Trojan
Fermé
vdmf
Messages postés
141
Date d'inscription
dimanche 31 décembre 2006
Statut
Membre
Dernière intervention
5 novembre 2012
-
31 déc. 2008 à 15:22
vdmf Messages postés 141 Date d'inscription dimanche 31 décembre 2006 Statut Membre Dernière intervention 5 novembre 2012 - 1 janv. 2009 à 14:32
vdmf Messages postés 141 Date d'inscription dimanche 31 décembre 2006 Statut Membre Dernière intervention 5 novembre 2012 - 1 janv. 2009 à 14:32
A voir également:
- Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan b901 ✓ - Forum Virus
- Csrss.exe trojan ✓ - Forum Virus
- [Virus] Trojan ou virus dans csrss.exe et spo - Forum Virus
- Problème csrss.exe, virus? ✓ - Forum Virus
9 réponses
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
31 déc. 2008 à 15:48
31 déc. 2008 à 15:48
il faut montrer le rapport apres suppression, la c est avant suppression.
vdmf
Messages postés
141
Date d'inscription
dimanche 31 décembre 2006
Statut
Membre
Dernière intervention
5 novembre 2012
31 déc. 2008 à 16:10
31 déc. 2008 à 16:10
oups ! la honte pour moi ! je vais en refaire un.merci !
vdmf
Messages postés
141
Date d'inscription
dimanche 31 décembre 2006
Statut
Membre
Dernière intervention
5 novembre 2012
1 janv. 2009 à 03:32
1 janv. 2009 à 03:32
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1582
Windows 5.1.2600 Service Pack 3
31/12/2008 18:11:33
mbam-log-2008-12-31 (18-11-33).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 114321
Temps écoulé: 1 hour(s), 56 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 1582
Windows 5.1.2600 Service Pack 3
31/12/2008 18:11:33
mbam-log-2008-12-31 (18-11-33).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 114321
Temps écoulé: 1 hour(s), 56 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
1 janv. 2009 à 11:36
1 janv. 2009 à 11:36
bonjour
1)y a t il du changement?
2)on va verifier un peu:
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
1)y a t il du changement?
2)on va verifier un peu:
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
vdmf
Messages postés
141
Date d'inscription
dimanche 31 décembre 2006
Statut
Membre
Dernière intervention
5 novembre 2012
1 janv. 2009 à 12:33
1 janv. 2009 à 12:33
Bonne année 2009 à toi !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1219780699484
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O20 - AppInit_DLLs: krrvpl.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1219780699484
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O20 - AppInit_DLLs: krrvpl.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
1 janv. 2009 à 12:48
1 janv. 2009 à 12:48
une ligne etrange.
pour voir télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
pour voir télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
vdmf
Messages postés
141
Date d'inscription
dimanche 31 décembre 2006
Statut
Membre
Dernière intervention
5 novembre 2012
1 janv. 2009 à 13:18
1 janv. 2009 à 13:18
ComboFix 08-12-31.01 - Administrateur 2009-01-01 13:09:29.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.288 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.9C024B2278E9436\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-30 15:05 . 2008-12-30 15:05 <REP> d-------- c:\program files\Bonjour
2008-12-30 12:29 . 2008-12-30 12:29 <REP> d-------- c:\windows\avxoscan
2008-12-27 01:55 . 2008-12-27 01:55 410 --a------ C:\Ri4m.ajb
2008-12-19 22:32 . 2008-12-30 21:52 <REP> d-------- c:\program files\Avant Browser
2008-12-19 22:32 . 2008-12-19 22:32 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Avant Profiles
2008-12-19 21:52 . 2008-12-19 21:53 <REP> d-------- c:\program files\MSN Messenger
