A voir également:
- Virus msn HELP
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
125 réponses
voila le raport
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Unable to stop service seneka .
Unable to stop service Messager .
========== FILES ==========
File/Folder c:\temp not found.
File/Folder C:\Windows\system32\drivers\senekarxijovan.sys not found.
File/Folder C:\Windows\system32\200931732.dll not found.
File/Folder C:\Windows\system32\w.exe not found.
File/Folder C:\Windows\system32\303369.exe not found.
File/Folder C:\Windows\system32\3361 not found.
File/Folder C:\Windows\system32\20093552.dll not found.
File/Folder C:\Windows\system32\u12823959.dll not found.
File/Folder C:\Windows\system32\sopidkc.exe not found.
File/Folder C:\Windows\system32\xcchit32.ini not found.
File/Folder C:\Windows\xccdf32_090305a.dll not found.
File/Folder C:\Windows\xccdf16_090305a.dll not found.
File/Folder C:\Windows\system32\inf not found.
File/Folder C:\Windows\xccwinsys.ini not found.
File/Folder C:\Windows\system32\icv.exe not found.
C:\Windows\system32\lux.exe moved successfully.
C:\Windows\fxsteller.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\xccinit deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11dd2c85-0585-11dc-af68-001921ca50f9}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\arafat\AppData\Local\Temp\hsperfdata_arafat\2752 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_195809
Files moved on Reboot...
File C:\Users\arafat\AppData\Local\Temp\hsperfdata_arafat\2752 not found!
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Unable to stop service seneka .
Unable to stop service Messager .
========== FILES ==========
File/Folder c:\temp not found.
File/Folder C:\Windows\system32\drivers\senekarxijovan.sys not found.
File/Folder C:\Windows\system32\200931732.dll not found.
File/Folder C:\Windows\system32\w.exe not found.
File/Folder C:\Windows\system32\303369.exe not found.
File/Folder C:\Windows\system32\3361 not found.
File/Folder C:\Windows\system32\20093552.dll not found.
File/Folder C:\Windows\system32\u12823959.dll not found.
File/Folder C:\Windows\system32\sopidkc.exe not found.
File/Folder C:\Windows\system32\xcchit32.ini not found.
File/Folder C:\Windows\xccdf32_090305a.dll not found.
File/Folder C:\Windows\xccdf16_090305a.dll not found.
File/Folder C:\Windows\system32\inf not found.
File/Folder C:\Windows\xccwinsys.ini not found.
File/Folder C:\Windows\system32\icv.exe not found.
C:\Windows\system32\lux.exe moved successfully.
C:\Windows\fxsteller.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\xccinit deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11dd2c85-0585-11dc-af68-001921ca50f9}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\arafat\AppData\Local\Temp\hsperfdata_arafat\2752 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_195809
Files moved on Reboot...
File C:\Users\arafat\AppData\Local\Temp\hsperfdata_arafat\2752 not found!
Le virus MSN a été déplacé dans le dossier C:\_OTMoveIt
Tu peux supprimer le dossier _OTMoveIt.
Tu vois un changement ?
Tu peux supprimer le dossier _OTMoveIt.
Tu vois un changement ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ma télé g le pack free avec tele
et limage c bloqué ca me met code retour invalide connexion au serveur
et limage c bloqué ca me met code retour invalide connexion au serveur
bref passons la télé
je fais quoi maintenant
comment retrouvé et suprimer le dernier logiciel telecharger?
je fais quoi maintenant
comment retrouvé et suprimer le dernier logiciel telecharger?
Clique sur le rond bleu (Le Menu Démarrer de Vista), clique sur Ordinateur puis choisis ton disque dur C.
Tu verras le dossier _OTMoveIt.
Tu verras le dossier _OTMoveIt.
Refais un scan RSIT et poste le rapport log pour que je puisse comparer avec le rapport de tout à l'heure.
