Hyperinfection help
Dernière réponse : dans Sécurité
Bonjour à tous,
Je me suis fais infecté hier soir. Je ne peux pas executer de .exe, car j'ai un message d'erreur me disant que le programme n'est pas un programme executable win32. En gros, je ne peux pas faire de scan hijacthis, ni faire un scan antivirus (qui d'ailleurs est désactivé, et je ne peux pas le remettre), et aucun programme se lance, à part internet, et encore j'ai eu du mal pour réussir à poster.
Je m'en remet à vous pour savoir ce qu'il faut faire.
merci d'avance
Je me suis fais infecté hier soir. Je ne peux pas executer de .exe, car j'ai un message d'erreur me disant que le programme n'est pas un programme executable win32. En gros, je ne peux pas faire de scan hijacthis, ni faire un scan antivirus (qui d'ailleurs est désactivé, et je ne peux pas le remettre), et aucun programme se lance, à part internet, et encore j'ai eu du mal pour réussir à poster.
Je m'en remet à vous pour savoir ce qu'il faut faire.
merci d'avance
Autres pages sur : hyperinfection help
Lassé par la pub ? Créez un compte
Bonjour,
Oui, j'ai essayé de redemarrer le pc en mode sans échec. Mais surprise il redemarre automatiquement. J'ai essayé les différents modes sans échec, mais sans résultat. Je peux l'alumer quand mode windows normal. j'ai essayé de formater le pc, mais le lecteur cd plante au démarrage de windows et pendant une session...
Oui, j'ai essayé de redemarrer le pc en mode sans échec. Mais surprise il redemarre automatiquement. J'ai essayé les différents modes sans échec, mais sans résultat. Je peux l'alumer quand mode windows normal. j'ai essayé de formater le pc, mais le lecteur cd plante au démarrage de windows et pendant une session...
Alors, il y a un message d'erreur;
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to resolve source DNS name]
j'ai tenté de recommencer plusieurs fois.
Ce serai le trojan TR/Agent.AKWY.7 et le worm worm.win.autorun.nuu!A2
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to resolve source DNS name]
j'ai tenté de recommencer plusieurs fois.
Ce serai le trojan TR/Agent.AKWY.7 et le worm worm.win.autorun.nuu!A2
Alors voilà, j'ai réussi à faire tourner combofix,
Voilà le rapport;
j'espère que ça pourra aider;
ComboFix 08-11-30.02 - dams 2008-12-01 17:45:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.772 [GMT 1:00]
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\docume~1\dams\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\dams\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\dams\Application Data\m
c:\documents and settings\dams\Application Data\m\data.oct
c:\documents and settings\dams\Application Data\m\flec006.exe
c:\documents and settings\dams\Application Data\m\list.oct
c:\documents and settings\dams\Application Data\m\shared\3D Cover Boxshot Designer 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\A4_Video_Converter_2.4.zip
c:\documents and settings\dams\Application Data\m\shared\ContentWays Local 1.0.0.4.zip
c:\documents and settings\dams\Application Data\m\shared\Cowboy with Keyboard 2.1 KeyGen.zip
c:\documents and settings\dams\Application Data\m\shared\DeskNow_WebMessenger_1.4_Key+Serial.zip
c:\documents and settings\dams\Application Data\m\shared\DKMY_1.00.00.zip
c:\documents and settings\dams\Application Data\m\shared\Easy_Folder_Security_1.5_(Key).zip
c:\documents and settings\dams\Application Data\m\shared\Flow_Diagrams_Software_2.0.zip
c:\documents and settings\dams\Application Data\m\shared\iDailyDiary_Free_3.41.zip
c:\documents and settings\dams\Application Data\m\shared\InternetFileSize 3.60.zip
c:\documents and settings\dams\Application Data\m\shared\InvoiceMaker_1.0_build_453.zip
c:\documents and settings\dams\Application Data\m\shared\Leithauser Research EBook Reader - The Best American Humorous Short Stories 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\LingvoSoft_Picture_Dictionary_2007_Polish_-_Chinese_Mandarin_Traditional_1.1.20_[Patch].czip
c:\documents and settings\dams\Application Data\m\shared\Logic Friday 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\MyOdd_2.10.zip
c:\documents and settings\dams\Application Data\m\shared\Outlook_Express_Backup_Restore_2.12_(KeyGen).zip
c:\documents and settings\dams\Application Data\m\shared\Quick 3D Cover 1.5.1.zip
c:\documents and settings\dams\Application Data\m\shared\RefCon_Rx_1.15.zip
c:\documents and settings\dams\Application Data\m\shared\Sorax_Reader_1.zip
c:\documents and settings\dams\Application Data\m\shared\spEye_1.2_beta.zip
c:\documents and settings\dams\Application Data\m\shared\Suncycle_1.0.9.3.zip
c:\documents and settings\dams\Application Data\m\shared\Super_Webscan_8.0_[Cracked].zip
c:\documents and settings\dams\Application Data\m\shared\SwfSaver_Pro_2.0.zip
c:\documents and settings\dams\Application Data\m\shared\TalkingSlide_1.1.zip
c:\documents and settings\dams\Application Data\m\shared\The BMW Collection Screensaver 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\Whizlabs SCJP 6.0 Preparation Kit 6.0.1.zip
c:\documents and settings\dams\Application Data\m\shared\WinPresenter_1.6.zip
c:\documents and settings\dams\Application Data\m\shared\Xorax Contact Sheet 1.0a.zip
c:\documents and settings\dams\Application Data\m\shared\ZC Trigram Generator 1.0.zip
c:\documents and settings\dams\Application Data\m\srvlist.oct
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\Windows Live\Messenger\MsnMsgr.Exe
C:\resycled
c:\resycled\boot.com
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103438.exe
c:\windows\system32\drivers\downld\108225.exe
c:\windows\system32\drivers\downld\110408.exe
c:\windows\system32\drivers\downld\112591.exe
c:\windows\system32\drivers\downld\115946.exe
c:\windows\system32\drivers\downld\116447.exe
c:\windows\system32\drivers\downld\116898.exe
c:\windows\system32\drivers\downld\121584.exe
c:\windows\system32\drivers\downld\122426.exe
c:\windows\system32\drivers\downld\126932.exe
c:\windows\system32\drivers\downld\128574.exe
c:\windows\system32\drivers\downld\133782.exe
c:\windows\system32\drivers\downld\135635.exe
c:\windows\system32\drivers\downld\138709.exe
c:\windows\system32\drivers\downld\139230.exe
c:\windows\system32\drivers\downld\140732.exe
c:\windows\system32\drivers\downld\141062.exe
c:\windows\system32\drivers\downld\145018.exe
c:\windows\system32\drivers\downld\146070.exe
c:\windows\system32\drivers\downld\147472.exe
c:\windows\system32\drivers\downld\14749368.exe
c:\windows\system32\drivers\downld\14773713.exe
c:\windows\system32\drivers\downld\14783026.exe
c:\windows\system32\drivers\downld\14784829.exe
c:\windows\system32\drivers\downld\14847940.exe
c:\windows\system32\drivers\downld\14876220.exe
c:\windows\system32\drivers\downld\14904942.exe
c:\windows\system32\drivers\downld\14906384.exe
c:\windows\system32\drivers\downld\151537.exe
c:\windows\system32\drivers\downld\157616.exe
c:\windows\system32\drivers\downld\161852.exe
c:\windows\system32\drivers\downld\163024.exe
c:\windows\system32\drivers\downld\163855.exe
c:\windows\system32\drivers\downld\164206.exe
c:\windows\system32\drivers\downld\175802.exe
c:\windows\system32\drivers\downld\176233.exe
c:\windows\system32\drivers\downld\179868.exe
c:\windows\system32\drivers\downld\181500.exe
c:\windows\system32\drivers\downld\182262.exe
c:\windows\system32\drivers\downld\187649.exe
c:\windows\system32\drivers\downld\194619.exe
c:\windows\system32\drivers\downld\195180.exe
c:\windows\system32\drivers\downld\196823.exe
c:\windows\system32\drivers\downld\201479.exe
c:\windows\system32\drivers\downld\206176.exe
c:\windows\system32\drivers\downld\208049.exe
c:\windows\system32\drivers\downld\214618.exe
c:\windows\system32\drivers\downld\218323.exe
c:\windows\system32\drivers\downld\218984.exe
c:\windows\system32\drivers\downld\220176.exe
c:\windows\system32\drivers\downld\220877.exe
c:\windows\system32\drivers\downld\227957.exe
c:\windows\system32\drivers\downld\231182.exe
c:\windows\system32\drivers\downld\237771.exe
c:\windows\system32\drivers\downld\239173.exe
c:\windows\system32\drivers\downld\240445.exe
c:\windows\system32\drivers\downld\249829.exe
c:\windows\system32\drivers\downld\251441.exe
c:\windows\system32\drivers\downld\252793.exe
c:\windows\system32\drivers\downld\257289.exe
c:\windows\system32\drivers\downld\258561.exe
c:\windows\system32\drivers\downld\266433.exe
c:\windows\system32\drivers\downld\267795.exe
c:\windows\system32\drivers\downld\269667.exe