2008-12-19 17:14 . 2008-12-19 21:16 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Tracing
2008-12-19 17:09 . 2008-12-19 17:09 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-19 17:09 . 2008-12-19 17:09 <REP> d-------- c:\program files\Microsoft
2008-12-19 16:30 . 2008-12-19 16:30 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-19 15:05 . 2008-12-19 15:05 165 --a------ C:\SWFgo.bat
2008-12-19 01:24 . 2008-12-19 01:24 <REP> d-------- c:\program files\iPod
2008-12-19 01:23 . 2008-12-19 01:24 <REP> d-------- c:\program files\iTunes
2008-12-19 01:23 . 2008-12-19 01:24 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 17:37 . 2008-12-16 17:38 <REP> d-------- c:\program files\QuickTime
2008-12-16 17:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-16 17:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-15 18:44 . 2008-12-31 15:26 <REP> d-------- c:\program files\eMule
2008-12-15 02:10 . 2008-12-16 02:18 1,108,372 --a------ c:\documents and settings\Administrateur_(converted).avi
2008-12-12 13:28 . 2008-12-12 17:48 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\.bitrock
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-12 10:49 . 2008-10-23 13:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
2008-12-12 10:47 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-09 20:31 . 2009-01-01 13:07 <REP> d-------- c:\program files\BitComet
2008-12-09 03:04 . 2008-12-27 17:16 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2008-12-09 03:02 . 2008-12-09 03:02 <REP> d-------- c:\program files\Nikon
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\program files\Fichiers communs\Nikon
2008-12-09 03:02 . 2008-12-09 03:02 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ultima_T15
2008-12-09 03:02 . 2008-12-09 03:02 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nikon
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EnterNHelp
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Nikon
2008-12-09 03:02 . 2008-12-27 17:16 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
2008-12-08 04:01 . 2008-12-08 04:01 <REP> d-------- c:\program files\Real Alternative
2008-12-08 03:21 . 2008-12-08 04:02 69 --a------ c:\windows\NeroDigital.ini
2008-12-08 03:17 . 2008-12-08 03:19 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Nero
2008-12-08 02:36 . 2008-12-08 15:29 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-12-08 02:36 . 2008-12-08 15:28 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2008-12-06 19:54 . 2008-12-06 20:00 <REP> d-------- c:\program files\Radio Fr Solo
2008-12-02 19:47 . 2008-12-16 02:42 <REP> d-------- c:\program files\Ripp-it_AM
2008-12-01 18:03 . 2008-11-21 21:10 41,744 --a------ c:\windows\system32\drivers\VBoxUSBMon.sys
2008-12-01 18:02 . 2008-11-21 21:10 93,776 --a------ c:\windows\system32\drivers\VBoxDrv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 12:12 22,042,656 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-01 11:42 --------- d-----w c:\program files\MpcStar
2009-01-01 11:38 258,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-31 14:32 --------- d-----w c:\program files\Trend Micro
2008-12-31 14:24 --------- d-----w c:\program files\CCleaner
2008-12-31 03:09 3,013,632 ----a-w c:\windows\Internet Logs\xDB5E.tmp
2008-12-31 03:09 1,720,832 ----a-w c:\windows\Internet Logs\xDB5F.tmp
2008-12-31 00:14 2,871,296 ----a-w c:\windows\Internet Logs\xDB5D.tmp
2008-12-30 20:25 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\OpenOffice.org2
2008-12-30 04:06 569,856 ----a-w c:\windows\Internet Logs\xDB5B.tmp
2008-12-30 04:06 1,715,200 ----a-w c:\windows\Internet Logs\xDB5C.tmp