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, poste le contenu de log.txt (c'est celui qui apparaît à l'écran).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, poste le contenu de log.txt (c'est celui qui apparaît à l'écran).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Bon, on va devoir essayer autre chose.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
voici le rapport de combofix :
ComboFix 09-03-06.02 - arafat 2009-03-10 21:27:34.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.895.217 [GMT 1:00]
Lancé depuis: c:\downloads\Software\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
FW: Norton Internet Security *enabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\xccef090305.exe
c:\windows\system32\uniq.tll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_defaultlib
-------\Service_seneka
-------\Service_softyinforwow1
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-10 au 2009-03-10 ))))))))))))))))))))))))))))))))))))
.
2009-03-10 19:58 . 2009-03-10 19:58 47 --a------ C:\xcclstecj.bat
2009-03-10 15:33 . 2009-03-10 16:07 <REP> d-------- c:\program files\Ad-remover
2009-03-10 14:24 . 2009-03-10 15:26 <REP> d-------- c:\program files\Navilog1
2009-03-10 11:30 . 2009-03-10 11:30 <REP> d-------- C:\rsit
2009-03-10 11:30 . 2009-03-10 12:10 <REP> d-------- c:\program files\trend micro
2009-03-10 02:44 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\users\arafat\AppData\Roaming\Malwarebytes
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\programdata\Malwarebytes
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 01:44 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-10 01:44 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-09 20:35 . 2009-03-09 20:43 <REP> d-------- c:\users\arafat\{7f2b08f1-b582-4a9b-b447-e2f7e7b616fa}
2009-03-08 21:58 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-08 21:58 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-08 21:58 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-08 21:58 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-08 21:58 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-08 21:58 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-08 21:58 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-08 21:58 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-08 21:56 . 2009-03-08 21:58 30,359,552 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-03-08 21:56 . 2009-03-08 21:58 49,152 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-08 21:56 . 2009-03-08 21:58 16,384 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-08 21:49 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-08 21:49 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-08 21:49 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-08 21:48 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-08 21:48 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-08 19:19 . 2009-03-10 21:33 229,408 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-03-08 19:19 . 2009-03-10 21:33 1,864 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-03-08 19:19 . 2009-03-10 21:33 32 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-03-08 19:19 . 2009-03-10 21:33 32 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-03-08 19:01 . 2009-03-08 19:01 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-03-08 19:00 . 2009-03-08 19:00 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-03-08 18:59 . 2009-03-10 13:18 <REP> d-------- c:\users\All Users\Kaspersky Lab
2009-03-08 18:59 . 2009-03-10 13:18 <REP> d-------- c:\programdata\Kaspersky Lab
2009-03-08 18:59 . 2009-03-08 18:59 <REP> d-------- c:\program files\Kaspersky Lab
2009-03-08 12:55 . 2009-03-08 12:55 108,336 --a------ c:\windows\System32\MSWINSCK.OCX
2009-03-08 12:54 . 2009-03-05 21:06 32,768 --a------ c:\windows\System32\umtcdtw.sys
2009-03-04 18:39 . 2009-03-09 23:39 <REP> d-------- C:\Downloads
2009-02-28 19:19 . 2009-03-10 21:32 <REP> d-------- c:\users\arafat\AppData\Roaming\Free Download Manager
2009-02-28 19:19 . 2009-02-28 19:19 <REP> d-------- c:\program files\Free Download Manager
2009-02-22 10:56 . 2009-02-22 10:56 268 --ah----- C:\sqmdata07.sqm
