ComboFix rapport , recherche analyseur
carl
-
carl -
carl -
Bonjour,
Voici mon rapport Combofix , est til correct??? merci
ComboFix 08-05-29.1 - HP_Administrateur 2008-05-31 4:45:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.582 [GMT -4:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
.
2008-05-31 04:41 . 2008-05-31 04:41 <REP> d-------- C:\WINDOWS\LastGood
2008-05-30 20:03 . 2008-05-30 20:52 <REP> d-------- C:\Documents and Settings\HP_Administrateur\DoctorWeb
2008-05-30 20:02 . 2008-05-31 01:44 <REP> d-------- C:\Program Files\DrWeb
2008-05-30 20:02 . 2008-05-30 20:02 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL
2008-05-29 19:07 . 2008-05-29 19:07 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 23:03 . 2008-05-28 23:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-28 16:52 . 2008-05-28 17:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ntr
2008-05-28 16:07 . 2008-05-31 04:41 <REP> d-------- C:\SDFix
2008-05-23 15:11 . 2008-05-23 15:11 2,286 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-23 15:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-23 15:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-23 15:10 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-23 15:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-23 15:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-23 15:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-23 15:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-23 15:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-23 02:42 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-23 02:39 . 2008-05-23 10:42 <REP> d-------- C:\Document Themes 12
2008-05-23 02:38 . 2008-05-23 02:38 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-23 02:35 . 2008-05-23 02:36 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-05-23 02:35 . 2008-05-23 02:38 <REP> d-------- C:\Templates
2008-05-23 02:35 . 2008-05-23 10:47 <REP> d-------- C:\Office12
2008-05-23 02:35 . 2008-05-23 02:35 <REP> dr-h----- C:\MSOCache
2008-05-23 02:35 . 2008-05-23 02:35 <REP> d-------- C:\MEDIA
2008-05-23 01:49 . 2008-05-23 10:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-19 19:38 . 2008-05-19 19:38 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-05-19 19:38 . 2008-05-19 19:38 4,096 --a------ C:\WINDOWS\system32\crash
2008-05-19 00:11 . 2008-05-19 00:11 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-18 14:13 . 2008-05-31 04:41 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\OnlineArmor
2008-05-18 14:13 . 2008-05-29 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-18 14:13 . 2008-04-17 05:22 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-18 14:13 . 2008-04-17 05:22 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-18 14:13 . 2008-04-17 05:22 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-17 12:56 . 2008-05-17 12:56 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ESTsoft
2008-05-17 12:55 . 2008-05-17 12:55 <REP> d-------- C:\Program Files\ESTsoft
2008-05-17 12:55 . 2008-05-17 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft
2008-05-16 16:48 . 2008-05-16 16:48 <REP> d-------- C:\Program Files\Microsoft Bootvis
2008-05-16 16:41 . 2008-05-16 16:41 <REP> d-------- C:\Program Files\ERUNT
2008-05-16 16:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-16 13:31 . 2008-05-30 16:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 13:31 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-16 13:30 . 2008-05-30 16:37 <REP> d-------- C:\Program Files\SpywareBlaster
2008-05-16 13:11 . 2008-05-16 13:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ATI
2008-05-16 13:11 . 2008-05-16 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-16 13:10 . 2008-05-16 13:10 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-16 13:08 . 2008-05-16 13:08 <REP> d-------- C:\Program Files\ATI
2008-05-16 13:06 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-16 13:05 . 2008-05-16 13:05 <REP> d-------- C:\ATI
2008-05-16 12:59 . 2008-05-16 12:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-15 22:31 . 2008-05-15 22:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 22:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 22:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 22:25 . 2008-05-15 22:25 <REP> d-------- C:\Program Files\Tall Emu
2008-05-15 19:16 . 2008-05-15 19:19 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM
2008-05-15 19:10 . 2008-05-15 19:10 <REP> d-------- C:\Program Files\Avira
2008-05-15 19:10 . 2008-05-15 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-15 18:01 . 2008-05-31 02:20 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-15 18:01 . 2008-05-31 02:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Spyware Terminator
2008-05-15 18:01 . 2008-05-31 02:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-15 18:01 . 2008-05-15 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-15 11:18 . 2008-05-15 11:39 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-14 17:46 . 2008-05-14 17:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 20:52 . 2008-05-13 21:05 <REP> d-------- C:\Program Files\Windows Live