2008-12-30 01:43 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-30 00:25 --------- d-----w c:\program files\Dictionnaire
2008-12-29 23:18 60,928 ----a-w c:\windows\Internet Logs\xDB5A.tmp
2008-12-29 16:56 63,488 ----a-w c:\windows\Internet Logs\xDB58.tmp
2008-12-29 16:56 1,731,072 ----a-w c:\windows\Internet Logs\xDB59.tmp
2008-12-29 04:18 63,488 ----a-w c:\windows\Internet Logs\xDB56.tmp
2008-12-29 04:18 1,730,560 ----a-w c:\windows\Internet Logs\xDB57.tmp
2008-12-28 21:35 65,024 ----a-w c:\windows\Internet Logs\xDB54.tmp
2008-12-28 21:35 1,730,048 ----a-w c:\windows\Internet Logs\xDB55.tmp
2008-12-28 16:22 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\FrostWire
2008-12-28 02:43 95,744 ----a-w c:\windows\Internet Logs\xDB52.tmp
2008-12-28 02:43 1,729,536 ----a-w c:\windows\Internet Logs\xDB53.tmp
2008-12-27 03:58 40,960 ----a-w c:\windows\Internet Logs\xDB51.tmp
2008-12-27 01:14 48,640 ----a-w c:\windows\Internet Logs\xDB4F.tmp
2008-12-27 01:14 1,717,248 ----a-w c:\windows\Internet Logs\xDB50.tmp
2008-12-26 23:32 76,288 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2008-12-26 23:32 1,719,296 ----a-w c:\windows\Internet Logs\xDB4E.tmp
2008-12-26 04:36 56,832 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2008-12-26 04:36 1,713,152 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2008-12-26 01:34 73,216 ----a-w c:\windows\Internet Logs\xDB4A.tmp
2008-12-25 03:26 87,552 ----a-w c:\windows\Internet Logs\xDB48.tmp
2008-12-25 03:26 1,711,616 ----a-w c:\windows\Internet Logs\xDB49.tmp
2008-12-24 11:46 96,256 ----a-w c:\windows\Internet Logs\xDB46.tmp
2008-12-24 11:46 1,711,616 ----a-w c:\windows\Internet Logs\xDB47.tmp
2008-12-23 03:31 123,392 ----a-w c:\windows\Internet Logs\xDB44.tmp
2008-12-23 03:31 1,700,864 ----a-w c:\windows\Internet Logs\xDB45.tmp
2008-12-22 02:47 120,832 ----a-w c:\windows\Internet Logs\xDB42.tmp
2008-12-22 02:47 1,699,840 ----a-w c:\windows\Internet Logs\xDB43.tmp
2008-12-21 02:27 105,984 ----a-w c:\windows\Internet Logs\xDB40.tmp
2008-12-21 02:27 1,699,328 ----a-w c:\windows\Internet Logs\xDB41.tmp
2008-12-20 16:55 --------- d-----w c:\program files\IncrediMail
2008-12-20 02:03 175,616 ----a-w c:\windows\Internet Logs\xDB3E.tmp
2008-12-20 02:03 1,686,016 ----a-w c:\windows\Internet Logs\xDB3F.tmp
2008-12-19 20:39 --------- d-----w c:\program files\Windows Live
2008-12-19 10:04 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\vlc
2008-12-19 02:00 46,080 ----a-w c:\windows\Internet Logs\xDB3C.tmp
2008-12-19 02:00 1,652,224 ----a-w c:\windows\Internet Logs\xDB3D.tmp
2008-12-19 00:07 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-12-19 00:00 51,200 ----a-w c:\windows\Internet Logs\xDB3A.tmp
2008-12-19 00:00 1,647,616 ----a-w c:\windows\Internet Logs\xDB3B.tmp
2008-12-18 20:58 181,760 ----a-w c:\windows\Internet Logs\xDB39.tmp
2008-12-17 01:25 84,992 ----a-w c:\windows\Internet Logs\xDB37.tmp
2008-12-17 01:25 1,636,352 ----a-w c:\windows\Internet Logs\xDB38.tmp
2008-12-16 16:41 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Apple Computer
2008-12-16 16:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-12-16 16:37 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-16 16:23 35,840 ----a-w c:\windows\Internet Logs\xDB35.tmp
2008-12-16 16:23 1,633,280 ----a-w c:\windows\Internet Logs\xDB36.tmp
2008-12-16 16:15 66,048 ----a-w c:\windows\Internet Logs\xDB33.tmp
2008-12-16 16:15 1,634,304 ----a-w c:\windows\Internet Logs\xDB34.tmp
2008-12-16 03:33 164,352 ----a-w c:\windows\Internet Logs\xDB32.tmp
2008-12-16 01:43 --------- d-----w c:\program files\AviSynth 2.5
2008-12-16 01:29 --------- d-----w c:\program files\IVCsoft
