-----w c:\program files\CamStudio
2008-11-09 17:58 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-11-09 17:49 --------- d-----w c:\program files\MSN Messenger
2008-11-09 16:47 --------- d-----w c:\program files\FlashGet
2008-11-09 14:26 --------- d-----w c:\program files\directx
2008-11-05 15:50 22,328 -c--a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2008-11-05 15:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 07:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-04 22:05 --------- d-----w c:\program files\DivX
2008-11-04 21:54 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-04 09:56 --------- d-----w c:\program files\GRETECH
2008-10-30 16:12 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
2008-10-25 09:03 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-10-24 17:43 --------- d-----w c:\program files\Google
2008-10-20 01:30 --------- d-----w c:\program files\Steinberg
2008-10-20 00:02 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-19 23:40 --------- d-----w c:\program files\eoRezo
2008-10-08 12:35 --------- d-----w c:\program files\FLAC
2008-10-02 11:06 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-01 16:08 --------- d-----w c:\program files\Windows Live
2008-09-23 21:01 3,532 ----a-w C:\drmHeader.bin
2008-08-20 17:35 453,152 ----a-w c:\windows\system32\nvusmb.exe
2008-08-20 17:35 122,880 ----a-w c:\windows\system32\NVCOSMB.DLL
2008-03-04 22:23 22,328 -c--a-w c:\documents and settings\P1\Application Data\PnkBstrK.sys
.
------- Sigcheck -------
2004-08-04 01:54 694784 f6ad4c0f992b3b51c044ad74d9e2e854 c:\windows\system32\wininet.dll
2004-08-04 01:54 694784 f6ad4c0f992b3b51c044ad74d9e2e854 c:\windows\system32\dllcache\wininet.dll
2004-08-18 10:22 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\tcpip.sys
2004-08-22 23:35 978432 9f3b76c8cf787449a47f05abab4e13e6 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"VX1000"="c:\windows\vVX1000.exe" [2006-06-30 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 269104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"C-Media Mixer"="Mixer.exe" [2001-10-22 c:\windows\mixer.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=iudtqz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\programme file\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\programme file\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\programme file\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\DLBTPSWX.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-06-30 1965872]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys [2005-06-01 408064]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{040CEA2D-217A-4339-AC6E-6B55548D8531} - (no file)
BHO-{44b14edf-f5ea-45fd-98c5-6d943cfce944} - c:\windows\system32\iudtqz.dll
BHO-{9950772D-AF73-4AEA-80B6-C251EC40EA30} - (no file)
HKCU-Run-sqgss - c:\documents and settings\administrateur.titanium\local settings\application data\sqgss.exe
HKLM-Run-1c166a9b - c:\windows\system32\qrarjpnl.dll
ShellExecuteHooks-{9950772D-AF73-4AEA-80B6-C251EC40EA30} - (no file)
Notify-efcDUmJB - efcDUmJB.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur.TITANIUM\Application Data\Mozilla\Firefox\Profiles\g4gjen4b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 15:22:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-11-15 15:24:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-15 14:24:40
Avant-CF: 10 026 467 328 octets libres
Après-CF: 10,943,827,968 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
461
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
je te remerci de me repondre aussi vite...
ca fait plaisir !!!
au fait, c est grave ?
voilà le rapport de malwarebyte's
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1400
Windows 5.1.2600 Service Pack 2
15/11/2008 16:52:24
mbam-log-2008-11-15 (16-52-24).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 141390
Temps écoulé: 21 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\P1\Local Settings\Application Data\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\P1\Local Settings\Application Data\Live_TV\RadioPlayer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\P1\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\P1\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\cvoupmdj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iudtqz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qrarjpnl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007570.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007573.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007575.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007576.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP32\A0007578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP37\A0007906.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP37\A0007907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC75C806-45B6-4550-A1A0-BC14AEAECFE0}\RP37\A0007909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\P1\Local Settings\Application Data\Live_TV\Error.Log (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
Refais un scan Combofix.
Répondre à Angeldark
j ai refais le scan combofix, cidessous le rapport...
ComboFix 08-11-13.02 - Administrateur 2008-11-15 18:51:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1599 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MCO9WE92\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.