2008-05-13 18:44 . 2008-05-13 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-13 12:47 . 2008-05-13 12:47 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-05-13 12:47 . 2008-05-13 12:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 13:36 . 2008-05-11 13:36 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HPQ
2008-05-11 03:55 . 2008-05-12 14:58 <REP> d-------- C:\Program Files\CCleaner
2008-05-10 19:37 . 2008-05-10 19:37 13,988,309 --a------ C:\upload_moi_NOM-5A733FE684E.tar.gz
2008-05-10 18:58 . 2008-05-17 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 18:20 . 2008-05-10 18:20 <REP> d-------- C:\Program Files\Trend Micro
2008-05-10 11:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-10 11:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-10 01:28 . 2008-05-10 01:28 268 --ah----- C:\sqmdata01.sqm
2008-05-10 01:28 . 2008-05-10 01:28 244 --ah----- C:\sqmnoopt01.sqm
2008-05-09 18:55 . 2008-05-31 04:44 249 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-05-09 18:54 . 2008-05-09 16:13 <REP> d-------- C:\WINDOWS\I386
2008-05-09 18:49 . 2008-05-30 20:02 <REP> dr------- C:\Program Files
2008-05-09 18:49 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-05-09 18:49 . 2008-05-23 01:44 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-05-09 18:48 . 2008-05-24 01:29 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-05-09 18:48 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-09 18:48 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-09 18:48 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-05-09 18:47 . 2008-05-28 15:58 <REP> dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-09 18:47 . 2008-05-09 18:54 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-05-09 18:38 . 2008-05-09 18:38 268 --ah----- C:\sqmdata00.sqm
2008-05-09 18:38 . 2008-05-09 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-05-09 18:13 . 2008-05-09 18:17 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-05-09 18:13 . 2008-05-09 18:20 80,905 --a------ C:\WINDOWS\War3Unin.dat
2008-05-09 18:13 . 2008-05-09 18:17 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-09 18:10 . 2008-05-31 03:10 <REP> d-------- C:\Program Files\Warcraft III
2008-05-09 18:06 . 2008-05-15 18:52 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Contacts
2008-05-09 18:05 . 2008-05-09 18:05 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-09 18:02 . 2008-05-31 04:31 <REP> d-------- C:\Program Files\Steam
2008-05-09 17:58 . 2008-05-09 18:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-09 17:57 . 2008-05-13 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-09 17:57 . 2008-05-09 17:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-09 17:57 . 2008-05-09 17:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-09 17:32 . 2008-05-09 17:32 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-05-09 17:32 . 2008-05-09 17:32 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-05-09 17:26 . 2008-05-09 17:26 <REP> d-------- C:\SystemRoot
2008-05-09 17:21 . 2008-05-09 17:21 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-09 17:17 . 2008-05-09 17:17 217 --a------ C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
2008-05-09 17:17 . 2008-05-09 17:17 214 --a------ C:\WINDOWS\HP_InstantSHareJPG.ini
2008-05-09 17:16 . 2008-05-09 17:16 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-05-09 17:07 . 2008-05-09 17:07 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HP
2008-05-09 16:42 . 2008-05-09 16:42 <REP> d-------- C:\Program Files\Sun
2008-05-09 16:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 16:41 . 2008-05-09 16:41 <REP> d--hs---- C:\Documents and Settings\HP_Administrateur\UserData
2008-05-09 16:39 . 2008-05-13 19:45 357,768 --a------ C:\Documents and Settings\HP_Administrateur\SymXPep2.dll
2008-05-09 16:07 . 2008-05-09 16:07 1,940 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EK408AA-ABA M7248N_YC_0Pavi_QMXK540_E54FCsyMPC1_48_IAMETHYST-M_SMSI_V1.0_B3.34_T050831_WXP2_L40C_M1023_J250_7AMD_8Athlon 64 X2 Dual Core_92.19_#051211_N10EC8139_Z11C1048C_G10025B60.MRK
2008-05-09 16:05 . 2005-12-11 19:02 <REP> d-------- C:\Documents and Settings\HP_Administrateur\WINDOWS
2008-05-09 16:05 . 2004-12-03 21:03 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Voisinage réseau
2008-05-09 16:05 . 2004-12-03 21:03 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Voisinage d'impression
2008-05-09 16:05 . 2008-05-09 18:54 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Modèles
2008-05-09 16:05 . 2008-05-09 18:06 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Mes documents
2008-05-09 16:05 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Menu Démarrer
2008-05-09 16:05 . 2008-05-27 22:12 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Favoris
2008-05-09 16:05 . 2008-05-31 04:51 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Bureau
2008-05-09 16:05 . 2008-05-09 16:14 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Symantec
2008-05-09 16:05 . 2005-12-11 19:06 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\SampleView
2008-05-09 16:05 . 2005-12-11 19:02 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