c:\windows\system32\drivers\downld\270058.exe
c:\windows\system32\drivers\downld\271730.exe
c:\windows\system32\drivers\downld\275556.exe
c:\windows\system32\drivers\downld\287363.exe
c:\windows\system32\drivers\downld\289035.exe
c:\windows\system32\drivers\downld\292210.exe
c:\windows\system32\drivers\downld\295935.exe
c:\windows\system32\drivers\downld\308904.exe
c:\windows\system32\drivers\downld\312559.exe
c:\windows\system32\drivers\downld\3236313.exe
c:\windows\system32\drivers\downld\3239878.exe
c:\windows\system32\drivers\downld\3243443.exe
c:\windows\system32\drivers\downld\325347.exe
c:\windows\system32\drivers\downld\326409.exe
c:\windows\system32\drivers\downld\3265145.exe
c:\windows\system32\drivers\downld\3268129.exe
c:\windows\system32\drivers\downld\3278133.exe
c:\windows\system32\drivers\downld\3285123.exe
c:\windows\system32\drivers\downld\3291022.exe
c:\windows\system32\drivers\downld\342692.exe
c:\windows\system32\drivers\downld\48519.exe
c:\windows\system32\drivers\downld\48880.exe
c:\windows\system32\drivers\downld\49631.exe
c:\windows\system32\drivers\downld\51063.exe
c:\windows\system32\drivers\downld\55549.exe
c:\windows\system32\drivers\downld\56461.exe
c:\windows\system32\drivers\downld\60647.exe
c:\windows\system32\drivers\downld\61488.exe
c:\windows\system32\drivers\downld\62720.exe
c:\windows\system32\drivers\downld\64913.exe
c:\windows\system32\drivers\downld\71252.exe
c:\windows\system32\drivers\downld\73585.exe
c:\windows\system32\drivers\downld\73986.exe
c:\windows\system32\drivers\downld\80435.exe
c:\windows\system32\drivers\downld\82748.exe
c:\windows\system32\drivers\downld\82839.exe
c:\windows\system32\drivers\downld\85042.exe
c:\windows\system32\drivers\downld\86173.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\kdupd.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 16:39 . 2008-12-01 16:44 <REP> d-------- c:\documents and settings\dams\.housecall6.6
2008-12-01 15:42 . 2008-12-01 15:42 <REP> d-------- c:\windows\Sun
2008-12-01 15:40 . 2008-12-01 15:40 <REP> d-------- c:\program files\Java
2008-12-01 15:40 . 2008-12-01 15:40 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 15:40 . 2008-12-01 15:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-01 13:43 . 2008-12-01 13:43 <REP> d-------- c:\program files\Trend Micro
2008-12-01 00:43 . 2008-12-01 00:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-12-01 00:41 . 2008-12-01 00:40 286,720 --a------ c:\windows\iun507.exe
2008-11-30 23:57 . 2008-11-30 23:57 <REP> d-------- c:\program files\GetData
2008-11-30 23:57 . 2008-12-01 00:39 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-30 23:55 . 2008-11-30 23:55 <REP> d--h----- c:\windows\PIF
2008-11-30 23:54 . 2008-12-01 00:41 <REP> d-------- c:\program files\RecoverySoft
2008-11-30 23:11 . 2008-11-30 23:11 <REP> d-------- c:\program files\TouchStoneSoftware
2008-11-30 21:36 . 2008-11-30 21:36 <REP> d-------- c:\program files\Stellar Phoenix NTFS Data Recovery
2008-11-30 21:36 . 1998-06-24 00:00 260,920 --a------ c:\windows\system32\MSDATGRD.OCX
2008-11-30 21:36 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2008-11-30 21:36 . 2006-03-01 02:10 69,632 --a------ c:\windows\system32\Crypserv.exe
2008-11-30 21:36 . 2006-01-10 03:47 31,846 --a------ c:\windows\system32\Ckldrv.sys
2008-11-30 21:36 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2008-11-30 21:36 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2008-11-30 21:36 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2008-11-30 21:36 . 2008-11-30 21:36 1,680 --a------ c:\windows\system32\esnecil.nlp
2008-11-30 21:36 . 2008-12-01 00:28 1,680 --a------ c:\windows\system32\esnecil.ind
2008-11-30 21:36 . 2008-11-30 21:36 68 --a------ c:\windows\Crypkey.ini
2008-11-30 21:36 . 2008-11-30 21:36 4 --a------ c:\windows\vx86036.dat
2008-11-30 20:39 . 2008-11-30 20:39 <REP> d-------- c:\windows\system32\NtmsData
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Real
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Fichiers communs\Real
2008-11-16 13:58 . 2008-11-16 14:03 <REP> d-------- c:\windows\BDOSCAN8
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\documents and settings\dams\Application Data\Malwarebytes
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 21:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 21:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 21:24 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 21:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 12:23 --------- d-----w c:\documents and settings\dams\Application Data\DNA
2008-12-01 11:54 --------- d-----w c:\program files\DNA
2008-12-01 11:45 --------- d-----w c:\program files\eMule
2008-11-30 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-30 20:04 --------- d-----w c:\documents and settings\dams\Application Data\U3
2008-11-30 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 13:49 --------- d-----w c:\program files\Steam
2008-11-13 22:21 --------- d-----w c:\documents and settings\dams\Application Data\BitTorrent
2008-11-02 18:10 --------- d-----w c:\documents and settings\dams\Application Data\Apple Computer
2008-10-25 11:59 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-25 11:54 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-25 11:52 --------- d-----w c:\program files\Logitech
2008-10-25 10:38 --------- d-----w c:\program files\ma-config.com
2008-10-25 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 11:54 --------- d-----w c:\program files\Windows Live
2008-10-10 21:17 --------- d-----w c:\program files\7-Zip
2008-10-07 20:26 --------- d-----w c:\program files\ffdshow
2008-10-07 20:23 --------- d-----w c:\documents and settings\dams\Application Data\vlc
2008-10-06 20:38 --------- d-----w c:\program files\BitTorrent
2008-10-05 10:28 --------- d-----w c:\program files\Google
2008-10-05 08:57 --------- d-----w c:\program files\OpenPlsInWMP
2008-10-05 08:45 --------- d-----w c:\program files\Audacity
2008-10-04 19:44 --------- d-----w c:\program files\Lavalys
2008-10-04 12:21 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-04 10:26 --------- d-----w c:\program files\MSBuild
2008-10-04 10:26 --------- d-----w c:\program files\Microsoft Works
2008-10-04 10:25 --------- d-----w c:\program files\Microsoft.NET
2008-10-04 10:22 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-01 19:13 --------- d-----w c:\program files\Teamspeak2_RC2
2008-10-01 19:13 --------- d-----w c:\documents and settings\dams\Application Data\teamspeak2
2008-09-18 14:42 21,361 ----a-w c:\windows\AegisP.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 435736]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^dams^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\dams\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-02-10 20:10 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-12-01 13:33 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-16 11:12 342336 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CplBCL50]
--a------ 2004-03-02 10:45 401408 c:\program files\EzButton\CplBCL50.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2008-03-04 13:41 1101824 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-04-28 08:08 184320 c:\program files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 16:43 252704 c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 12:41 1410296 c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-23 15:41 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-07-25 04:22 88363 c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 09:24 28672 c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-19 10:53 65024 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-22 56344]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2008-09-18 25856]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-09-02 191656]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8796a1-9143-11dd-9050-0012f00ebe6b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-c:\windows\system32\kdupd.exe - c:\windows\system32\kdupd.exe
MSConfigStartUp-kdupd - c:\windows\system32\kdupd.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\dams\Application Data\Mozilla\Firefox\Profiles\wbbnwolq.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:48:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\netprovcredman.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-01 17:54:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-01 16:54:31
