Sujet Précédent Sujet Suivant

Pb page bureau bloqué

Fermé
cyrielle - 7 oct. 2008 à 15:42
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 9 oct. 2008 à 21:48
Bonjour, voila tout d'abord voici un log de mon pc:
Y at'il quelque chose de pas bien la dedans , car ma page bureau est complétement bloqué aprés 5minutes d'inutilisation!Donc impossible de faire quoi que ce soyes !A part débrancher sur le secteur !Aie !!
J'ai eue 6 virus généric malware désinfecté par panda anti virus!
Bref que dois je faire?
Merci merci de votre aide précieuse car je suis complétement désarmée la!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:49, on 07/10/2008
Platform: Windows XP SP2
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {D4294371-D084-CB53-69B2-096D52D5B7B1} - C:\DOCUME~1\COMPAQ~1\APPLIC~1\MATHFR~1\spamwin.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_0802] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\496ZC12J\WFI_FRA[1].exe"
O4 - HKLM\..\Run: [send glue shim cast] C:\Documents and Settings\All Users\Application Data\Web Meta Send Glue\Meet stupid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Road Window] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DRIVEF~1\LOG COAL.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Road Window] c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Road Window] c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WiFi Station
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
A voir également:

39 réponses

  • 1
  • 2
Réponse 1 / 39
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
7 oct. 2008 à 15:56
Bonjour,

tu es infecté (pas sûr que ça suffise mais il faut traiter).


Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )
1
Réponse 2 / 39
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
7 oct. 2008 à 17:22
Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
1
Réponse 3 / 39
cyrielle
7 oct. 2008 à 16:25
voici le rapport! Stp


--------------------\\ Lop S&D 4.2.4-5 XP/Vista


"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 07/10/2008|16:16 )

--------------------\\ Listing des dossiers dans APPLIC~1

[21/02/2008|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[29/07/2005|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/04/2006|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[14/05/2006|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/03/2006|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[05/06/2005|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[06/11/2007|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[16/05/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
[05/10/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fighters
[12/07/2007|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/11/2005|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[01/01/2005|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[29/08/2005|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[05/10/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/11/2007|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[21/01/2006|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/01/2005|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[05/06/2005|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/05/2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[19/07/2005|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[19/06/2008|21:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[12/04/2006|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Web Meta Send Glue
[29/01/2006|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/03/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/07/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[19/07/2007|19:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ACD Systems
[07/02/2008|19:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
[29/05/2005|04:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
[22/08/2005|06:42] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Ahead
[19/06/2008|19:58] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AKVIS LLC
[10/04/2006|19:55] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AOL
[15/05/2006|14:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
[04/12/2007|17:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Corel
[18/05/2005|10:02] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Creative
[18/06/2006|21:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DeskSoft
[12/04/2006|20:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Drive flap
[22/12/2005|18:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
[12/05/2005|17:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
[14/05/2005|07:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Hewlett-Packard
[02/10/2005|07:04] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
[25/07/2005|01:16] C:\DOCUME~1\COMPAQ~1\APPLIC~1\InterVideo
[06/04/2006|13:18] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ispnews
[03/06/2006|21:42] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
[24/05/2005|11:03] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
[05/10/2008|21:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Malwarebytes
[12/04/2006|20:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\math frag proc
[07/04/2008|20:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
[12/12/2006|19:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Morpheus Software
[04/10/2005|22:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Motive
[09/09/2008|20:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
[16/05/2005|21:58] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
[29/06/2005|11:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OLYMPUS
[19/05/2006|14:41] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
[01/01/2005|20:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\SampleView
[03/06/2006|21:43] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
[01/01/2005|20:05] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
[12/05/2005|14:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Symantec
[12/04/2006|19:50] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Thunderbird
[19/07/2007|19:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Wannadoo
[20/02/2008|18:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Windows Live Writer
[14/05/2007|19:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\wxMozze