2008-05-09 16:05 . 2008-05-31 04:29 <REP> d-------- C:\Documents and Settings\HP_Administrateur
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 17:53 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-30 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 06:39 --------- d-----w C:\Program Files\Microsoft Works
2008-05-16 17:08 --------- d-----w C:\Program Files\ATI Technologies
2008-05-16 17:05 --------- d-----w C:\Program Files\Java
2008-05-10 05:38 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-10 05:37 --------- d-----w C:\Program Files\QuickTime
2008-05-09 21:16 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-05-09 20:07 --------- d-----w C:\Program Files\Easy Internet signup
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:02 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:02 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:02 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:02 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SystemExplorer"="C:\Documents and Settings\HP_Administrateur\Bureau\SystemExplorer.exe" [2008-05-18 13:55 1178112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 23:34 245760]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-15 18:01 1817600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:22 5606464]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:22 671432]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\generaldugal\\counter-strike source\\hl2.exe"=
"C:\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 05:22]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 05:22]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 05:22]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-15 18:01]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-04-17 05:22]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:08]
S1 krnl_akl;krnl_akl;C:\WINDOWS\system32\drivers\krnl_akl.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef40be-0f4c-11da-bf9b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 20:07:09 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-05-09 20:07:21 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 04:51:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-05-31 4:53:56
ComboFix-quarantined-files.txt 2008-05-31 08:53:49
Pre-Run: 219,730,825,216 octets libres
Post-Run: 219,719,831,552 octets libres
287 --- E O F --- 2008-05-28 19:58:54
Voici mon rapport Combofix , est til correct??? merci
ComboFix 08-05-29.1 - HP_Administrateur 2008-05-31 4:45:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.582 [GMT -4:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
.
2008-05-31 04:41 . 2008-05-31 04:41 <REP> d-------- C:\WINDOWS\LastGood
2008-05-30 20:03 . 2008-05-30 20:52 <REP> d-------- C:\Documents and Settings\HP_Administrateur\DoctorWeb
2008-05-30 20:02 . 2008-05-31 01:44 <REP> d-------- C:\Program Files\DrWeb
2008-05-30 20:02 . 2008-05-30 20:02 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL
2008-05-29 19:07 . 2008-05-29 19:07 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 23:03 . 2008-05-28 23:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-28 16:52 . 2008-05-28 17:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ntr
2008-05-28 16:07 . 2008-05-31 04:41 <REP> d-------- C:\SDFix
2008-05-23 15:11 . 2008-05-23 15:11 2,286 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-23 15:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-23 15:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-23 15:10 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-23 15:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-23 15:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-23 15:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-23 15:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-23 15:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-23 02:42 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-23 02:39 . 2008-05-23 10:42 <REP> d-------- C:\Document Themes 12
2008-05-23 02:38 . 2008-05-23 02:38 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-23 02:35 . 2008-05-23 02:36 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-05-23 02:35 . 2008-05-23 02:38 <REP> d-------- C:\Templates
2008-05-23 02:35 . 2008-05-23 10:47 <REP> d-------- C:\Office12
2008-05-23 02:35 . 2008-05-23 02:35 <REP> dr-h----- C:\MSOCache
2008-05-23 02:35 . 2008-05-23 02:35 <REP> d-------- C:\MEDIA
2008-05-23 01:49 . 2008-05-23 10:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-19 19:38 . 2008-05-19 19:38 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-05-19 19:38 . 2008-05-19 19:38 4,096 --a------ C:\WINDOWS\system32\crash
2008-05-19 00:11 . 2008-05-19 00:11 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-18 14:13 . 2008-05-31 04:41 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\OnlineArmor
2008-05-18 14:13 . 2008-05-29 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-18 14:13 . 2008-04-17 05:22 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-18 14:13 . 2008-04-17 05:22 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-18 14:13 . 2008-04-17 05:22 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-17 12:56 . 2008-05-17 12:56 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ESTsoft