Avant-CF: 93,475,717,120 octets libres
Après-CF: 93,937,762,304 octets libres
363 --- E O F --- 2008-11-13 22:48:00
Voilà le rapport;
j'espère que ça pourra aider;
ComboFix 08-11-30.02 - dams 2008-12-01 17:45:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.772 [GMT 1:00]
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\docume~1\dams\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\dams\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\dams\Application Data\m
c:\documents and settings\dams\Application Data\m\data.oct
c:\documents and settings\dams\Application Data\m\flec006.exe
c:\documents and settings\dams\Application Data\m\list.oct
c:\documents and settings\dams\Application Data\m\shared\3D Cover Boxshot Designer 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\A4_Video_Converter_2.4.zip
c:\documents and settings\dams\Application Data\m\shared\ContentWays Local 1.0.0.4.zip
c:\documents and settings\dams\Application Data\m\shared\Cowboy with Keyboard 2.1 KeyGen.zip
c:\documents and settings\dams\Application Data\m\shared\DeskNow_WebMessenger_1.4_Key+Serial.zip
c:\documents and settings\dams\Application Data\m\shared\DKMY_1.00.00.zip
c:\documents and settings\dams\Application Data\m\shared\Easy_Folder_Security_1.5_(Key).zip
c:\documents and settings\dams\Application Data\m\shared\Flow_Diagrams_Software_2.0.zip
c:\documents and settings\dams\Application Data\m\shared\iDailyDiary_Free_3.41.zip
c:\documents and settings\dams\Application Data\m\shared\InternetFileSize 3.60.zip
c:\documents and settings\dams\Application Data\m\shared\InvoiceMaker_1.0_build_453.zip
c:\documents and settings\dams\Application Data\m\shared\Leithauser Research EBook Reader - The Best American Humorous Short Stories 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\LingvoSoft_Picture_Dictionary_2007_Polish_-_Chinese_Mandarin_Traditional_1.1.20_[Patch].czip
c:\documents and settings\dams\Application Data\m\shared\Logic Friday 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\MyOdd_2.10.zip
c:\documents and settings\dams\Application Data\m\shared\Outlook_Express_Backup_Restore_2.12_(KeyGen).zip
c:\documents and settings\dams\Application Data\m\shared\Quick 3D Cover 1.5.1.zip
c:\documents and settings\dams\Application Data\m\shared\RefCon_Rx_1.15.zip
c:\documents and settings\dams\Application Data\m\shared\Sorax_Reader_1.zip
c:\documents and settings\dams\Application Data\m\shared\spEye_1.2_beta.zip
c:\documents and settings\dams\Application Data\m\shared\Suncycle_1.0.9.3.zip
c:\documents and settings\dams\Application Data\m\shared\Super_Webscan_8.0_[Cracked].zip
c:\documents and settings\dams\Application Data\m\shared\SwfSaver_Pro_2.0.zip
c:\documents and settings\dams\Application Data\m\shared\TalkingSlide_1.1.zip
c:\documents and settings\dams\Application Data\m\shared\The BMW Collection Screensaver 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\Whizlabs SCJP 6.0 Preparation Kit 6.0.1.zip
c:\documents and settings\dams\Application Data\m\shared\WinPresenter_1.6.zip
c:\documents and settings\dams\Application Data\m\shared\Xorax Contact Sheet 1.0a.zip
c:\documents and settings\dams\Application Data\m\shared\ZC Trigram Generator 1.0.zip
c:\documents and settings\dams\Application Data\m\srvlist.oct
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\Windows Live\Messenger\MsnMsgr.Exe
C:\resycled
c:\resycled\boot.com
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103438.exe
c:\windows\system32\drivers\downld\108225.exe
c:\windows\system32\drivers\downld\110408.exe
c:\windows\system32\drivers\downld\112591.exe
c:\windows\system32\drivers\downld\115946.exe
c:\windows\system32\drivers\downld\116447.exe
c:\windows\system32\drivers\downld\116898.exe
c:\windows\system32\drivers\downld\121584.exe
c:\windows\system32\drivers\downld\122426.exe
c:\windows\system32\drivers\downld\126932.exe
c:\windows\system32\drivers\downld\128574.exe
c:\windows\system32\drivers\downld\133782.exe
c:\windows\system32\drivers\downld\135635.exe
c:\windows\system32\drivers\downld\138709.exe
c:\windows\system32\drivers\downld\139230.exe
c:\windows\system32\drivers\downld\140732.exe
c:\windows\system32\drivers\downld\141062.exe
c:\windows\system32\drivers\downld\145018.exe
c:\windows\system32\drivers\downld\146070.exe
c:\windows\system32\drivers\downld\147472.exe
c:\windows\system32\drivers\downld\14749368.exe
c:\windows\system32\drivers\downld\14773713.exe
c:\windows\system32\drivers\downld\14783026.exe
c:\windows\system32\drivers\downld\14784829.exe
c:\windows\system32\drivers\downld\14847940.exe
c:\windows\system32\drivers\downld\14876220.exe
c:\windows\system32\drivers\downld\14904942.exe
c:\windows\system32\drivers\downld\14906384.exe
c:\windows\system32\drivers\downld\151537.exe
c:\windows\system32\drivers\downld\157616.exe
c:\windows\system32\drivers\downld\161852.exe
c:\windows\system32\drivers\downld\163024.exe
c:\windows\system32\drivers\downld\163855.exe
c:\windows\system32\drivers\downld\164206.exe
c:\windows\system32\drivers\downld\175802.exe
c:\windows\system32\drivers\downld\176233.exe
c:\windows\system32\drivers\downld\179868.exe
c:\windows\system32\drivers\downld\181500.exe
c:\windows\system32\drivers\downld\182262.exe
c:\windows\system32\drivers\downld\187649.exe
c:\windows\system32\drivers\downld\194619.exe
c:\windows\system32\drivers\downld\195180.exe
c:\windows\system32\drivers\downld\196823.exe
c:\windows\system32\drivers\downld\201479.exe
c:\windows\system32\drivers\downld\206176.exe
c:\windows\system32\drivers\downld\208049.exe
c:\windows\system32\drivers\downld\214618.exe
c:\windows\system32\drivers\downld\218323.exe
c:\windows\system32\drivers\downld\218984.exe
c:\windows\system32\drivers\downld\220176.exe
c:\windows\system32\drivers\downld\220877.exe
c:\windows\system32\drivers\downld\227957.exe
c:\windows\system32\drivers\downld\231182.exe
c:\windows\system32\drivers\downld\237771.exe
c:\windows\system32\drivers\downld\239173.exe
c:\windows\system32\drivers\downld\240445.exe
c:\windows\system32\drivers\downld\249829.exe
c:\windows\system32\drivers\downld\251441.exe
c:\windows\system32\drivers\downld\252793.exe
c:\windows\system32\drivers\downld\257289.exe
c:\windows\system32\drivers\downld\258561.exe
c:\windows\system32\drivers\downld\266433.exe
c:\windows\system32\drivers\downld\267795.exe
c:\windows\system32\drivers\downld\269667.exe
c:\windows\system32\drivers\downld\270058.exe
c:\windows\system32\drivers\downld\271730.exe
c:\windows\system32\drivers\downld\275556.exe
c:\windows\system32\drivers\downld\287363.exe
c:\windows\system32\drivers\downld\289035.exe
c:\windows\system32\drivers\downld\292210.exe
c:\windows\system32\drivers\downld\295935.exe
c:\windows\system32\drivers\downld\308904.exe
c:\windows\system32\drivers\downld\312559.exe
c:\windows\system32\drivers\downld\3236313.exe
c:\windows\system32\drivers\downld\3239878.exe
c:\windows\system32\drivers\downld\3243443.exe
c:\windows\system32\drivers\downld\325347.exe
c:\windows\system32\drivers\downld\326409.exe
c:\windows\system32\drivers\downld\3265145.exe
c:\windows\system32\drivers\downld\3268129.exe
c:\windows\system32\drivers\downld\3278133.exe
c:\windows\system32\drivers\downld\3285123.exe
c:\windows\system32\drivers\downld\3291022.exe
c:\windows\system32\drivers\downld\342692.exe
c:\windows\system32\drivers\downld\48519.exe
c:\windows\system32\drivers\downld\48880.exe
c:\windows\system32\drivers\downld\49631.exe
c:\windows\system32\drivers\downld\51063.exe
c:\windows\system32\drivers\downld\55549.exe
c:\windows\system32\drivers\downld\56461.exe
c:\windows\system32\drivers\downld\60647.exe
c:\windows\system32\drivers\downld\61488.exe
c:\windows\system32\drivers\downld\62720.exe
c:\windows\system32\drivers\downld\64913.exe
c:\windows\system32\drivers\downld\71252.exe
c:\windows\system32\drivers\downld\73585.exe
c:\windows\system32\drivers\downld\73986.exe
c:\windows\system32\drivers\downld\80435.exe
c:\windows\system32\drivers\downld\82748.exe
c:\windows\system32\drivers\downld\82839.exe
c:\windows\system32\drivers\downld\85042.exe
c:\windows\system32\drivers\downld\86173.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\kdupd.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 16:39 . 2008-12-01 16:44 <REP> d-------- c:\documents and settings\dams\.housecall6.6
2008-12-01 15:42 . 2008-12-01 15:42 <REP> d-------- c:\windows\Sun
2008-12-01 15:40 . 2008-12-01 15:40 <REP> d-------- c:\program files\Java