2008-12-15 19:52 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-15 14:05 39,424 ----a-w c:\windows\Internet Logs\xDB30.tmp
2008-12-15 14:05 1,616,384 ----a-w c:\windows\Internet Logs\xDB31.tmp
2008-12-15 02:10 153,088 ----a-w c:\windows\Internet Logs\xDB2F.tmp
2008-12-14 04:06 155,136 ----a-w c:\windows\Internet Logs\xDB2D.tmp
2008-12-14 04:06 1,610,752 ----a-w c:\windows\Internet Logs\xDB2E.tmp
2008-12-13 18:55 --------- d-----w c:\program files\FrostWire
2008-12-13 01:30 80,896 ----a-w c:\windows\Internet Logs\xDB2B.tmp
2008-12-13 01:30 1,605,632 ----a-w c:\windows\Internet Logs\xDB2C.tmp
2008-12-12 16:43 94,208 ----a-w c:\windows\Internet Logs\xDB29.tmp
2008-12-12 16:43 1,594,880 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2008-12-12 00:47 152,576 ----a-w c:\windows\Internet Logs\xDB27.tmp
2008-12-12 00:47 1,584,128 ----a-w c:\windows\Internet Logs\xDB28.tmp
2008-12-09 23:09 67,584 ----a-w c:\windows\Internet Logs\xDB25.tmp
2008-12-09 23:09 1,582,592 ----a-w c:\windows\Internet Logs\xDB26.tmp
2008-12-09 02:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 01:37 50,176 ----a-w c:\windows\Internet Logs\xDB23.tmp
2008-12-09 01:37 1,568,256 ----a-w c:\windows\Internet Logs\xDB24.tmp
2008-12-08 19:02 102,912 ----a-w c:\windows\Internet Logs\xDB21.tmp
2008-12-08 19:02 1,569,280 ----a-w c:\windows\Internet Logs\xDB22.tmp
2008-12-08 14:33 46,592 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-12-08 14:33 1,567,232 ----a-w c:\windows\Internet Logs\xDB20.tmp
2008-12-08 03:10 88,064 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-12-08 03:10 1,566,720 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-12-07 02:39 63,488 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-12-07 02:39 1,541,120 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-12-06 20:50 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-06 18:43 31,744 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-12-06 18:43 1,520,128 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-12-06 18:21 --------- d-----w c:\program files\EA Sports
2008-12-06 18:04 51,200 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-12-06 18:04 1,519,616 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-12-06 03:05 57,856 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-12-06 01:20 71,680 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-12-05 02:23 118,784 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-04 18:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-09-15 20:00 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-15 20:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2008-09-15 20:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091520080916\index.dat
2008-09-15 20:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-31_ 1.50.47,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-01 11:40:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_128.dat
+ 2009-01-01 11:39:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=krrvpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"IncrediMail Tray Application"=c:\program files\IncrediMail\bin\IncMail.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Styler"=c:\program files\styler\Styler.exe
"TopDesk"=c:\windows\system32\topdesk.exe
"TransBar"=c:\windows\System32\TransBar.exe /s
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe"
"Vistadrv"=c:\windows\system32\Vistadrive\vsdrv.exe
"VisualTaskTips"=c:\windows\System32\VisualTaskTips.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"snpstd"=c:\windows\vsnpstd.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11350:TCP"= 11350:TCP:BitComet 11350 TCP