2008-05-17 12:55 . 2008-05-17 12:55 <REP> d-------- C:\Program Files\ESTsoft
2008-05-17 12:55 . 2008-05-17 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft
2008-05-16 16:48 . 2008-05-16 16:48 <REP> d-------- C:\Program Files\Microsoft Bootvis
2008-05-16 16:41 . 2008-05-16 16:41 <REP> d-------- C:\Program Files\ERUNT
2008-05-16 16:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-16 13:31 . 2008-05-30 16:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 13:31 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-16 13:30 . 2008-05-30 16:37 <REP> d-------- C:\Program Files\SpywareBlaster
2008-05-16 13:11 . 2008-05-16 13:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\ATI
2008-05-16 13:11 . 2008-05-16 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-16 13:10 . 2008-05-16 13:10 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-16 13:08 . 2008-05-16 13:08 <REP> d-------- C:\Program Files\ATI
2008-05-16 13:06 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-16 13:05 . 2008-05-16 13:05 <REP> d-------- C:\ATI
2008-05-16 12:59 . 2008-05-16 12:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-15 22:31 . 2008-05-15 22:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 22:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 22:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 22:25 . 2008-05-15 22:25 <REP> d-------- C:\Program Files\Tall Emu
2008-05-15 19:16 . 2008-05-15 19:19 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM
2008-05-15 19:10 . 2008-05-15 19:10 <REP> d-------- C:\Program Files\Avira
2008-05-15 19:10 . 2008-05-15 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-15 18:01 . 2008-05-31 02:20 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-15 18:01 . 2008-05-31 02:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Spyware Terminator
2008-05-15 18:01 . 2008-05-31 02:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-15 18:01 . 2008-05-15 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-15 11:18 . 2008-05-15 11:39 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-14 17:46 . 2008-05-14 17:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 20:52 . 2008-05-13 21:05 <REP> d-------- C:\Program Files\Windows Live
2008-05-13 18:44 . 2008-05-13 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-13 12:47 . 2008-05-13 12:47 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-05-13 12:47 . 2008-05-13 12:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 13:36 . 2008-05-11 13:36 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HPQ
2008-05-11 03:55 . 2008-05-12 14:58 <REP> d-------- C:\Program Files\CCleaner
2008-05-10 19:37 . 2008-05-10 19:37 13,988,309 --a------ C:\upload_moi_NOM-5A733FE684E.tar.gz
2008-05-10 18:58 . 2008-05-17 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 18:20 . 2008-05-10 18:20 <REP> d-------- C:\Program Files\Trend Micro
2008-05-10 11:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-10 11:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-10 01:28 . 2008-05-10 01:28 268 --ah----- C:\sqmdata01.sqm
2008-05-10 01:28 . 2008-05-10 01:28 244 --ah----- C:\sqmnoopt01.sqm
2008-05-09 18:55 . 2008-05-31 04:44 249 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-05-09 18:54 . 2008-05-09 16:13 <REP> d-------- C:\WINDOWS\I386
2008-05-09 18:49 . 2008-05-30 20:02 <REP> dr------- C:\Program Files
2008-05-09 18:49 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-05-09 18:49 . 2008-05-23 01:44 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-05-09 18:48 . 2008-05-24 01:29 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-05-09 18:48 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-09 18:48 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-09 18:48 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-05-09 18:47 . 2008-05-28 15:58 <REP> dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-09 18:47 . 2008-05-09 18:54 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-05-09 18:38 . 2008-05-09 18:38 268 --ah----- C:\sqmdata00.sqm
2008-05-09 18:38 . 2008-05-09 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-05-09 18:13 . 2008-05-09 18:17 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-05-09 18:13 . 2008-05-09 18:20 80,905 --a------ C:\WINDOWS\War3Unin.dat
2008-05-09 18:13 . 2008-05-09 18:17 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-09 18:10 . 2008-05-31 03:10 <REP> d-------- C:\Program Files\Warcraft III
2008-05-09 18:06 . 2008-05-15 18:52 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Contacts
2008-05-09 18:05 . 2008-05-09 18:05 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-09 18:02 . 2008-05-31 04:31 <REP> d-------- C:\Program Files\Steam
2008-05-09 17:58 . 2008-05-09 18:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-09 17:57 . 2008-05-13 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-09 17:57 . 2008-05-09 17:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-09 17:57 . 2008-05-09 17:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-09 17:32 . 2008-05-09 17:32 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-05-09 17:32 . 2008-05-09 17:32 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-05-09 17:26 . 2008-05-09 17:26 <REP> d-------- C:\SystemRoot