2008-12-01 15:40 . 2008-12-01 15:40 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 15:40 . 2008-12-01 15:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-01 13:43 . 2008-12-01 13:43 <REP> d-------- c:\program files\Trend Micro
2008-12-01 00:43 . 2008-12-01 00:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-12-01 00:41 . 2008-12-01 00:40 286,720 --a------ c:\windows\iun507.exe
2008-11-30 23:57 . 2008-11-30 23:57 <REP> d-------- c:\program files\GetData
2008-11-30 23:57 . 2008-12-01 00:39 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-30 23:55 . 2008-11-30 23:55 <REP> d--h----- c:\windows\PIF
2008-11-30 23:54 . 2008-12-01 00:41 <REP> d-------- c:\program files\RecoverySoft
2008-11-30 23:11 . 2008-11-30 23:11 <REP> d-------- c:\program files\TouchStoneSoftware
2008-11-30 21:36 . 2008-11-30 21:36 <REP> d-------- c:\program files\Stellar Phoenix NTFS Data Recovery
2008-11-30 21:36 . 1998-06-24 00:00 260,920 --a------ c:\windows\system32\MSDATGRD.OCX
2008-11-30 21:36 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2008-11-30 21:36 . 2006-03-01 02:10 69,632 --a------ c:\windows\system32\Crypserv.exe
2008-11-30 21:36 . 2006-01-10 03:47 31,846 --a------ c:\windows\system32\Ckldrv.sys
2008-11-30 21:36 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2008-11-30 21:36 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2008-11-30 21:36 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2008-11-30 21:36 . 2008-11-30 21:36 1,680 --a------ c:\windows\system32\esnecil.nlp
2008-11-30 21:36 . 2008-12-01 00:28 1,680 --a------ c:\windows\system32\esnecil.ind
2008-11-30 21:36 . 2008-11-30 21:36 68 --a------ c:\windows\Crypkey.ini
2008-11-30 21:36 . 2008-11-30 21:36 4 --a------ c:\windows\vx86036.dat
2008-11-30 20:39 . 2008-11-30 20:39 <REP> d-------- c:\windows\system32\NtmsData
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Real
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Fichiers communs\Real
2008-11-16 13:58 . 2008-11-16 14:03 <REP> d-------- c:\windows\BDOSCAN8
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\documents and settings\dams\Application Data\Malwarebytes
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 21:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 21:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 21:24 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 21:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 12:23 --------- d-----w c:\documents and settings\dams\Application Data\DNA
2008-12-01 11:54 --------- d-----w c:\program files\DNA
2008-12-01 11:45 --------- d-----w c:\program files\eMule
2008-11-30 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-30 20:04 --------- d-----w c:\documents and settings\dams\Application Data\U3
2008-11-30 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 13:49 --------- d-----w c:\program files\Steam
2008-11-13 22:21 --------- d-----w c:\documents and settings\dams\Application Data\BitTorrent
2008-11-02 18:10 --------- d-----w c:\documents and settings\dams\Application Data\Apple Computer
2008-10-25 11:59 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-25 11:54 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-25 11:52 --------- d-----w c:\program files\Logitech
2008-10-25 10:38 --------- d-----w c:\program files\ma-config.com
2008-10-25 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 11:54 --------- d-----w c:\program files\Windows Live
2008-10-10 21:17 --------- d-----w c:\program files\7-Zip
2008-10-07 20:26 --------- d-----w c:\program files\ffdshow
2008-10-07 20:23 --------- d-----w c:\documents and settings\dams\Application Data\vlc
2008-10-06 20:38 --------- d-----w c:\program files\BitTorrent
2008-10-05 10:28 --------- d-----w c:\program files\Google
2008-10-05 08:57 --------- d-----w c:\program files\OpenPlsInWMP
2008-10-05 08:45 --------- d-----w c:\program files\Audacity
2008-10-04 19:44 --------- d-----w c:\program files\Lavalys
2008-10-04 12:21 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-04 10:26 --------- d-----w c:\program files\MSBuild
2008-10-04 10:26 --------- d-----w c:\program files\Microsoft Works
2008-10-04 10:25 --------- d-----w c:\program files\Microsoft.NET
2008-10-04 10:22 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-01 19:13 --------- d-----w c:\program files\Teamspeak2_RC2
2008-10-01 19:13 --------- d-----w c:\documents and settings\dams\Application Data\teamspeak2
2008-09-18 14:42 21,361 ----a-w c:\windows\AegisP.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 435736]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^dams^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\dams\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-02-10 20:10 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-12-01 13:33 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-16 11:12 342336 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CplBCL50]
--a------ 2004-03-02 10:45 401408 c:\program files\EzButton\CplBCL50.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2008-03-04 13:41 1101824 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-04-28 08:08 184320 c:\program files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 16:43 252704 c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 12:41 1410296 c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-23 15:41 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-07-25 04:22 88363 c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 09:24 28672 c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-19 10:53 65024 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-22 56344]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2008-09-18 25856]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-09-02 191656]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8796a1-9143-11dd-9050-0012f00ebe6b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-c:\windows\system32\kdupd.exe - c:\windows\system32\kdupd.exe
MSConfigStartUp-kdupd - c:\windows\system32\kdupd.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\dams\Application Data\Mozilla\Firefox\Profiles\wbbnwolq.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:48:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\netprovcredman.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-01 17:54:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-01 16:54:31
Avant-CF: 93,475,717,120 octets libres
Après-CF: 93,937,762,304 octets libres
363 --- E O F --- 2008-11-13 22:48:00
Hello hello,
Alors voilà, j'ai réussi à faire un rapport hijacthis!
Merci de bien vouloir l'étudié (malgré d'infructueux résultats sur hijackthis.de)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:36, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dams\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/1rewlsup/WinInstaller
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\dams\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/j...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Windows Live Contrôle parental (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 7478 bytes
Merci de votre aide, je ne arriverais pas tout seul...
Alors voilà, j'ai réussi à faire un rapport hijacthis!
Merci de bien vouloir l'étudié (malgré d'infructueux résultats sur hijackthis.de)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:36, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dams\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/1rewlsup/WinInstaller
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\dams\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/j...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Windows Live Contrôle parental (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 7478 bytes
Merci de votre aide, je ne arriverais pas tout seul...
bonsoir
vu que c'est bagle, on va voir ce qu'il en est de tes cracks pourris... à l'origine de ton infection.
1
Télécharge Lop S&D.exe sur ton bureau
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
2
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/partner/default/kavweb...
* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.
vu que c'est bagle, on va voir ce qu'il en est de tes cracks pourris... à l'origine de ton infection.
1
Télécharge Lop S&D.exe sur ton bureau
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
2
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/partner/default/kavweb...
* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.