"11350:UDP"= 11350:UDP:BitComet 11350 UDP
"21600:TCP"= 21600:TCP:BitComet 21600 TCP
"21600:UDP"= 21600:UDP:BitComet 21600 UDP
"56311:TCP"= 56311:TCP:Pando P2P TCP Listening Port
"56311:UDP"= 56311:UDP:Pando P2P UDP Listening Port
"24028:TCP"= 24028:TCP:BitComet 24028 TCP
"24028:UDP"= 24028:UDP:BitComet 24028 UDP
"58750:TCP"= 58750:TCP:Pando P2P TCP Listening Port
"58750:UDP"= 58750:UDP:Pando P2P UDP Listening Port
"25590:TCP"= 25590:TCP:BitComet 25590 TCP
"25590:UDP"= 25590:UDP:BitComet 25590 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-29 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60a86931-bd55-11dd-a1a4-001109a4cf42}]
\Shell\AutoRun\command - M:\Setup.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Position - (no file)
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Mozilla\Firefox\Profiles\bsyas8tn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=CFEMNov08FFAB&search=
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 13:12:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-01-01 13:13:28
ComboFix-quarantined-files.txt 2009-01-01 12:13:10
ComboFix2.txt 2008-12-31 00:51:33
Avant-CF: 48 493 412 352 octets libres
Après-CF: 48,484,061,184 octets libres
322 --- E O F --- 2008-12-30 10:46:25
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.288 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.9C024B2278E9436\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-30 15:05 . 2008-12-30 15:05 <REP> d-------- c:\program files\Bonjour
2008-12-30 12:29 . 2008-12-30 12:29 <REP> d-------- c:\windows\avxoscan
2008-12-27 01:55 . 2008-12-27 01:55 410 --a------ C:\Ri4m.ajb
2008-12-19 22:32 . 2008-12-30 21:52 <REP> d-------- c:\program files\Avant Browser
2008-12-19 22:32 . 2008-12-19 22:32 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Avant Profiles
2008-12-19 21:52 . 2008-12-19 21:53 <REP> d-------- c:\program files\MSN Messenger
2008-12-19 17:14 . 2008-12-19 21:16 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Tracing
2008-12-19 17:09 . 2008-12-19 17:09 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-19 17:09 . 2008-12-19 17:09 <REP> d-------- c:\program files\Microsoft
2008-12-19 16:30 . 2008-12-19 16:30 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-19 15:05 . 2008-12-19 15:05 165 --a------ C:\SWFgo.bat
2008-12-19 01:24 . 2008-12-19 01:24 <REP> d-------- c:\program files\iPod
2008-12-19 01:23 . 2008-12-19 01:24 <REP> d-------- c:\program files\iTunes
2008-12-19 01:23 . 2008-12-19 01:24 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 17:37 . 2008-12-16 17:38 <REP> d-------- c:\program files\QuickTime
2008-12-16 17:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-16 17:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-15 18:44 . 2008-12-31 15:26 <REP> d-------- c:\program files\eMule
2008-12-15 02:10 . 2008-12-16 02:18 1,108,372 --a------ c:\documents and settings\Administrateur_(converted).avi
2008-12-12 13:28 . 2008-12-12 17:48 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\.bitrock
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-12 10:49 . 2008-10-23 13:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
2008-12-12 10:47 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-09 20:31 . 2009-01-01 13:07 <REP> d-------- c:\program files\BitComet
2008-12-09 03:04 . 2008-12-27 17:16 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2008-12-09 03:02 . 2008-12-09 03:02 <REP> d-------- c:\program files\Nikon
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\program files\Fichiers communs\Nikon
2008-12-09 03:02 . 2008-12-09 03:02 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ultima_T15