2008-05-09 17:21 . 2008-05-09 17:21 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-09 17:17 . 2008-05-09 17:17 217 --a------ C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
2008-05-09 17:17 . 2008-05-09 17:17 214 --a------ C:\WINDOWS\HP_InstantSHareJPG.ini
2008-05-09 17:16 . 2008-05-09 17:16 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-05-09 17:07 . 2008-05-09 17:07 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HP
2008-05-09 16:42 . 2008-05-09 16:42 <REP> d-------- C:\Program Files\Sun
2008-05-09 16:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 16:41 . 2008-05-09 16:41 <REP> d--hs---- C:\Documents and Settings\HP_Administrateur\UserData
2008-05-09 16:39 . 2008-05-13 19:45 357,768 --a------ C:\Documents and Settings\HP_Administrateur\SymXPep2.dll
2008-05-09 16:07 . 2008-05-09 16:07 1,940 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EK408AA-ABA M7248N_YC_0Pavi_QMXK540_E54FCsyMPC1_48_IAMETHYST-M_SMSI_V1.0_B3.34_T050831_WXP2_L40C_M1023_J250_7AMD_8Athlon 64 X2 Dual Core_92.19_#051211_N10EC8139_Z11C1048C_G10025B60.MRK
2008-05-09 16:05 . 2005-12-11 19:02 <REP> d-------- C:\Documents and Settings\HP_Administrateur\WINDOWS
2008-05-09 16:05 . 2004-12-03 21:03 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Voisinage réseau
2008-05-09 16:05 . 2004-12-03 21:03 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Voisinage d'impression
2008-05-09 16:05 . 2008-05-09 18:54 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Modèles
2008-05-09 16:05 . 2008-05-09 18:06 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Mes documents
2008-05-09 16:05 . 2008-05-09 18:54 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Menu Démarrer
2008-05-09 16:05 . 2008-05-27 22:12 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Favoris
2008-05-09 16:05 . 2008-05-31 04:51 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Bureau
2008-05-09 16:05 . 2008-05-09 16:14 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Symantec
2008-05-09 16:05 . 2005-12-11 19:06 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\SampleView
2008-05-09 16:05 . 2005-12-11 19:02 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
2008-05-09 16:05 . 2008-05-31 04:29 <REP> d-------- C:\Documents and Settings\HP_Administrateur
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 17:53 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-30 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 06:39 --------- d-----w C:\Program Files\Microsoft Works
2008-05-16 17:08 --------- d-----w C:\Program Files\ATI Technologies
2008-05-16 17:05 --------- d-----w C:\Program Files\Java
2008-05-10 05:38 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-10 05:37 --------- d-----w C:\Program Files\QuickTime
2008-05-09 21:16 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-05-09 20:07 --------- d-----w C:\Program Files\Easy Internet signup
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:02 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:02 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:02 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:02 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SystemExplorer"="C:\Documents and Settings\HP_Administrateur\Bureau\SystemExplorer.exe" [2008-05-18 13:55 1178112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 23:34 245760]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-15 18:01 1817600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:22 5606464]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:22 671432]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\generaldugal\\counter-strike source\\hl2.exe"=
"C:\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 05:22]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 05:22]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 05:22]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-15 18:01]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-04-17 05:22]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:08]
S1 krnl_akl;krnl_akl;C:\WINDOWS\system32\drivers\krnl_akl.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef40be-0f4c-11da-bf9b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 20:07:09 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-05-09 20:07:21 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 04:51:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-05-31 4:53:56
ComboFix-quarantined-files.txt 2008-05-31 08:53:49
Pre-Run: 219,730,825,216 octets libres
Post-Run: 219,719,831,552 octets libres
287 --- E O F --- 2008-05-28 19:58:54
A voir également:
- ComboFix rapport , recherche analyseur
- Recherche automatique des chaînes ne fonctionne pas - Guide
- Rechercher ou entrer l'adresse mm - recherche google - Guide
- Plan rapport de stage - Guide
- Recherche image - Guide
- Analyseur de spectre audio - Télécharger - Création musicale
15 réponses
Bonjour,
oui, merci jorghino, débarquer avec le rapport 'un outil complexe qui montre des traces de désinfection est bizarre.