Merci
Oui, c'était à cause d'un krak, ma clé usb avait flanché. J'avais trouvé un logiciel satisfesant, Ondata recoverysoft, mais je suis étudiant, et a 100€ les 24h... Mais j'ai eu tord, et je le reconnais. Merci de m'aider
Le rapport LOP
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.80GHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.00
USER : dams ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:87 Go)
D:\ (CD or DVD)
E:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 01/12/2008|21:27 )
--------------------\\ Listing des dossiers dans APPLIC~1
[18/09/2008|15:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[22/09/2008|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[21/09/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[04/10/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[18/09/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/09/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/09/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[18/09/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[25/10/2008|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[13/11/2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/11/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/12/2008|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/09/2008|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/09/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/10/2008|17:07] C:\DOCUME~1\dams\APPLIC~1\Adobe
[02/11/2008|19:10] C:\DOCUME~1\dams\APPLIC~1\Apple Computer
[13/11/2008|23:21] C:\DOCUME~1\dams\APPLIC~1\BitTorrent
[27/09/2008|23:46] C:\DOCUME~1\dams\APPLIC~1\DeepBurner
[01/12/2008|13:23] C:\DOCUME~1\dams\APPLIC~1\DNA
[05/10/2008|11:28] C:\DOCUME~1\dams\APPLIC~1\Google
[18/09/2008|15:17] C:\DOCUME~1\dams\APPLIC~1\Identities
[18/09/2008|15:42] C:\DOCUME~1\dams\APPLIC~1\Intel
[23/09/2008|11:01] C:\DOCUME~1\dams\APPLIC~1\InterVideo
[19/09/2008|18:02] C:\DOCUME~1\dams\APPLIC~1\Macromedia
[13/11/2008|21:30] C:\DOCUME~1\dams\APPLIC~1\Malwarebytes
[30/11/2008|21:27] C:\DOCUME~1\dams\APPLIC~1\Microsoft
[19/09/2008|13:11] C:\DOCUME~1\dams\APPLIC~1\Mozilla
[23/11/2008|15:42] C:\DOCUME~1\dams\APPLIC~1\Real
[01/12/2008|15:38] C:\DOCUME~1\dams\APPLIC~1\Sun
[19/09/2008|13:11] C:\DOCUME~1\dams\APPLIC~1\Talkback
[01/10/2008|20:13] C:\DOCUME~1\dams\APPLIC~1\teamspeak2
[30/11/2008|21:04] C:\DOCUME~1\dams\APPLIC~1\U3
[07/10/2008|21:23] C:\DOCUME~1\dams\APPLIC~1\vlc
[18/09/2008|15:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[18/09/2008|15:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[18/09/2008|15:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[18/09/2008|15:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[18/09/2008|15:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[18/09/2008|15:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[21/11/2008 00:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/12/2008 21:24][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[10/10/2008|22:17] C:\Program Files\7-Zip
[04/10/2008|13:20] C:\Program Files\Adobe
[20/09/2008|17:39] C:\Program Files\Apple Software Update
[27/09/2008|23:33] C:\Program Files\Astonsoft
[18/09/2008|15:24] C:\Program Files\ATI Technologies
[05/10/2008|09:45] C:\Program Files\Audacity
[18/09/2008|18:52] C:\Program Files\Avira
[18/09/2008|15:25] C:\Program Files\AvRack
[06/10/2008|21:38] C:\Program Files\BitTorrent
[21/09/2008|16:44] C:\Program Files\Bonjour
[22/09/2008|11:34] C:\Program Files\CCleaner
[18/09/2008|15:07] C:\Program Files\ComPlus Applications
[01/12/2008|12:54] C:\Program Files\DNA
[01/12/2008|12:45] C:\Program Files\eMule
[18/09/2008|15:28] C:\Program Files\EzButton
[07/10/2008|21:26] C:\Program Files\ffdshow
[01/12/2008|21:18] C:\Program Files\Fichiers communs
[30/11/2008|23:57] C:\Program Files\GetData
[05/10/2008|11:28] C:\Program Files\Google
[30/11/2008|20:44] C:\Program Files\InstallShield Installation Information
[18/09/2008|15:41] C:\Program Files\Intel
[16/10/2008|02:03] C:\Program Files\Internet Explorer
[23/09/2008|11:00] C:\Program Files\InterVideo
[21/09/2008|17:16] C:\Program Files\iPod
[21/09/2008|17:16] C:\Program Files\iTunes
[01/12/2008|15:40] C:\Program Files\Java
[04/10/2008|20:44] C:\Program Files\Lavalys
[25/10/2008|12:52] C:\Program Files\Logitech
[18/09/2008|15:27] C:\Program Files\ltmoh
[25/10/2008|11:38] C:\Program Files\ma-config.com
[13/11/2008|21:30] C:\Program Files\Malwarebytes' Anti-Malware
[22/09/2008|10:18] C:\Program Files\Microsoft
[18/09/2008|15:10] C:\Program Files\microsoft frontpage
[04/10/2008|11:26] C:\Program Files\Microsoft Office
[22/09/2008|10:18] C:\Program Files\Microsoft SQL Server Compact Edition
[04/10/2008|11:26] C:\Program Files\Microsoft Visual Studio
[04/10/2008|11:22] C:\Program Files\Microsoft Visual Studio 8
[04/10/2008|11:26] C:\Program Files\Microsoft Works
[04/10/2008|11:25] C:\Program Files\Microsoft.NET
[20/09/2008|18:25] C:\Program Files\Movie Maker
[01/12/2008|18:06] C:\Program Files\Mozilla Firefox
[04/10/2008|11:26] C:\Program Files\MSBuild
[18/09/2008|15:05] C:\Program Files\MSN
[18/09/2008|15:06] C:\Program Files\MSN Gaming Zone
[19/09/2008|02:02] C:\Program Files\MSXML 6.0
[20/09/2008|18:24] C:\Program Files\NetMeeting
[18/09/2008|18:35] C:\Program Files\Nouveau dossier
[18/09/2008|15:06] C:\Program Files\Online Services
[05/10/2008|09:57] C:\Program Files\OpenPlsInWMP
[20/09/2008|18:23] C:\Program Files\Outlook Express
[01/12/2008|18:32] C:\Program Files\Panda Security
[21/09/2008|17:15] C:\Program Files\QuickTime
[23/11/2008|15:41] C:\Program Files\Real
[18/09/2008|15:25] C:\Program Files\Realtek Sound Manager
[01/12/2008|00:41] C:\Program Files\RecoverySoft
[22/09/2008|11:36] C:\Program Files\RegCleaner
[21/09/2008|16:50] C:\Program Files\Safari
[18/09/2008|15:08] C:\Program Files\Services en ligne
[23/11/2008|14:49] C:\Program Files\Steam
[30/11/2008|21:36] C:\Program Files\Stellar Phoenix NTFS Data Recovery
[01/10/2008|20:13] C:\Program Files\Teamspeak2_RC2
[30/11/2008|23:11] C:\Program Files\TouchStoneSoftware
[01/12/2008|13:43] C:\Program Files\Trend Micro
[18/09/2008|15:17] C:\Program Files\Uninstall Information
[23/09/2008|22:18] C:\Program Files\VideoLAN
[11/10/2008|12:54] C:\Program Files\Windows Live
[22/09/2008|10:57] C:\Program Files\Windows Media Connect 2
[22/09/2008|10:57] C:\Program Files\Windows Media Player
[20/09/2008|18:23] C:\Program Files\Windows NT
[18/09/2008|15:08] C:\Program Files\WindowsUpdate
[19/09/2008|13:12] C:\Program Files\WinZip
[18/09/2008|15:10] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[04/10/2008|13:21] C:\Program Files\Fichiers communs\Adobe
[21/09/2008|17:14] C:\Program Files\Fichiers communs\Apple
[04/10/2008|11:26] C:\Program Files\Fichiers communs\DESIGNER
[25/10/2008|12:54] C:\Program Files\Fichiers communs\InstallShield
[25/10/2008|12:59] C:\Program Files\Fichiers communs\LogiShrd
[05/10/2008|17:45] C:\Program Files\Fichiers communs\Microsoft Shared
[18/09/2008|15:08] C:\Program Files\Fichiers communs\MSSoap
[18/09/2008|16:47] C:\Program Files\Fichiers communs\ODBC
[23/11/2008|15:41] C:\Program Files\Fichiers communs\Real
[18/09/2008|15:08] C:\Program Files\Fichiers communs\Services
[18/09/2008|16:47] C:\Program Files\Fichiers communs\SpeechEngines
[04/10/2008|11:22] C:\Program Files\Fichiers communs\System
[22/09/2008|10:07] C:\Program Files\Fichiers communs\Windows Live
[19/09/2008|19:04] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/11/2008|15:41] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 37 Processes )
iexplore.exe ~ [PID:2708]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\dams\Cookies\dams@advertstream[1].txt
C:\DOCUME~1\dams\Cookies\dams@advertising[1].txt
C:\DOCUME~1\dams\Cookies\dams@ero-advertising[1].txt
C:\DOCUME~1\dams\Cookies\dams@adopt.euroclick[1].txt
C:\DOCUME~1\dams\Cookies\dams@partypoker[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 21:28:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\dams\Cookies\dams@crackdb[1].txt
C:\DOCUME~1\dams\Cookies\dams@crackserialkeygen[2].txt
[F:397][D:0]-> C:\DOCUME~1\dams\Cookies
[F:170][D:4]-> C:\DOCUME~1\dams\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/12/2008|21:29 - Option : [1]
--------------------\\ Fin du rapport a 21:29:05
L'analyse Kaspersky est en route
Oui, c'était à cause d'un krak, ma clé usb avait flanché. J'avais trouvé un logiciel satisfesant, Ondata recoverysoft, mais je suis étudiant, et a 100€ les 24h... Mais j'ai eu tord, et je le reconnais. Merci de m'aider