[01/01/2005|20:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[25/11/2004|05:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2005|20:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2005|20:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|20:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2005|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[12/04/2006|21:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Drive flap
[12/04/2006|21:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\math frag proc
[18/04/2006|17:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[12/04/2006|21:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Drive flap
[28/12/2005|01:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\math frag proc
[27/03/2006|08:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/10/2008 16:00][--ah-----] C:\WINDOWS\tasks\A63BA11291B05976.job
[07/10/2008 16:00][--ah-----] C:\WINDOWS\tasks\AAA52E409196A2F8.job
[07/10/2008 16:00][--ah-----] C:\WINDOWS\tasks\A1C6936691890ABE.job
[07/10/2008 16:00][--ah-----] C:\WINDOWS\tasks\AD42CCB691854026.job
[15/08/2005 10:15][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1116048714.job
[07/10/2008 15:16][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( A1C6936691890ABE.job )=( c:\windows\system32\config\system~1\applic~1\drivef~1\ballmessbows.exe )
( A63BA11291B05976.job )=( c:\docume~1\compaq~1\applic~1\drivef~1\ballmessbows.exe )
( AAA52E409196A2F8.job )=( c:\docume~1\locals~1\applic~1\drivef~1\ballmessbows.exe )
( AD42CCB691854026.job )=( c:\docume~1\locals~1\applic~1\drivef~1\ballmessbows.exe )