2009-02-22 10:56 . 2009-02-22 10:56 244 --ah----- C:\sqmnoopt08.sqm
2009-02-22 10:56 . 2009-02-22 10:56 244 --ah----- C:\sqmnoopt07.sqm
2009-02-22 10:56 . 2009-02-22 10:56 136 --ah----- C:\sqmdata08.sqm
2009-02-20 22:29 . 2009-02-20 22:29 268 --ah----- C:\sqmdata06.sqm
2009-02-20 22:29 . 2009-02-20 22:29 244 --ah----- C:\sqmnoopt06.sqm
2009-02-19 22:11 . 2009-02-19 22:11 268 --ah----- C:\sqmdata05.sqm
2009-02-19 22:11 . 2009-02-19 22:11 244 --ah----- C:\sqmnoopt05.sqm
2009-02-19 20:52 . 2009-02-19 20:58 <REP> d-------- c:\program files\Advanced PC Tweaker
2009-02-19 20:14 . 2009-02-19 20:14 203,776 --a------ c:\windows\System32\clrviddc.dll
2009-02-17 20:57 . 2009-03-08 22:27 146,699,264 --a------ c:\windows\MEMORY.DMP
2009-02-15 21:25 . 2009-02-15 21:25 <REP> d-------- c:\users\All Users\CyberLink
2009-02-15 21:25 . 2009-02-15 21:25 <REP> d-------- c:\programdata\CyberLink
2009-02-15 21:25 . 2000-06-23 12:46 37,916 --a------ c:\windows\WMPrfFRA.prx
2009-02-15 21:15 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-02-15 21:14 . 2008-01-08 13:10 98,304 --a------ c:\windows\RTKAUDIOSERVICE.EXE
2009-02-15 21:12 . 2009-02-15 21:12 <REP> d-------- c:\users\arafat\AppData\Roaming\WinBatch
2009-02-15 21:12 . 2008-01-15 11:26 4,874,240 --a------ c:\windows\RtHDVCpl.exe
2009-02-15 21:12 . 2008-01-07 19:30 2,156,544 --a------ c:\windows\System32\RtkAPO.dll
2009-02-15 21:12 . 2008-01-15 19:19 2,047,576 --a------ c:\windows\System32\drivers\RTKVHDA.sys
2009-02-15 21:12 . 2007-11-07 17:31 1,191,936 --a------ c:\windows\RtlUpd.exe
2009-02-15 21:12 . 2008-01-09 18:52 636,416 --a------ c:\windows\System32\RtkPgExt.dll
2009-02-15 21:12 . 2007-11-13 12:35 532,480 --a------ c:\windows\System32\RTSndMgr.cpl
2009-02-15 21:12 . 2006-12-13 10:30 339,968 --a------ c:\windows\System32\SRSTSXT.dll
2009-02-15 21:12 . 2009-02-15 21:12 315,392 --a------ c:\windows\HideWin.exe
2009-02-15 21:12 . 2007-07-25 09:33 135,168 --a------ c:\windows\System32\SRSWOW.dll
2009-02-15 21:12 . 2008-01-14 16:18 29,696 --a------ c:\windows\System32\RtkCoInst.dll
2009-02-15 18:05 . 2009-02-15 18:05 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-15 17:30 . 2009-02-15 17:30 25 --a------ c:\windows\cdplayer.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 13:44 --------- d-----w c:\programdata\Google Updater
2009-03-08 21:17 --------- d-----w c:\users\arafat\AppData\Roaming\Skype
2009-03-08 17:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-08 17:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 17:43 --------- d-----w c:\program files\Symantec
2009-03-08 17:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-01 12:35 1,982 ----a-w c:\users\arafat\AppData\Roaming\wklnhst.dat
2009-02-15 20:28 --------- d-----w c:\program files\HP
2009-02-15 20:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 20:12 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-02-15 20:12 --------- d-----w c:\program files\Realtek
2009-02-15 19:29 --------- d-----w c:\program files\EA SPORTS
2009-02-15 17:05 --------- d-----w c:\program files\DivX
2009-02-12 19:35 --------- d-----w c:\program files\Windows Mail
2009-02-04 20:22 174 --sha-w c:\program files\desktop.ini
2009-02-04 20:12 --------- d-----w c:\program files\Windows Sidebar
2009-02-04 20:12 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-04 20:12 --------- d-----w c:\program files\Windows Defender
2009-02-04 20:12 --------- d-----w c:\program files\Windows Collaboration
2009-02-04 20:12 --------- d-----w c:\program files\Windows Calendar
2009-02-02 11:09 --------- d-----w c:\program files\Real
2009-02-02 11:09 --------- d-----w c:\program files\Common Files\xing shared
2009-02-02 11:09 --------- d-----w c:\program files\Common Files\Real
2009-02-01 21:38 --------- d-----w c:\program files\Google
2009-01-22 12:56 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-20 20:00 --------- d-----w c:\program files\Ressources Windows Mobile
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-31 23:20 10,926 ----a-w C:\cc_20090101_001944.reg
2008-12-31 23:20 1,028 ----a-w C:\cc_20090101_002032.reg