Le rapport LOP
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.80GHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.00
USER : dams ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:87 Go)
D:\ (CD or DVD)
E:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 01/12/2008|21:27 )
--------------------\\ Listing des dossiers dans APPLIC~1
[18/09/2008|15:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[22/09/2008|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[21/09/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[04/10/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[18/09/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/09/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/09/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[18/09/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[25/10/2008|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[13/11/2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/11/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/12/2008|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/09/2008|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/09/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/10/2008|17:07] C:\DOCUME~1\dams\APPLIC~1\Adobe
[02/11/2008|19:10] C:\DOCUME~1\dams\APPLIC~1\Apple Computer
[13/11/2008|23:21] C:\DOCUME~1\dams\APPLIC~1\BitTorrent
[27/09/2008|23:46] C:\DOCUME~1\dams\APPLIC~1\DeepBurner
[01/12/2008|13:23] C:\DOCUME~1\dams\APPLIC~1\DNA
[05/10/2008|11:28] C:\DOCUME~1\dams\APPLIC~1\Google
[18/09/2008|15:17] C:\DOCUME~1\dams\APPLIC~1\Identities
[18/09/2008|15:42] C:\DOCUME~1\dams\APPLIC~1\Intel
[23/09/2008|11:01] C:\DOCUME~1\dams\APPLIC~1\InterVideo
[19/09/2008|18:02] C:\DOCUME~1\dams\APPLIC~1\Macromedia
[13/11/2008|21:30] C:\DOCUME~1\dams\APPLIC~1\Malwarebytes
[30/11/2008|21:27] C:\DOCUME~1\dams\APPLIC~1\Microsoft
[19/09/2008|13:11] C:\DOCUME~1\dams\APPLIC~1\Mozilla
[23/11/2008|15:42] C:\DOCUME~1\dams\APPLIC~1\Real
[01/12/2008|15:38] C:\DOCUME~1\dams\APPLIC~1\Sun
[19/09/2008|13:11] C:\DOCUME~1\dams\APPLIC~1\Talkback
[01/10/2008|20:13] C:\DOCUME~1\dams\APPLIC~1\teamspeak2
[30/11/2008|21:04] C:\DOCUME~1\dams\APPLIC~1\U3
[07/10/2008|21:23] C:\DOCUME~1\dams\APPLIC~1\vlc
[18/09/2008|15:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[18/09/2008|15:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[18/09/2008|15:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[18/09/2008|15:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[18/09/2008|15:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[18/09/2008|15:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[21/11/2008 00:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/12/2008 21:24][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[10/10/2008|22:17] C:\Program Files\7-Zip
[04/10/2008|13:20] C:\Program Files\Adobe
[20/09/2008|17:39] C:\Program Files\Apple Software Update
[27/09/2008|23:33] C:\Program Files\Astonsoft
[18/09/2008|15:24] C:\Program Files\ATI Technologies
[05/10/2008|09:45] C:\Program Files\Audacity
[18/09/2008|18:52] C:\Program Files\Avira
[18/09/2008|15:25] C:\Program Files\AvRack
[06/10/2008|21:38] C:\Program Files\BitTorrent
[21/09/2008|16:44] C:\Program Files\Bonjour
[22/09/2008|11:34] C:\Program Files\CCleaner
[18/09/2008|15:07] C:\Program Files\ComPlus Applications
[01/12/2008|12:54] C:\Program Files\DNA
[01/12/2008|12:45] C:\Program Files\eMule
[18/09/2008|15:28] C:\Program Files\EzButton
[07/10/2008|21:26] C:\Program Files\ffdshow
[01/12/2008|21:18] C:\Program Files\Fichiers communs
[30/11/2008|23:57] C:\Program Files\GetData
[05/10/2008|11:28] C:\Program Files\Google
[30/11/2008|20:44] C:\Program Files\InstallShield Installation Information
[18/09/2008|15:41] C:\Program Files\Intel
[16/10/2008|02:03] C:\Program Files\Internet Explorer
[23/09/2008|11:00] C:\Program Files\InterVideo
[21/09/2008|17:16] C:\Program Files\iPod
[21/09/2008|17:16] C:\Program Files\iTunes
[01/12/2008|15:40] C:\Program Files\Java
[04/10/2008|20:44] C:\Program Files\Lavalys
[25/10/2008|12:52] C:\Program Files\Logitech
[18/09/2008|15:27] C:\Program Files\ltmoh
[25/10/2008|11:38] C:\Program Files\ma-config.com
[13/11/2008|21:30] C:\Program Files\Malwarebytes' Anti-Malware
[22/09/2008|10:18] C:\Program Files\Microsoft
[18/09/2008|15:10] C:\Program Files\microsoft frontpage
[04/10/2008|11:26] C:\Program Files\Microsoft Office
[22/09/2008|10:18] C:\Program Files\Microsoft SQL Server Compact Edition
[04/10/2008|11:26] C:\Program Files\Microsoft Visual Studio
[04/10/2008|11:22] C:\Program Files\Microsoft Visual Studio 8
[04/10/2008|11:26] C:\Program Files\Microsoft Works
[04/10/2008|11:25] C:\Program Files\Microsoft.NET
[20/09/2008|18:25] C:\Program Files\Movie Maker
[01/12/2008|18:06] C:\Program Files\Mozilla Firefox
[04/10/2008|11:26] C:\Program Files\MSBuild
[18/09/2008|15:05] C:\Program Files\MSN
[18/09/2008|15:06] C:\Program Files\MSN Gaming Zone
[19/09/2008|02:02] C:\Program Files\MSXML 6.0
[20/09/2008|18:24] C:\Program Files\NetMeeting
[18/09/2008|18:35] C:\Program Files\Nouveau dossier
[18/09/2008|15:06] C:\Program Files\Online Services
[05/10/2008|09:57] C:\Program Files\OpenPlsInWMP
[20/09/2008|18:23] C:\Program Files\Outlook Express
[01/12/2008|18:32] C:\Program Files\Panda Security
[21/09/2008|17:15] C:\Program Files\QuickTime
[23/11/2008|15:41] C:\Program Files\Real
[18/09/2008|15:25] C:\Program Files\Realtek Sound Manager
[01/12/2008|00:41] C:\Program Files\RecoverySoft
[22/09/2008|11:36] C:\Program Files\RegCleaner
[21/09/2008|16:50] C:\Program Files\Safari
[18/09/2008|15:08] C:\Program Files\Services en ligne
[23/11/2008|14:49] C:\Program Files\Steam
[30/11/2008|21:36] C:\Program Files\Stellar Phoenix NTFS Data Recovery
[01/10/2008|20:13] C:\Program Files\Teamspeak2_RC2
[30/11/2008|23:11] C:\Program Files\TouchStoneSoftware
[01/12/2008|13:43] C:\Program Files\Trend Micro
[18/09/2008|15:17] C:\Program Files\Uninstall Information
[23/09/2008|22:18] C:\Program Files\VideoLAN
[11/10/2008|12:54] C:\Program Files\Windows Live
[22/09/2008|10:57] C:\Program Files\Windows Media Connect 2
[22/09/2008|10:57] C:\Program Files\Windows Media Player
[20/09/2008|18:23] C:\Program Files\Windows NT
[18/09/2008|15:08] C:\Program Files\WindowsUpdate
[19/09/2008|13:12] C:\Program Files\WinZip
[18/09/2008|15:10] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[04/10/2008|13:21] C:\Program Files\Fichiers communs\Adobe
[21/09/2008|17:14] C:\Program Files\Fichiers communs\Apple
[04/10/2008|11:26] C:\Program Files\Fichiers communs\DESIGNER
[25/10/2008|12:54] C:\Program Files\Fichiers communs\InstallShield
[25/10/2008|12:59] C:\Program Files\Fichiers communs\LogiShrd
[05/10/2008|17:45] C:\Program Files\Fichiers communs\Microsoft Shared
[18/09/2008|15:08] C:\Program Files\Fichiers communs\MSSoap
[18/09/2008|16:47] C:\Program Files\Fichiers communs\ODBC
[23/11/2008|15:41] C:\Program Files\Fichiers communs\Real
[18/09/2008|15:08] C:\Program Files\Fichiers communs\Services
[18/09/2008|16:47] C:\Program Files\Fichiers communs\SpeechEngines
[04/10/2008|11:22] C:\Program Files\Fichiers communs\System
[22/09/2008|10:07] C:\Program Files\Fichiers communs\Windows Live
[19/09/2008|19:04] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/11/2008|15:41] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 37 Processes )
iexplore.exe ~ [PID:2708]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\dams\Cookies\dams@advertstream[1].txt
C:\DOCUME~1\dams\Cookies\dams@advertising[1].txt
C:\DOCUME~1\dams\Cookies\dams@ero-advertising[1].txt
C:\DOCUME~1\dams\Cookies\dams@adopt.euroclick[1].txt
C:\DOCUME~1\dams\Cookies\dams@partypoker[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 21:28:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\dams\Cookies\dams@crackdb[1].txt
C:\DOCUME~1\dams\Cookies\dams@crackserialkeygen[2].txt
[F:397][D:0]-> C:\DOCUME~1\dams\Cookies
[F:170][D:4]-> C:\DOCUME~1\dams\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/12/2008|21:29 - Option : [1]
--------------------\\ Fin du rapport a 21:29:05
L'analyse Kaspersky est en route
barbadam a dit :
MerciOui, c'était à cause d'un krak, ma clé usb avait flanché. J'avais trouvé un logiciel satisfesant, Ondata recoverysoft, mais je suis étudiant, et a 100€ les 24h... Mais j'ai eu tord, et je le reconnais. Merci de m'aider
bah quand j'étais étudiant, j'avais pas de pc, c'est dire si j'étais pauvre
plus sérieusement, cherche vers les gratuit, en général on trouve à peu près tout.