2008-12-09 03:02 . 2008-12-09 03:02 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nikon
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EnterNHelp
2008-12-09 03:02 . 2008-12-09 03:04 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Nikon
2008-12-09 03:02 . 2008-12-27 17:16 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
2008-12-08 04:01 . 2008-12-08 04:01 <REP> d-------- c:\program files\Real Alternative
2008-12-08 03:21 . 2008-12-08 04:02 69 --a------ c:\windows\NeroDigital.ini
2008-12-08 03:17 . 2008-12-08 03:19 <REP> d-------- c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Nero
2008-12-08 02:36 . 2008-12-08 15:29 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-12-08 02:36 . 2008-12-08 15:28 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2008-12-06 19:54 . 2008-12-06 20:00 <REP> d-------- c:\program files\Radio Fr Solo
2008-12-02 19:47 . 2008-12-16 02:42 <REP> d-------- c:\program files\Ripp-it_AM
2008-12-01 18:03 . 2008-11-21 21:10 41,744 --a------ c:\windows\system32\drivers\VBoxUSBMon.sys
2008-12-01 18:02 . 2008-11-21 21:10 93,776 --a------ c:\windows\system32\drivers\VBoxDrv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 12:12 22,042,656 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-01 11:42 --------- d-----w c:\program files\MpcStar
2009-01-01 11:38 258,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-31 14:32 --------- d-----w c:\program files\Trend Micro
2008-12-31 14:24 --------- d-----w c:\program files\CCleaner
2008-12-31 03:09 3,013,632 ----a-w c:\windows\Internet Logs\xDB5E.tmp
2008-12-31 03:09 1,720,832 ----a-w c:\windows\Internet Logs\xDB5F.tmp
2008-12-31 00:14 2,871,296 ----a-w c:\windows\Internet Logs\xDB5D.tmp
2008-12-30 20:25 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\OpenOffice.org2
2008-12-30 04:06 569,856 ----a-w c:\windows\Internet Logs\xDB5B.tmp
2008-12-30 04:06 1,715,200 ----a-w c:\windows\Internet Logs\xDB5C.tmp
2008-12-30 01:43 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-30 00:25 --------- d-----w c:\program files\Dictionnaire
2008-12-29 23:18 60,928 ----a-w c:\windows\Internet Logs\xDB5A.tmp
2008-12-29 16:56 63,488 ----a-w c:\windows\Internet Logs\xDB58.tmp
2008-12-29 16:56 1,731,072 ----a-w c:\windows\Internet Logs\xDB59.tmp
2008-12-29 04:18 63,488 ----a-w c:\windows\Internet Logs\xDB56.tmp
2008-12-29 04:18 1,730,560 ----a-w c:\windows\Internet Logs\xDB57.tmp
2008-12-28 21:35 65,024 ----a-w c:\windows\Internet Logs\xDB54.tmp
2008-12-28 21:35 1,730,048 ----a-w c:\windows\Internet Logs\xDB55.tmp
2008-12-28 16:22 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\FrostWire
2008-12-28 02:43 95,744 ----a-w c:\windows\Internet Logs\xDB52.tmp
2008-12-28 02:43 1,729,536 ----a-w c:\windows\Internet Logs\xDB53.tmp
2008-12-27 03:58 40,960 ----a-w c:\windows\Internet Logs\xDB51.tmp
2008-12-27 01:14 48,640 ----a-w c:\windows\Internet Logs\xDB4F.tmp
2008-12-27 01:14 1,717,248 ----a-w c:\windows\Internet Logs\xDB50.tmp
2008-12-26 23:32 76,288 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2008-12-26 23:32 1,719,296 ----a-w c:\windows\Internet Logs\xDB4E.tmp
2008-12-26 04:36 56,832 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2008-12-26 04:36 1,713,152 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2008-12-26 01:34 73,216 ----a-w c:\windows\Internet Logs\xDB4A.tmp
2008-12-25 03:26 87,552 ----a-w c:\windows\Internet Logs\xDB48.tmp
2008-12-25 03:26 1,711,616 ----a-w c:\windows\Internet Logs\xDB49.tmp
2008-12-24 11:46 96,256 ----a-w c:\windows\Internet Logs\xDB46.tmp
2008-12-24 11:46 1,711,616 ----a-w c:\windows\Internet Logs\xDB47.tmp