2008-11-15 16:11 . 2008-11-15 16:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 16:11 . 2008-11-15 16:11 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-15 16:11 . 2008-11-15 16:11 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\Malwarebytes
2008-11-15 16:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 16:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 09:59 . 2008-11-15 09:59 <REP> d-------- c:\program files\Trend Micro
2008-11-15 09:26 . 2008-11-15 09:27 33 --a------ c:\windows\CMSurround.ini
2008-11-14 17:05 . 2008-11-14 17:05 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Grisoft
2008-11-14 17:05 . 2008-11-14 17:05 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\Grisoft
2008-11-14 17:05 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-14 16:58 . 2008-11-14 17:04 <REP> d-------- c:\program files\Fighters
2008-11-14 16:58 . 2008-11-14 16:58 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Fighters
2008-11-14 16:52 . 2008-11-14 18:48 <REP> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-14 15:18 . 2008-11-14 15:19 <REP> d-------- c:\program files\Dell Photo AIO Printer 922
2008-11-10 17:07 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-10 09:09 . 2008-11-14 15:22 572 --a------ c:\windows\dellstat.ini
2008-11-10 09:08 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-10 09:08 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-10 09:08 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-10 09:08 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-10 09:06 . 2008-11-14 16:28 <REP> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-11-10 09:06 . 2008-11-10 09:06 <REP> d-------- C:\Dell922
2008-11-09 22:24 . 2008-11-09 22:24 <REP> dr-h----- c:\documents and settings\Administrateur.TITANIUM\Application Data\SecuROM
2008-11-09 22:21 . 2008-11-15 11:40 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-09 22:18 . 2008-11-09 22:18 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-09 22:18 . 2008-11-09 22:18 22,328 --a------ c:\documents and settings\Administrateur.TITANIUM\Application Data\PnkBstrK.sys
2008-11-09 22:17 . 2008-11-09 22:17 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-09 22:17 . 2008-11-09 22:18 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-09 22:17 . 2008-11-09 22:17 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-09 21:36 . 2008-11-09 21:36 <REP> d-------- c:\program files\VirtualDJ
2008-11-09 21:25 . 2008-11-09 21:25 <REP> d-------- c:\program files\wmp 11
2008-11-09 21:08 . 2008-11-09 21:08 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\OpenOffice.org
2008-11-09 21:06 . 2008-11-09 21:06 <REP> d-------- c:\program files\OpenOffice.org 3
2008-11-09 21:06 . 2008-11-09 21:06 <REP> d-------- c:\program files\JRE
2008-11-09 21:06 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-09 20:57 . 2008-11-09 20:57 45 ---h----- c:\windows\ddis2471.dat
2008-11-09 20:56 . 2008-11-09 20:57 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-09 20:32 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-09 20:19 . 2008-09-21 12:06 31,232 --a------ c:\windows\system\vdremote.dll
2008-11-09 20:19 . 2008-09-21 12:06 25,088 --a------ c:\windows\system\vdsvrlnk.dll
2008-11-09 20:12 . 2008-11-09 20:12 7,680 --ahs---- c:\windows\Thumbs.db
2008-11-09 20:12 . 2008-11-10 13:32 116 --a------ c:\windows\NeroDigital.ini
2008-11-09 20:10 . 2008-11-15 09:24 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\uTorrent
2008-11-09 20:00 . 2008-11-09 20:00 0 --a------ c:\windows\nsreg.dat
2008-11-09 19:51 . 2008-11-09 19:58 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Contacts
2008-11-09 19:43 . 2008-11-15 09:35 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller
2008-11-09 19:34 . 2007-07-30 19:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-11-09 19:34 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-09 19:34 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-09 19:34 . 2007-07-30 19:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-09 19:34 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-09 19:33 . 2008-11-09 19:33 <REP> d---s---- c:\documents and settings\Administrateur.TITANIUM\UserData
2008-11-09 19:29 . 2008-11-09 19:29 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\GRETECH
2008-11-09 19:29 . 2008-11-09 19:29 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\GRETECH
2008-11-09 19:20 . 2008-11-09 19:20 <REP> d-------- c:\documents and settings\Administrateur.TITANIUM\Application Data\AdobeUM
2008-11-09 19:09 . 2008-11-09 19:10 242 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-09 18:58 . 2008-11-09 19:10 2,359,350 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-11-09 18:58 . 2008-11-09 19:10 64,610 --a------ c:\windows\BricoPackUninst.cmd