j'attends ton rapport de scan en ligne
lol, oui j'ai cherché toute une nuit, et j'ai craqué pour la facilité :s
Voici le scan kaspersky;
Monday, December 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 18:39:03
Records in database: 1429900
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 42097
Threat name 9
Infected objects 42
Suspicious objects 0
Duration of the scan 00:53:41
File name Threat name Threats count
C:\Documents and Settings\dams\Bureau\Freezer_Live_V.3.0.zip Infected: Backdoor.Win32.VB.gkv 1
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1
C:\Qoobox\Quarantine\C\Documents and Settings\dams\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\DOCUME~1\dams\LOCALS~1\Temp\tmp1.tmp.vir Infected: Trojan.Win32.Small.yon 1
C:\Qoobox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr.exe.vir Infected: Trojan-Downloader.Win32.Bagle.agv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\103438.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\110408.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\115946.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\116447.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\121584.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\122426.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\133782.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\141062.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\145018.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\147472.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\14773713.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\157616.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\164206.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\175802.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\176233.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\179868.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\181500.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\187649.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\194619.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\220176.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\231182.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\249829.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3239878.exe.vir Infected: Email-Worm.Win32.Bagle.vr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3243443.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3278133.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3285123.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3291022.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\55549.exe.vir Infected: Email-Worm.Win32.Bagle.vr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\60647.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\73986.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\80435.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\82839.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\86173.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir Infected: Trojan-Downloader.Win32.Bagle.agv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_srosa_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.afl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
The selected area was scanned.
Voici le scan kaspersky;
Monday, December 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 18:39:03
Records in database: 1429900
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 42097
Threat name 9
Infected objects 42
Suspicious objects 0
Duration of the scan 00:53:41
File name Threat name Threats count
C:\Documents and Settings\dams\Bureau\Freezer_Live_V.3.0.zip Infected: Backdoor.Win32.VB.gkv 1
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1
C:\Qoobox\Quarantine\C\Documents and Settings\dams\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\DOCUME~1\dams\LOCALS~1\Temp\tmp1.tmp.vir Infected: Trojan.Win32.Small.yon 1
C:\Qoobox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr.exe.vir Infected: Trojan-Downloader.Win32.Bagle.agv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\103438.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\110408.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\115946.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\116447.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\121584.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\122426.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\133782.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\141062.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\145018.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\147472.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\14773713.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\157616.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\164206.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\175802.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\176233.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\179868.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\181500.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\187649.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\194619.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\220176.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\231182.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\249829.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3239878.exe.vir Infected: Email-Worm.Win32.Bagle.vr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3243443.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3278133.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3285123.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3291022.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\55549.exe.vir Infected: Email-Worm.Win32.Bagle.vr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\60647.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\73986.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\80435.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\82839.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\86173.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir Infected: Trojan-Downloader.Win32.Bagle.agv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_srosa_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.afl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
The selected area was scanned.
Hello,
Freezer live et Qoobox supprimé, mais je ne peux pas lancer antivir.
Il y a un message d'erreur;
Avira\..\...\..\avcenter.exe n'est pas une application Win32 valide
Okay, j'ai réinstaller l'antivirus et il marche!
Il a trouvé le virus Bagle et d'autres, 61 fichiers infectés...
Mais j'ai fait le boulet... J'ai pas enregistrer le rapport...![:D]( ":D")
Je refais un scan avec le rapport
Freezer live et Qoobox supprimé, mais je ne peux pas lancer antivir.
Il y a un message d'erreur;
Avira\..\...\..\avcenter.exe n'est pas une application Win32 valide
Okay, j'ai réinstaller l'antivirus et il marche!
Il a trouvé le virus Bagle et d'autres, 61 fichiers infectés...
Mais j'ai fait le boulet... J'ai pas enregistrer le rapport...
Je refais un scan avec le rapport
Le voici;
Avira AntiVir Personal
Report file date: mardi 2 décembre 2008 19:26
Scanning for 1069442 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CQFD
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 17:51:51
ANTIVIR3.VDF : 7.1.0.176 132608 Bytes 02/12/2008 17:51:52
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 02/12/2008 17:51:55
AEGEN.DLL : 8.1.1.6 323955 Bytes 02/12/2008 17:51:54
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 02/12/2008 17:51:53
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 2 décembre 2008 19:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'Crypserv.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: mardi 2 décembre 2008 19:54
Used time: 28:16 Minute(s)
The scan has been done completely.
4899 Scanning directories
154901 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
154900 Files not concerned
1348 Archives were scanned
2 Warnings
0 Notes
Avira AntiVir Personal
Report file date: mardi 2 décembre 2008 19:26
Scanning for 1069442 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CQFD
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 17:51:51
ANTIVIR3.VDF : 7.1.0.176 132608 Bytes 02/12/2008 17:51:52
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 02/12/2008 17:51:55
AEGEN.DLL : 8.1.1.6 323955 Bytes 02/12/2008 17:51:54
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 02/12/2008 17:51:53
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 2 décembre 2008 19:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'Crypserv.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: mardi 2 décembre 2008 19:54
Used time: 28:16 Minute(s)
The scan has been done completely.
4899 Scanning directories
154901 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
154900 Files not concerned
1348 Archives were scanned
2 Warnings
0 Notes
re
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
Télécharge DDS et sauvegarde-le sur ton bureau.
Voici les rapports;
DDS;
DDS (Version 1.0) - NTFSx86
Run by dams at 22:29:40,14 on 02/12/2008
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.549 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\dams\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://g.live.com/1rewlsup/WinInstaller
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\dams\menu démarrer\programmes\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\dams\menu démarrer\programmes\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-1 28544]
R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-2 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-2 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-2 151297]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-9-22 56344]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-2 52032]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WBSD.SYS [2008-9-18 25856]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\windows live\family safety\fsssvc.exe" []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-9-2 191656]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-1 27904]
=============== Created Last 30 ================