2008-12-23 03:31 123,392 ----a-w c:\windows\Internet Logs\xDB44.tmp
2008-12-23 03:31 1,700,864 ----a-w c:\windows\Internet Logs\xDB45.tmp
2008-12-22 02:47 120,832 ----a-w c:\windows\Internet Logs\xDB42.tmp
2008-12-22 02:47 1,699,840 ----a-w c:\windows\Internet Logs\xDB43.tmp
2008-12-21 02:27 105,984 ----a-w c:\windows\Internet Logs\xDB40.tmp
2008-12-21 02:27 1,699,328 ----a-w c:\windows\Internet Logs\xDB41.tmp
2008-12-20 16:55 --------- d-----w c:\program files\IncrediMail
2008-12-20 02:03 175,616 ----a-w c:\windows\Internet Logs\xDB3E.tmp
2008-12-20 02:03 1,686,016 ----a-w c:\windows\Internet Logs\xDB3F.tmp
2008-12-19 20:39 --------- d-----w c:\program files\Windows Live
2008-12-19 10:04 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\vlc
2008-12-19 02:00 46,080 ----a-w c:\windows\Internet Logs\xDB3C.tmp
2008-12-19 02:00 1,652,224 ----a-w c:\windows\Internet Logs\xDB3D.tmp
2008-12-19 00:07 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-12-19 00:00 51,200 ----a-w c:\windows\Internet Logs\xDB3A.tmp
2008-12-19 00:00 1,647,616 ----a-w c:\windows\Internet Logs\xDB3B.tmp
2008-12-18 20:58 181,760 ----a-w c:\windows\Internet Logs\xDB39.tmp
2008-12-17 01:25 84,992 ----a-w c:\windows\Internet Logs\xDB37.tmp
2008-12-17 01:25 1,636,352 ----a-w c:\windows\Internet Logs\xDB38.tmp
2008-12-16 16:41 --------- d-----w c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Apple Computer
2008-12-16 16:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-12-16 16:37 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-16 16:23 35,840 ----a-w c:\windows\Internet Logs\xDB35.tmp
2008-12-16 16:23 1,633,280 ----a-w c:\windows\Internet Logs\xDB36.tmp
2008-12-16 16:15 66,048 ----a-w c:\windows\Internet Logs\xDB33.tmp
2008-12-16 16:15 1,634,304 ----a-w c:\windows\Internet Logs\xDB34.tmp
2008-12-16 03:33 164,352 ----a-w c:\windows\Internet Logs\xDB32.tmp
2008-12-16 01:43 --------- d-----w c:\program files\AviSynth 2.5
2008-12-16 01:29 --------- d-----w c:\program files\IVCsoft
2008-12-15 19:52 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-15 14:05 39,424 ----a-w c:\windows\Internet Logs\xDB30.tmp
2008-12-15 14:05 1,616,384 ----a-w c:\windows\Internet Logs\xDB31.tmp
2008-12-15 02:10 153,088 ----a-w c:\windows\Internet Logs\xDB2F.tmp
2008-12-14 04:06 155,136 ----a-w c:\windows\Internet Logs\xDB2D.tmp
2008-12-14 04:06 1,610,752 ----a-w c:\windows\Internet Logs\xDB2E.tmp
2008-12-13 18:55 --------- d-----w c:\program files\FrostWire
2008-12-13 01:30 80,896 ----a-w c:\windows\Internet Logs\xDB2B.tmp
2008-12-13 01:30 1,605,632 ----a-w c:\windows\Internet Logs\xDB2C.tmp
2008-12-12 16:43 94,208 ----a-w c:\windows\Internet Logs\xDB29.tmp
2008-12-12 16:43 1,594,880 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2008-12-12 00:47 152,576 ----a-w c:\windows\Internet Logs\xDB27.tmp
2008-12-12 00:47 1,584,128 ----a-w c:\windows\Internet Logs\xDB28.tmp
2008-12-09 23:09 67,584 ----a-w c:\windows\Internet Logs\xDB25.tmp
2008-12-09 23:09 1,582,592 ----a-w c:\windows\Internet Logs\xDB26.tmp
2008-12-09 02:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 01:37 50,176 ----a-w c:\windows\Internet Logs\xDB23.tmp
2008-12-09 01:37 1,568,256 ----a-w c:\windows\Internet Logs\xDB24.tmp
2008-12-08 19:02 102,912 ----a-w c:\windows\Internet Logs\xDB21.tmp
2008-12-08 19:02 1,569,280 ----a-w c:\windows\Internet Logs\xDB22.tmp
2008-12-08 14:33 46,592 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-12-08 14:33 1,567,232 ----a-w c:\windows\Internet Logs\xDB20.tmp