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000000


--------------------\\ Listing des dossiers dans C:\Program Files

[12/04/2006|19:56] C:\Program Files\ACD Systems
[01/07/2008|15:55] C:\Program Files\Adobe
[29/07/2005|10:43] C:\Program Files\Ahead
[19/06/2008|19:49] C:\Program Files\AKVIS
[20/08/2005|01:28] C:\Program Files\Alwil Software
[01/10/2005|23:09] C:\Program Files\AxBx
[09/09/2005|09:53] C:\Program Files\BoontyGames
[06/07/2008|23:39] C:\Program Files\CCleaner
[17/03/2006|23:30] C:\Program Files\Classysoft
[25/03/2006|05:17] C:\Program Files\Common Files
[24/11/2004|03:37] C:\Program Files\ComPlus Applications
[01/02/2008|17:06] C:\Program Files\Controle Parental
[17/05/2005|22:17] C:\Program Files\Creative
[24/03/2006|12:02] C:\Program Files\Drive flap
[12/04/2006|19:06] C:\Program Files\Easy Internet signup
[12/08/2008|20:04] C:\Program Files\eMule
[16/05/2007|21:49] C:\Program Files\ENJOY Plus!
[14/05/2007|19:58] C:\Program Files\Evermore
[05/03/2008|00:48] C:\Program Files\Fichiers communs
[06/10/2008|18:39] C:\Program Files\Fighters
[18/12/2006|19:35] C:\Program Files\Google
[10/11/2005|22:54] C:\Program Files\Grisoft
[25/05/2005|11:56] C:\Program Files\help
[12/04/2006|19:34] C:\Program Files\Help and Support Additions
[20/01/2008|20:15] C:\Program Files\Hercules
[14/05/2005|07:31] C:\Program Files\Hewlett-Packard
[25/08/2008|17:51] C:\Program Files\IMS Ltd
[06/07/2008|23:54] C:\Program Files\InstallShield Installation Information
[15/08/2008|00:01] C:\Program Files\Internet Explorer
[30/04/2007|21:38] C:\Program Files\InterVideo
[27/06/2007|16:27] C:\Program Files\IrfanView
[24/08/2008|13:02] C:\Program Files\Java
[12/12/2006|17:15] C:\Program Files\KC Softwares
[19/05/2005|19:38] C:\Program Files\Lavasoft
[03/09/2005|15:26] C:\Program Files\Livecom
[27/10/2005|01:19] C:\Program Files\Lyrod
[01/01/2005|20:48] C:\Program Files\Macrovision Corp
[05/10/2008|21:11] C:\Program Files\Malwarebytes' Anti-Malware
[15/08/2008|00:02] C:\Program Files\Messenger
[09/04/2008|16:24] C:\Program Files\Messenger Plus! Live
[23/09/2006|10:43] C:\Program Files\MessengerPlus! 3
[09/05/2007|23:25] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/11/2004|05:27] C:\Program Files\microsoft frontpage
[03/12/2007|12:21] C:\Program Files\Microsoft SQL Server Compact Edition
[26/06/2007|09:08] C:\Program Files\Mihov Image Resizer
[25/08/2005|09:24] C:\Program Files\Montparnasse multimedia
[25/11/2004|05:27] C:\Program Files\Movie Maker
[07/10/2008|15:19] C:\Program Files\Mozilla Firefox
[02/06/2008|16:38] C:\Program Files\Mozilla Thunderbird
[12/05/2005|06:11] C:\Program Files\MSN
[17/05/2005|22:48] C:\Program Files\MSN Apps
[25/11/2004|05:27] C:\Program Files\MSN Gaming Zone
[07/11/2007|20:49] C:\Program Files\MSXML 4.0
[11/09/2007|22:58] C:\Program Files\NetMeeting
[29/04/2007|22:03] C:\Program Files\Noiseware Community Edition
[09/11/2007|10:43] C:\Program Files\Nsasoft
[29/06/2005|11:24] C:\Program Files\OLYMPUS
[25/11/2004|05:27] C:\Program Files\Online Services
[16/01/2008|23:30] C:\Program Files\Orange
[13/06/2007|22:42] C:\Program Files\Outlook Express
[11/09/2008|18:45] C:\Program Files\Paint.NET
[06/07/2008|23:16] C:\Program Files\Panda Security
[01/05/2008|23:07] C:\Program Files\Panda Software
[23/06/2006|14:10] C:\Program Files\Photobie
[13/12/2006|15:33] C:\Program Files\PhotoFiltre
[22/05/2008|21:08] C:\Program Files\Picasa2
[29/06/2005|11:23] C:\Program Files\PIXELA
[10/04/2007|22:25] C:\Program Files\program
[30/04/2007|20:36] C:\Program Files\QuickTime
[12/05/2005|23:06] C:\Program Files\Real
[12/04/2006|19:24] C:\Program Files\RegCleaner
[12/04/2006|19:15] C:\Program Files\RegSeeker
[12/04/2006|19:09] C:\Program Files\RegSupreme Pro
[16/01/2008|23:14] C:\Program Files\SAGEM
[16/01/2008|23:13] C:\Program Files\Securitoo
[17/03/2006|14:33] C:\Program Files\Serif
[01/01/2005|20:30] C:\Program Files\Services en ligne
[25/05/2005|11:55] C:\Program Files\share
[01/01/2005|20:18] C:\Program Files\Sonic
[12/12/2006|21:11] C:\Program Files\Sonic RecordNow!
[19/05/2006|09:09] C:\Program Files\Sunbelt Software