2008-12-02 18:50 <DIR> --d----- c:\program files\Avira
2008-12-02 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-01 21:27 <DIR> --d----- C:\Lop SD
2008-12-01 21:17 <DIR> a-dshr-- C:\cmdcons
2008-12-01 21:14 <DIR> --d----- C:\Combo-Fix
2008-12-01 21:14 <DIR> a-dshr-- C:\autorun.inf
2008-12-01 18:32 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-12-01 18:32 <DIR> --d----- c:\program files\Panda Security
2008-12-01 17:38 161,792 a------- c:\windows\SWREG.exe
2008-12-01 17:38 98,816 a------- c:\windows\sed.exe
2008-12-01 16:39 <DIR> --d----- c:\documents and settings\dams\.housecall6.6
2008-12-01 15:40 410,976 a------- c:\windows\system32\deploytk.dll
2008-12-01 15:40 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-01 13:43 <DIR> --d----- c:\program files\Trend Micro
2008-12-01 00:43 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-12-01 00:41 286,720 a------- c:\windows\iun507.exe
2008-11-30 23:57 <DIR> --d----- c:\program files\GetData
2008-11-30 23:55 <DIR> --d-h--- c:\windows\PIF
2008-11-30 23:54 <DIR> --d----- c:\program files\RecoverySoft
2008-11-30 23:11 <DIR> --d----- c:\program files\TouchStoneSoftware
2008-11-30 21:36 1,680 a------- c:\windows\system32\esnecil.nlp
2008-11-30 21:36 1,680 a------- c:\windows\system32\esnecil.ind
2008-11-30 21:36 4 a------- c:\windows\vx86036.dat
2008-11-30 21:36 68 a------- c:\windows\Crypkey.ini
2008-11-30 21:36 27,648 a----r-- c:\windows\Setup_ck.exe
2008-11-30 21:36 165,888 a------- c:\windows\Ckconfig.exe
2008-11-30 21:36 69,632 a------- c:\windows\system32\Crypserv.exe
2008-11-30 21:36 31,846 a------- c:\windows\system32\Ckldrv.sys
2008-11-30 21:36 18,432 a------- c:\windows\Setup_ck.dll
2008-11-30 21:36 11,776 a------- c:\windows\Ckrfresh.exe
2008-11-30 21:36 260,920 a------- c:\windows\system32\MSDATGRD.OCX
2008-11-30 21:36 <DIR> --d----- c:\program files\Stellar Phoenix NTFS Data Recovery
2008-11-30 20:39 <DIR> --d----- c:\windows\system32\NtmsData
2008-11-23 15:41 <DIR> --d----- c:\program files\fichiers communs\xing shared
2008-11-23 15:41 <DIR> --d----- c:\program files\Real
2008-11-23 15:41 <DIR> --d----- c:\program files\fichiers communs\Real
2008-11-13 21:30 <DIR> --d----- c:\docume~1\dams\applic~1\Malwarebytes
2008-11-13 21:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-13 21:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 21:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-13 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:24 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
==================== Find3M ====================
2008-12-01 13:23 <DIR> --d----- c:\docume~1\dams\applic~1\DNA
2008-12-01 12:54 <DIR> --d----- c:\program files\DNA
2008-12-01 12:45 <DIR> --d----- c:\program files\eMule
2008-11-23 15:41 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-23 15:41 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-23 14:49 <DIR> --d----- c:\program files\Steam
2008-11-13 23:21 <DIR> --d----- c:\docume~1\dams\applic~1\BitTorrent
2008-10-28 10:04 459,164 a------- c:\windows\system32\perfh00C.dat
2008-10-28 10:04 71,980 a------- c:\windows\system32\perfc00C.dat
2008-10-25 12:54 <DIR> --d----- c:\program files\fichiers communs\InstallShield
2008-10-25 11:38 <DIR> --d----- c:\program files\ma-config.com
2008-10-25 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ma-config.com
2008-10-07 21:26 <DIR> --d----- c:\program files\ffdshow
2008-10-06 21:38 <DIR> --d----- c:\program files\BitTorrent
2008-10-05 09:57 <DIR> --d----- c:\program files\OpenPlsInWMP
2008-10-05 09:45 <DIR> --d----- c:\program files\Audacity
2008-10-04 20:44 <DIR> --d----- c:\program files\Lavalys
2008-10-04 11:22 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-09-20 18:27 76,507 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-18 15:42 <DIR> --d----- c:\docume~1\dams\applic~1\Intel
2008-09-18 15:42 21,361 a------- c:\windows\AegisP.sys
2008-09-18 15:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
2008-09-18 15:07 21,892 a------- c:\windows\system32\emptyregdb.dat
2008-09-15 16:26 1,846,528 a------- c:\windows\system32\win32k.sys
2008-09-10 02:15 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
2008-09-04 18:16 1,106,944 a------- c:\windows\system32\msxml3.dll
============= FINISH: 22:29:51,04 ===============
DDS;
DDS (Version 1.0) - NTFSx86
Run by dams at 22:29:40,14 on 02/12/2008
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.549 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\dams\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://g.live.com/1rewlsup/WinInstaller
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\dams\menu démarrer\programmes\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\dams\menu démarrer\programmes\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-1 28544]
R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-2 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-2 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-2 151297]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-9-22 56344]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-2 52032]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WBSD.SYS [2008-9-18 25856]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\windows live\family safety\fsssvc.exe" []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-9-2 191656]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-1 27904]
=============== Created Last 30 ================
2008-12-02 18:50 <DIR> --d----- c:\program files\Avira
2008-12-02 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-01 21:27 <DIR> --d----- C:\Lop SD
2008-12-01 21:17 <DIR> a-dshr-- C:\cmdcons
2008-12-01 21:14 <DIR> --d----- C:\Combo-Fix
2008-12-01 21:14 <DIR> a-dshr-- C:\autorun.inf
2008-12-01 18:32 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-12-01 18:32 <DIR> --d----- c:\program files\Panda Security
2008-12-01 17:38 161,792 a------- c:\windows\SWREG.exe
2008-12-01 17:38 98,816 a------- c:\windows\sed.exe
2008-12-01 16:39 <DIR> --d----- c:\documents and settings\dams\.housecall6.6
2008-12-01 15:40 410,976 a------- c:\windows\system32\deploytk.dll
2008-12-01 15:40 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-01 13:43 <DIR> --d----- c:\program files\Trend Micro
2008-12-01 00:43 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-12-01 00:41 286,720 a------- c:\windows\iun507.exe
2008-11-30 23:57 <DIR> --d----- c:\program files\GetData
2008-11-30 23:55 <DIR> --d-h--- c:\windows\PIF
2008-11-30 23:54 <DIR> --d----- c:\program files\RecoverySoft
2008-11-30 23:11 <DIR> --d----- c:\program files\TouchStoneSoftware
2008-11-30 21:36 1,680 a------- c:\windows\system32\esnecil.nlp
2008-11-30 21:36 1,680 a------- c:\windows\system32\esnecil.ind
2008-11-30 21:36 4 a------- c:\windows\vx86036.dat
2008-11-30 21:36 68 a------- c:\windows\Crypkey.ini
2008-11-30 21:36 27,648 a----r-- c:\windows\Setup_ck.exe
2008-11-30 21:36 165,888 a------- c:\windows\Ckconfig.exe
2008-11-30 21:36 69,632 a------- c:\windows\system32\Crypserv.exe
2008-11-30 21:36 31,846 a------- c:\windows\system32\Ckldrv.sys
2008-11-30 21:36 18,432 a------- c:\windows\Setup_ck.dll
2008-11-30 21:36 11,776 a------- c:\windows\Ckrfresh.exe
2008-11-30 21:36 260,920 a------- c:\windows\system32\MSDATGRD.OCX
2008-11-30 21:36 <DIR> --d----- c:\program files\Stellar Phoenix NTFS Data Recovery
2008-11-30 20:39 <DIR> --d----- c:\windows\system32\NtmsData
2008-11-23 15:41 <DIR> --d----- c:\program files\fichiers communs\xing shared
2008-11-23 15:41 <DIR> --d----- c:\program files\Real
2008-11-23 15:41 <DIR> --d----- c:\program files\fichiers communs\Real
2008-11-13 21:30 <DIR> --d----- c:\docume~1\dams\applic~1\Malwarebytes
2008-11-13 21:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-13 21:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 21:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-13 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:24 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
==================== Find3M ====================
2008-12-01 13:23 <DIR> --d----- c:\docume~1\dams\applic~1\DNA
2008-12-01 12:54 <DIR> --d----- c:\program files\DNA
2008-12-01 12:45 <DIR> --d----- c:\program files\eMule
2008-11-23 15:41 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-23 15:41 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-23 14:49 <DIR> --d----- c:\program files\Steam
2008-11-13 23:21 <DIR> --d----- c:\docume~1\dams\applic~1\BitTorrent
2008-10-28 10:04 459,164 a------- c:\windows\system32\perfh00C.dat
2008-10-28 10:04 71,980 a------- c:\windows\system32\perfc00C.dat
2008-10-25 12:54 <DIR> --d----- c:\program files\fichiers communs\InstallShield
2008-10-25 11:38 <DIR> --d----- c:\program files\ma-config.com
2008-10-25 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ma-config.com
2008-10-07 21:26 <DIR> --d----- c:\program files\ffdshow
2008-10-06 21:38 <DIR> --d----- c:\program files\BitTorrent
2008-10-05 09:57 <DIR> --d----- c:\program files\OpenPlsInWMP
2008-10-05 09:45 <DIR> --d----- c:\program files\Audacity
2008-10-04 20:44 <DIR> --d----- c:\program files\Lavalys
2008-10-04 11:22 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-09-20 18:27 76,507 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-18 15:42 <DIR> --d----- c:\docume~1\dams\applic~1\Intel
2008-09-18 15:42 21,361 a------- c:\windows\AegisP.sys
2008-09-18 15:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
2008-09-18 15:07 21,892 a------- c:\windows\system32\emptyregdb.dat
2008-09-15 16:26 1,846,528 a------- c:\windows\system32\win32k.sys
2008-09-10 02:15 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
2008-09-04 18:16 1,106,944 a------- c:\windows\system32\msxml3.dll
============= FINISH: 22:29:51,04 ===============
Lassé par la pub ? Créez un compte
- Contenus similaires :
- SolutionsOverclocking imedia s3210 help
- Solutions[Résolu] Help! Branchement PC vers Télé
- SolutionsDésinstaler Internet Download Manager ! Help plz!
- SolutionsHttp://www facebook com/help/contact_generic php
- SolutionsAcer M1641: Big blue screen of death !!! help
- SolutionsJ'ai perdu mon compte steam ! HELP !
- SolutionsHELP - Excel : comment taper "(e)" sans faire apparaître le signe euro
- SolutionsHD 5850 ==> Ventilo turbine, ou pas. Help !?
- ForumHelp Correction Texte Anglais. Merci!
- Voir plus