2008-12-08 03:10 88,064 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-12-08 03:10 1,566,720 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-12-07 02:39 63,488 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-12-07 02:39 1,541,120 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-12-06 20:50 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-06 18:43 31,744 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-12-06 18:43 1,520,128 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-12-06 18:21 --------- d-----w c:\program files\EA Sports
2008-12-06 18:04 51,200 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-12-06 18:04 1,519,616 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-12-06 03:05 57,856 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-12-06 01:20 71,680 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-12-05 02:23 118,784 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-04 18:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-09-15 20:00 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-15 20:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2008-09-15 20:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091520080916\index.dat
2008-09-15 20:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-31_ 1.50.47,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-01 11:40:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_128.dat
+ 2009-01-01 11:39:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=krrvpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"IncrediMail Tray Application"=c:\program files\IncrediMail\bin\IncMail.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Styler"=c:\program files\styler\Styler.exe
"TopDesk"=c:\windows\system32\topdesk.exe
"TransBar"=c:\windows\System32\TransBar.exe /s
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe"
"Vistadrv"=c:\windows\system32\Vistadrive\vsdrv.exe
"VisualTaskTips"=c:\windows\System32\VisualTaskTips.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"snpstd"=c:\windows\vsnpstd.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11350:TCP"= 11350:TCP:BitComet 11350 TCP
"11350:UDP"= 11350:UDP:BitComet 11350 UDP
"21600:TCP"= 21600:TCP:BitComet 21600 TCP
"21600:UDP"= 21600:UDP:BitComet 21600 UDP
"56311:TCP"= 56311:TCP:Pando P2P TCP Listening Port
"56311:UDP"= 56311:UDP:Pando P2P UDP Listening Port
"24028:TCP"= 24028:TCP:BitComet 24028 TCP
"24028:UDP"= 24028:UDP:BitComet 24028 UDP
"58750:TCP"= 58750:TCP:Pando P2P TCP Listening Port
"58750:UDP"= 58750:UDP:Pando P2P UDP Listening Port
"25590:TCP"= 25590:TCP:BitComet 25590 TCP
"25590:UDP"= 25590:UDP:BitComet 25590 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-29 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60a86931-bd55-11dd-a1a4-001109a4cf42}]
\Shell\AutoRun\command - M:\Setup.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Position - (no file)
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\Administrateur.9C024B2278E9436\Application Data\Mozilla\Firefox\Profiles\bsyas8tn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=CFEMNov08FFAB&search=
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 13:12:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-01-01 13:13:28
ComboFix-quarantined-files.txt 2009-01-01 12:13:10
ComboFix2.txt 2008-12-31 00:51:33
Avant-CF: 48 493 412 352 octets libres
Après-CF: 48,484,061,184 octets libres
322 --- E O F --- 2008-12-30 10:46:25
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
1 janv. 2009 à 13:57
1 janv. 2009 à 13:57
cela a l air correct.
vdmf
Messages postés
141
Date d'inscription
dimanche 31 décembre 2006
Statut
Membre
Dernière intervention
5 novembre 2012
1 janv. 2009 à 14:32
1 janv. 2009 à 14:32
O.K merci de ton aide ! passe de bonnes fêtes de fin d'année.