a) l'ordi fonctionne ou tu as des soucis ?
b) donne moi la référence du topic où tu as été désinfecté.
oui, merci jorghino, débarquer avec le rapport 'un outil complexe qui montre des traces de désinfection est bizarre.
a) l'ordi fonctionne ou tu as des soucis ?
b) donne moi la référence du topic où tu as été désinfecté.
car j'était infecté par un risktool qui a détriut mon antivirus norton 2007 qui sapellait Risktool.PsKill.K
mais stp mon combofixscan est t'il sain ou non???? mercii bcp
mais stp mon combofixscan est t'il sain ou non???? mercii bcp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
aucune idée , AH OUI JE SAIS SA VIEN SOIT :
DE ALZIP
OU SOIT DE UPDATE CHECKER ! OUAIS JE CROIS UPDATE CEHCKER DE FILEHIPPO.COM UPDATECHECKER
SUR GOOGLE QUE JAI TROUVÉ CE SITE , MAIS JE SUIS PAS SUR SI UPLOAD MOI VIENT DE LA , MAIS SUREEMNT
DE ALZIP
OU SOIT DE UPDATE CHECKER ! OUAIS JE CROIS UPDATE CEHCKER DE FILEHIPPO.COM UPDATECHECKER
SUR GOOGLE QUE JAI TROUVÉ CE SITE , MAIS JE SUIS PAS SUR SI UPLOAD MOI VIENT DE LA , MAIS SUREEMNT
je fini mon analyse et je tenvoi le scan de DSS ,
p.s: mon rapport combofix était 100% clean?^^
Merci bcp
p.s: mon rapport combofix était 100% clean?^^
Merci bcp
Salut Lyonnais , voici mon rapport DSS comme prévu . merci
Deckard's System Scanner v20071014.68
Run by HP_Administrateur on 2008-06-12 19:10:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-06-12 23:11:00 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-12 21:13:10 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Administrateur.exe) -----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:07, on 2008-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\HP_Administrateur\Bureau\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrateur.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Deckard's System Scanner v20071014.68
Run by HP_Administrateur on 2008-06-12 19:10:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-06-12 23:11:00 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-12 21:13:10 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Administrateur.exe) -----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:07, on 2008-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\HP_Administrateur\Bureau\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrateur.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Re,
d'où vient ce fichier ? C:\upload_moi_NOM-5A733FE684E.tar.gz
pourquoi as tu téléchargé Docteurweb ?
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Choisis "Enregistrer" et "Bureau" comme emplacement.
Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).
Double-clique sur DSS.exe pour lancer l'outil.
S'il ne trouve pas HijackThis, clique sur Oui.
Clique sur OK à chaque fois que cela sera demandé.
L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.
Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
d'où vient ce fichier ? C:\upload_moi_NOM-5A733FE684E.tar.gz
pourquoi as tu téléchargé Docteurweb ?
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Choisis "Enregistrer" et "Bureau" comme emplacement.
Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).
Double-clique sur DSS.exe pour lancer l'outil.
S'il ne trouve pas HijackThis, clique sur Oui.
Clique sur OK à chaque fois que cela sera demandé.
L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.
Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
bonjour, pas encore assé performant pour te dire avec certitude donc je vais suivre pour apprendre merci @+
Salut ce fichier : C:\upload_moi_NOM-5A733FE684E.tar.gz
provient de l analyse cleanzip
il doit etre envoyé au site de clean pour analyse et faire evoluer clean
provient de l analyse cleanzip
il doit etre envoyé au site de clean pour analyse et faire evoluer clean