2007-09-19 19:36 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-12-06 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-13 20034600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-02 185872]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-12-18 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
c:\users\arafat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\arafat\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-06 143360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2007-12-12 638976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04F09249-591A-4858-91EF-5E187EC48C9F}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{7870A9A2-E055-46F6-9884-BF4B838EC18B}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{7A06D044-A168-49BE-ADC6-7C85CEDA54C8}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{A2F6EDF3-DF37-47EA-833C-BC35565BCB27}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{9A265547-B984-4C5D-9AB0-26A38D410448}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD1C8F4D-45AF-41E7-B0C0-42C9C6F5F9B8}"= UDP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{861E0946-0FCF-4BCF-AA24-91D8E35B1B07}"= TCP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{A1D7ADEB-F47D-4D0A-9244-96E7CDCA84B7}"= UDP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{0333C19D-E0CA-4C40-8E29-1432B4F2DD04}"= TCP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{7B9A3464-1EB0-479F-B3F5-F560F111DD31}"= UDP:990:LocalSubnet:LocalSubnet|IF={6C8C50F2-2EB0-43BB-8A3A-5BDE53F4B17D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{98BB98D2-BCB7-411C-B783-B0C0BD111E12}"= UDP:990:LocalSubnet:LocalSubnet|IF={6C8C50F2-2EB0-43BB-8A3A-5BDE53F4B17D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{5C2D935E-85F4-45BF-BACA-107B2ACD7D89}"= UDP:990:LocalSubnet:LocalSubnet|IF={6C8C50F2-2EB0-43BB-8A3A-5BDE53F4B17D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{87A0B5B1-2391-4BD0-A7A2-08B2AB1510C3}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{F9852EBD-3CBF-4549-BC7A-C6D9E813601C}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{AFD89C0C-152F-48F8-AD24-8061313EABB0}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{113400A4-E93E-46C8-94DA-A004A7010102}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-06-02 202872]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2006-10-24 37008]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
2009-03-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 22:28]
2009-03-06 c:\windows\Tasks\Norton Internet Security - Analyse système complète - arafat.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
2009-03-06 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2009-02-12 12:43]
2009-03-10 c:\windows\Tasks\User_Feed_Synchronization-{EA0A5BA7-EB65-4E3B-9267-DA20E54BA430}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-osCheck - c:\program files\Norton Internet Security\osCheck.exe
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
------- Examen supplémentaire -------
.
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
FF - ProfilePath - c:\users\arafat\AppData\Roaming\Mozilla\Firefox\Profiles\6pjhx23l.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 21:36:44
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000002B27DB7CE09ADFDF38
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2652)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\users\arafat\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\hp\KBD\kbd.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Heure de fin: 2009-03-10 21:44:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-10 20:44:04
Avant-CF: 172 583 727 104 octets libres
Après-CF: 172,525,350,912 octets libres
298 --- E O F --- 2009-03-10 12:20:42
ComboFix 09-03-06.02 - arafat 2009-03-10 21:27:34.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.895.217 [GMT 1:00]
Lancé depuis: c:\downloads\Software\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
FW: Norton Internet Security *enabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\xccef090305.exe
c:\windows\system32\uniq.tll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_defaultlib
-------\Service_seneka
-------\Service_softyinforwow1
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-10 au 2009-03-10 ))))))))))))))))))))))))))))))))))))
.