2008-11-09 18:42 . 2008-07-29 13:33 446,464 --a------ c:\windows\system32\nvunrm.exe
2008-11-09 18:42 . 2008-07-29 13:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2008-11-09 18:42 . 2008-07-08 01:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2008-11-09 18:32 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-09 18:32 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
2008-11-09 18:21 . 2008-11-09 18:21 <REP> d-------- c:\documents and settings\ADMINI~1~TIT\LOCALS~1
2008-11-09 18:21 . 2008-11-09 18:21 <REP> d-------- c:\documents and settings\ADMINI~1~TIT
2008-11-09 18:14 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-09 18:14 . 2008-11-15 16:56 195,368 --a------ c:\windows\system32\nvapps.xml
2008-11-09 18:14 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-09 18:13 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-09 18:06 . 2008-11-09 18:06 <REP> d-------- c:\program files\PCI Audio Applications
2008-11-09 18:06 . 1998-11-13 13:16 308,224 --a------ c:\windows\IsUn040c.exe
2008-11-09 18:06 . 2001-09-28 04:20 73,728 --------- c:\windows\system\CMedia.dll
2008-11-09 18:06 . 2004-08-03 23:08 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2008-11-09 18:06 . 2004-08-03 23:08 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-11-09 18:06 . 2008-11-09 18:16 4,346 --a------ c:\windows\mixerdef.ini
2008-11-09 18:05 . 2008-11-09 18:05 <REP> d-------- c:\program files\C-Media
2008-11-09 18:05 . 2008-11-09 18:05 <REP> d-------- C:\CMP-SOUNDCARD20_XP_NT_DRIVER
2008-11-09 18:05 . 2001-10-22 11:24 1,216,512 --a------ c:\windows\mixer.exe
2008-11-09 18:05 . 2001-01-11 08:02 794,624 --a--c--- c:\windows\system32\dllcache\a3d.dll
2008-11-09 18:05 . 2001-01-11 08:02 794,624 --a------ c:\windows\system32\Audio3D.dll
2008-11-09 18:05 . 2001-01-11 08:02 794,624 --a------ c:\windows\system32\a3d.dll
2008-11-09 18:05 . 2000-10-20 12:28 765,952 --a------ c:\windows\system\crlds3d.dll
2008-11-09 18:05 . 2001-10-30 13:01 280,782 --a------ c:\windows\system32\drivers\cmaudio.sys
2008-11-09 18:05 . 2001-10-22 11:01 122,880 --a------ c:\windows\cmuninst.exe
2008-11-09 18:05 . 2001-10-22 11:02 122,880 --a------ c:\windows\cmuninst.dat
2008-11-09 18:05 . 2001-10-16 11:00 28,672 --a------ c:\windows\system32\cmnprop.dll
2008-11-09 18:05 . 2008-11-09 18:16 171 --a------ c:\windows\CMISETUP.INI
2008-11-09 18:05 . 2008-11-09 18:16 26 --a------ c:\windows\CMCDPLAY.INI
2008-11-09 18:02 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-09 17:59 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-09 17:56 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-11-09 17:56 . 2008-11-09 17:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-09 17:53 . 2008-11-15 09:25 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com
2008-11-09 17:28 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-09 17:28 . 2004-08-03 23:15 145,792 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-11-09 17:28 . 2004-08-04 00:55 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-11-09 17:28 . 2004-08-04 00:55 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-11-09 17:28 . 2004-08-04 01:54 77,312 --a------ c:\windows\system32\usbui.dll
2008-11-09 17:28 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-09 17:28 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-11-09 17:28 . 2004-08-04 01:39 58,496 --a------ c:\windows\system32\drivers\redbook.sys
2008-11-09 17:28 . 2001-08-17 22:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-11-09 17:28 . 2004-08-04 00:54 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-09 17:28 . 2004-08-04 00:54 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-11-09 17:28 . 2001-08-17 23:00 2,944 --a------ c:\windows\system32\drivers\msmpu401.sys
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d--h----- c:\documents and settings\Default User.WINDOWS\Voisinage réseau
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d--h----- c:\documents and settings\Default User.WINDOWS\Voisinage d'impression
2008-11-09 17:25 . 2008-11-09 16:30 <REP> d--h----- c:\documents and settings\Default User.WINDOWS\Modèles
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\Default User.WINDOWS\Mes documents
2008-11-09 17:25 . 2008-11-09 17:25 <REP> dr------- c:\documents and settings\Default User.WINDOWS\Menu Démarrer
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\Default User.WINDOWS\Favoris
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\Default User.WINDOWS\Bureau
2008-11-09 17:25 . 2008-11-09 16:34 <REP> d--h----- c:\documents and settings\Default User.WINDOWS
2008-11-09 17:25 . 2008-11-09 21:07 <REP> d--h----- c:\documents and settings\All Users.WINDOWS\Modèles
2008-11-09 17:25 . 2008-11-09 16:36 <REP> dr------- c:\documents and settings\All Users.WINDOWS\Menu Démarrer
2008-11-09 17:25 . 2008-11-09 17:25 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Favoris
2008-11-09 17:25 . 2008-11-09 16:31 <REP> dr------- c:\documents and settings\All Users.WINDOWS\Documents
2008-11-09 17:25 . 2008-11-15 16:11 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Bureau
2008-11-09 17:24 . 2008-11-09 16:36 1,340 --a------ c:\windows\system32\$winnt$.inf
2008-11-09 16:54 . 2005-06-01 05:04 408,064 -ra------ c:\windows\system32\drivers\O4501U.sys
2008-11-09 16:43 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-09 16:42 . 2008-11-09 16:42 <REP> d-------- c:\program files\Satsuki Decodeur Pack
2008-11-09 16:42 . 2008-11-09 16:42 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-11-09 16:41 . 2004-08-23 15:38 <REP> d-------- c:\program files\WINAMP
2008-11-09 16:41 . 2004-03-03 20:30 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 08:25 --------- d-----w c:\program files\ma-config.com
2008-11-14 18:47 --------- d-----w c:\program files\eMule
2008-11-14 17:52 --------- d-----w c:\program files\dl_Cats
2008-11-09 20:06 --------- d-----w c:\program files\Java
2008-11-09 19:52 --------- d-----w c:\program files\Azureus
2008-11-09 19:50 --------- d-----w c:\program files\Microsoft LifeCam
2008-11-09 19:28 --------- d-----w c:\program files\VideoCap
2008-11-09 19:24 --------- d-----w c:\program files\CamStudio
2008-11-09 17:58 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-11-09 17:49 --------- d-----w c:\program files\MSN Messenger
2008-11-09 16:47 --------- d-----w c:\program files\FlashGet
2008-11-09 14:26 --------- d-----w c:\program files\directx
2008-11-05 15:50 22,328 -c--a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2008-11-05 15:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 07:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-04 22:05 --------- d-----w c:\program files\DivX
2008-11-04 21:54 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-04 09:56 --------- d-----w c:\program files\GRETECH
2008-10-30 16:12 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
2008-10-25 09:03 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-10-24 17:43 --------- d-----w c:\program files\Google
2008-10-20 01:30 --------- d-----w c:\program files\Steinberg
2008-10-20 00:02 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-19 23:40 --------- d-----w c:\program files\eoRezo
2008-10-08 12:35 --------- d-----w c:\program files\FLAC
2008-10-02 11:06 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-01 16:08 --------- d-----w c:\program files\Windows Live
2008-09-23 21:01 3,532 ----a-w C:\drmHeader.bin
2008-08-20 17:35 453,152 ----a-w c:\windows\system32\nvusmb.exe
2008-08-20 17:35 122,880 ----a-w c:\windows\system32\NVCOSMB.DLL
2008-03-04 22:23 22,328 -c--a-w c:\documents and settings\P1\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_15.24.18.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-15 15:56:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"VX1000"="c:\windows\vVX1000.exe" [2006-06-30 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 269104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"C-Media Mixer"="Mixer.exe" [2001-10-22 c:\windows\mixer.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=iudtqz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\programme file\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\programme file\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\programme file\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\DLBTPSWX.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-09 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-09 20560]
R2 MSCamSvc;MSCamSvc;"c:\program files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 187184]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2008-11-09 1965872]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys [2008-11-09 408064]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur.TITANIUM\Application Data\Mozilla\Firefox\Profiles\g4gjen4b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 18:53:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-15 18:54:16
ComboFix-quarantined-files.txt 2008-11-15 17:54:13
Avant-CF: 10 979 926 016 octets libres
Après-CF: 10,971,234,304 octets libres
261
Ton pc se comporte mieux ?
Répondre à Angeldark
oh oui, tout va bien, plus de fenetre qui s ouvre a tout va !
je te remercie beaucoup....
Bon surf.
Répondre à Angeldark
Il y a 1690 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