2009-03-10 19:58 . 2009-03-10 19:58 47 --a------ C:\xcclstecj.bat
2009-03-10 15:33 . 2009-03-10 16:07 <REP> d-------- c:\program files\Ad-remover
2009-03-10 14:24 . 2009-03-10 15:26 <REP> d-------- c:\program files\Navilog1
2009-03-10 11:30 . 2009-03-10 11:30 <REP> d-------- C:\rsit
2009-03-10 11:30 . 2009-03-10 12:10 <REP> d-------- c:\program files\trend micro
2009-03-10 02:44 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\users\arafat\AppData\Roaming\Malwarebytes
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\programdata\Malwarebytes
2009-03-10 01:44 . 2009-03-10 01:44 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 01:44 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-10 01:44 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-09 20:35 . 2009-03-09 20:43 <REP> d-------- c:\users\arafat\{7f2b08f1-b582-4a9b-b447-e2f7e7b616fa}
2009-03-08 21:58 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-08 21:58 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-08 21:58 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-08 21:58 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-08 21:58 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-08 21:58 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-08 21:58 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-08 21:58 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-08 21:56 . 2009-03-08 21:58 30,359,552 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-03-08 21:56 . 2009-03-08 21:58 49,152 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-08 21:56 . 2009-03-08 21:58 16,384 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-08 21:49 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-08 21:49 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-08 21:49 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-08 21:48 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-08 21:48 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-08 19:19 . 2009-03-10 21:33 229,408 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-03-08 19:19 . 2009-03-10 21:33 1,864 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-03-08 19:19 . 2009-03-10 21:33 32 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-03-08 19:19 . 2009-03-10 21:33 32 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-03-08 19:01 . 2009-03-08 19:01 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-03-08 19:00 . 2009-03-08 19:00 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-03-08 18:59 . 2009-03-10 13:18 <REP> d-------- c:\users\All Users\Kaspersky Lab
2009-03-08 18:59 . 2009-03-10 13:18 <REP> d-------- c:\programdata\Kaspersky Lab
2009-03-08 18:59 . 2009-03-08 18:59 <REP> d-------- c:\program files\Kaspersky Lab
2009-03-08 12:55 . 2009-03-08 12:55 108,336 --a------ c:\windows\System32\MSWINSCK.OCX
2009-03-08 12:54 . 2009-03-05 21:06 32,768 --a------ c:\windows\System32\umtcdtw.sys
2009-03-04 18:39 . 2009-03-09 23:39 <REP> d-------- C:\Downloads
2009-02-28 19:19 . 2009-03-10 21:32 <REP> d-------- c:\users\arafat\AppData\Roaming\Free Download Manager
2009-02-28 19:19 . 2009-02-28 19:19 <REP> d-------- c:\program files\Free Download Manager
2009-02-22 10:56 . 2009-02-22 10:56 268 --ah----- C:\sqmdata07.sqm
2009-02-22 10:56 . 2009-02-22 10:56 244 --ah----- C:\sqmnoopt08.sqm
2009-02-22 10:56 . 2009-02-22 10:56 244 --ah----- C:\sqmnoopt07.sqm
2009-02-22 10:56 . 2009-02-22 10:56 136 --ah----- C:\sqmdata08.sqm
2009-02-20 22:29 . 2009-02-20 22:29 268 --ah----- C:\sqmdata06.sqm
2009-02-20 22:29 . 2009-02-20 22:29 244 --ah----- C:\sqmnoopt06.sqm
2009-02-19 22:11 . 2009-02-19 22:11 268 --ah----- C:\sqmdata05.sqm
2009-02-19 22:11 . 2009-02-19 22:11 244 --ah----- C:\sqmnoopt05.sqm
2009-02-19 20:52 . 2009-02-19 20:58 <REP> d-------- c:\program files\Advanced PC Tweaker
2009-02-19 20:14 . 2009-02-19 20:14 203,776 --a------ c:\windows\System32\clrviddc.dll
2009-02-17 20:57 . 2009-03-08 22:27 146,699,264 --a------ c:\windows\MEMORY.DMP
2009-02-15 21:25 . 2009-02-15 21:25 <REP> d-------- c:\users\All Users\CyberLink
2009-02-15 21:25 . 2009-02-15 21:25 <REP> d-------- c:\programdata\CyberLink
2009-02-15 21:25 . 2000-06-23 12:46 37,916 --a------ c:\windows\WMPrfFRA.prx
2009-02-15 21:15 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-02-15 21:14 . 2008-01-08 13:10 98,304 --a------ c:\windows\RTKAUDIOSERVICE.EXE
2009-02-15 21:12 . 2009-02-15 21:12 <REP> d-------- c:\users\arafat\AppData\Roaming\WinBatch
2009-02-15 21:12 . 2008-01-15 11:26 4,874,240 --a------ c:\windows\RtHDVCpl.exe
2009-02-15 21:12 . 2008-01-07 19:30 2,156,544 --a------ c:\windows\System32\RtkAPO.dll
2009-02-15 21:12 . 2008-01-15 19:19 2,047,576 --a------ c:\windows\System32\drivers\RTKVHDA.sys
2009-02-15 21:12 . 2007-11-07 17:31 1,191,936 --a------ c:\windows\RtlUpd.exe
2009-02-15 21:12 . 2008-01-09 18:52 636,416 --a------ c:\windows\System32\RtkPgExt.dll
2009-02-15 21:12 . 2007-11-13 12:35 532,480 --a------ c:\windows\System32\RTSndMgr.cpl
2009-02-15 21:12 . 2006-12-13 10:30 339,968 --a------ c:\windows\System32\SRSTSXT.dll
2009-02-15 21:12 . 2009-02-15 21:12 315,392 --a------ c:\windows\HideWin.exe
2009-02-15 21:12 . 2007-07-25 09:33 135,168 --a------ c:\windows\System32\SRSWOW.dll
2009-02-15 21:12 . 2008-01-14 16:18 29,696 --a------ c:\windows\System32\RtkCoInst.dll
2009-02-15 18:05 . 2009-02-15 18:05 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-15 17:30 . 2009-02-15 17:30 25 --a------ c:\windows\cdplayer.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 13:44 --------- d-----w c:\programdata\Google Updater
2009-03-08 21:17 --------- d-----w c:\users\arafat\AppData\Roaming\Skype
2009-03-08 17:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-08 17:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 17:43 --------- d-----w c:\program files\Symantec
2009-03-08 17:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-01 12:35 1,982 ----a-w c:\users\arafat\AppData\Roaming\wklnhst.dat
2009-02-15 20:28 --------- d-----w c:\program files\HP
2009-02-15 20:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 20:12 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-02-15 20:12 --------- d-----w c:\program files\Realtek
2009-02-15 19:29 --------- d-----w c:\program files\EA SPORTS
2009-02-15 17:05 --------- d-----w c:\program files\DivX
2009-02-12 19:35 --------- d-----w c:\program files\Windows Mail
2009-02-04 20:22 174 --sha-w c:\program files\desktop.ini
2009-02-04 20:12 --------- d-----w c:\program files\Windows Sidebar
2009-02-04 20:12 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-04 20:12 --------- d-----w c:\program files\Windows Defender
2009-02-04 20:12 --------- d-----w c:\program files\Windows Collaboration
2009-02-04 20:12 --------- d-----w c:\program files\Windows Calendar
2009-02-02 11:09 --------- d-----w c:\program files\Real
2009-02-02 11:09 --------- d-----w c:\program files\Common Files\xing shared
2009-02-02 11:09 --------- d-----w c:\program files\Common Files\Real
2009-02-01 21:38 --------- d-----w c:\program files\Google
2009-01-22 12:56 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-20 20:00 --------- d-----w c:\program files\Ressources Windows Mobile
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-31 23:20 10,926 ----a-w C:\cc_20090101_001944.reg
2008-12-31 23:20 1,028 ----a-w C:\cc_20090101_002032.reg
2007-09-19 19:36 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-12-06 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-13 20034600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-02 185872]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-12-18 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
c:\users\arafat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\arafat\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-06 143360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2007-12-12 638976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04F09249-591A-4858-91EF-5E187EC48C9F}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{7870A9A2-E055-46F6-9884-BF4B838EC18B}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{7A06D044-A168-49BE-ADC6-7C85CEDA54C8}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{A2F6EDF3-DF37-47EA-833C-BC35565BCB27}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{9A265547-B984-4C5D-9AB0-26A38D410448}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD1C8F4D-45AF-41E7-B0C0-42C9C6F5F9B8}"= UDP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{861E0946-0FCF-4BCF-AA24-91D8E35B1B07}"= TCP:c:\program files\HomePlayer\HomePlayer.exe:HomePlayer
"{A1D7ADEB-F47D-4D0A-9244-96E7CDCA84B7}"= UDP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{0333C19D-E0CA-4C40-8E29-1432B4F2DD04}"= TCP:c:\program files\HomePlayer\VLC\vlc.exe:VLC HomePlayer
"{7B9A3464-1EB0-479F-B3F5-F560F111DD31}"= UDP:990:LocalSubnet:LocalSubnet|IF={6C8C50F2-2EB0-43BB-8A3A-5BDE53F4B17D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{98BB98D2-BCB7-411C-B783-B0C0BD111E12}"= UDP:990:LocalSubnet:LocalSubnet|IF={6C8C50F2-2EB0-43BB-8A3A-5BDE53F4B17D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{5C2D935E-85F4-45BF-BACA-107B2ACD7D89}"= UDP:990:LocalSubnet:LocalSubnet|IF={6C8C50F2-2EB0-43BB-8A3A-5BDE53F4B17D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{87A0B5B1-2391-4BD0-A7A2-08B2AB1510C3}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{F9852EBD-3CBF-4549-BC7A-C6D9E813601C}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{AFD89C0C-152F-48F8-AD24-8061313EABB0}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{113400A4-E93E-46C8-94DA-A004A7010102}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-06-02 202872]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2006-10-24 37008]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
2009-03-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 22:28]
2009-03-06 c:\windows\Tasks\Norton Internet Security - Analyse système complète - arafat.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
2009-03-06 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2009-02-12 12:43]
2009-03-10 c:\windows\Tasks\User_Feed_Synchronization-{EA0A5BA7-EB65-4E3B-9267-DA20E54BA430}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-osCheck - c:\program files\Norton Internet Security\osCheck.exe
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
------- Examen supplémentaire -------
.
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
FF - ProfilePath - c:\users\arafat\AppData\Roaming\Mozilla\Firefox\Profiles\6pjhx23l.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 21:36:44
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000002B27DB7CE09ADFDF38
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2652)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\users\arafat\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\hp\KBD\kbd.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Heure de fin: 2009-03-10 21:44:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-10 20:44:04
Avant-CF: 172 583 727 104 octets libres
Après-CF: 172,525,350,912 octets libres
298 --- E O F --- 2009-03-10 12:20:42
ca va ca rame plus,jpense ke c bon?
comment savoir si ts les virus st suprimé?
car avec antiwalware me dit kil ya 7 infection hijasky mais je precise c t avt de faire combofix
maintenant qu est ce que je suprime et remet en place? tt a lheure on avait desactivé qqchose
merci bcq
comment savoir si ts les virus st suprimé?
car avec antiwalware me dit kil ya 7 infection hijasky mais je precise c t avt de faire combofix
maintenant qu est ce que je suprime et remet en place? tt a lheure on avait desactivé qqchose
merci bcq
/!\ Seul tulipe94 peut suivre cette procédure. /!\
1/
---> Ouvre le Bloc-notes.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\xcclstecj.bat
c:\windows\System32\umtcdtw.sys
c:\windows\Tasks\Norton Internet Security - Analyse système complète - arafat.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
--> Colle la sélection dans le Bloc-notes.
--> Enregistre ce fichier sur le Bureau (Impératif).
--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.
2/
--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
--> Une fenętre bleue va apparaître : au message qui apparaît, tu acceptes.
--> Patiente le temps du scan. Le bureau va disparaître ŕ plusieurs reprises : c'est normal !
Ne touche ŕ rien tant que le scan n'est pas terminé.
--> Une fois le scan achevé, un rapport va s'afficher : poste-le.
--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
1/
---> Ouvre le Bloc-notes.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\xcclstecj.bat
c:\windows\System32\umtcdtw.sys
c:\windows\Tasks\Norton Internet Security - Analyse système complète - arafat.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
--> Colle la sélection dans le Bloc-notes.
--> Enregistre ce fichier sur le Bureau (Impératif).
--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.
2/
--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
--> Une fenętre bleue va apparaître : au message qui apparaît, tu acceptes.
--> Patiente le temps du scan. Le bureau va disparaître ŕ plusieurs reprises : c'est normal !
Ne touche ŕ rien tant que le scan n'est pas terminé.
--> Une fois le scan achevé, un rapport va s'afficher : poste-le.
--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