[08/04/2006|11:21] C:\Program Files\Symantec
[05/09/2008|19:57] C:\Program Files\Tech
[06/10/2008|18:33] C:\Program Files\Trend Micro
[06/07/2008|23:55] C:\Program Files\Ubisoft
[24/11/2004|03:37] C:\Program Files\Uninstall Information
[25/05/2005|11:56] C:\Program Files\user
[28/10/2006|18:37] C:\Program Files\Vimicro
[11/02/2007|22:15] C:\Program Files\VI-SOFT
[10/04/2006|19:23] C:\Program Files\Wanadoo
[28/02/2008|00:04] C:\Program Files\Windows Live
[08/12/2006|19:07] C:\Program Files\Windows Media Connect 2
[25/04/2007|20:41] C:\Program Files\Windows Media Player
[01/01/2005|10:06] C:\Program Files\Windows NT
[24/11/2004|03:37] C:\Program Files\WindowsUpdate
[22/10/2005|03:10] C:\Program Files\WinRamTurboLanguage
[30/04/2007|20:37] C:\Program Files\WinRAR
[25/11/2004|05:28] C:\Program Files\xerox
[06/07/2008|23:39] C:\Program Files\Yahoo!
[25/07/2005|00:06] C:\Program Files\Zero Assumption Digital Image Recovery
[12/12/2006|21:19] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[25/06/2007|14:30] C:\Program Files\Fichiers communs\ACD Systems
[21/02/2008|12:02] C:\Program Files\Fichiers communs\Adobe
[29/07/2005|10:39] C:\Program Files\Fichiers communs\Ahead
[10/04/2006|19:55] C:\Program Files\Fichiers communs\AOL
[05/06/2005|21:52] C:\Program Files\Fichiers communs\BOONTY Shared
[16/01/2008|23:27] C:\Program Files\Fichiers communs\France Telecom
[14/05/2005|07:02] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2005|20:48] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|20:05] C:\Program Files\Fichiers communs\Java
[29/08/2005|13:58] C:\Program Files\Fichiers communs\Macrovision Shared
[03/12/2007|12:11] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|05:26] C:\Program Files\Fichiers communs\MSSoap
[12/05/2005|23:06] C:\Program Files\Fichiers communs\Nullsoft
[25/11/2004|05:26] C:\Program Files\Fichiers communs\ODBC
[01/05/2008|23:11] C:\Program Files\Fichiers communs\Panda Software
[19/05/2006|14:41] C:\Program Files\Fichiers communs\Real
[01/01/2005|10:06] C:\Program Files\Fichiers communs\Services
[25/11/2004|05:26] C:\Program Files\Fichiers communs\SpeechEngines
[01/01/2005|20:18] C:\Program Files\Fichiers communs\SureThing Shared
[08/04/2006|11:17] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|22:42] C:\Program Files\Fichiers communs\System
[17/03/2006|22:47] C:\Program Files\Fichiers communs\Vbox
[03/12/2007|12:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\COMPAQ~1\APPLIC~1\drivef~1
C:\DOCUME~1\LOCALS~1\APPLIC~1\drivef~1
C:\DOCUME~1\NETWOR~1\APPLIC~1\drivef~1
C:\Program Files\drivef~1
C:\WINDOWS\Tasks\A1C6936691890ABE.job
C:\WINDOWS\Tasks\A63BA11291B05976.job
C:\WINDOWS\Tasks\AAA52E409196A2F8.job
C:\WINDOWS\Tasks\AD42CCB691854026.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Road Window"="C:\\DOCUME~1\\COMPAQ~1\\APPLIC~1\\DRIVEF~1\\LOG COAL.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 16:19:19
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:138][D:3]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
[F:3][D:0]-> C:\DOCUME~1\COMPAQ~1\Cookies
[F:1][D:0]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 07/10/2008|16:22 - Option : [1]

--------------------\\ Fin du rapport a 16:22:03
0
Réponse 4 / 39
cyrielle
7 oct. 2008 à 17:46
premier rapport avec lopr:


--------------------\\ Lop S&D 4.2.4-5 XP/Vista


"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 07/10/2008|17:32 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\A1C6936691890ABE.job
Supprime! - C:\WINDOWS\Tasks\A63BA11291B05976.job
Supprime! - C:\WINDOWS\Tasks\AAA52E409196A2F8.job
Supprime! - C:\WINDOWS\Tasks\AD42CCB691854026.job
Supprime! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\drivef~1
Supprime! - C:\DOCUME~1\LOCALS~1\APPLIC~1\drivef~1
Supprime! - C:\DOCUME~1\NETWOR~1\APPLIC~1\drivef~1
Supprime! - C:\Program Files\drivef~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[21/02/2008|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[29/07/2005|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/04/2006|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[14/05/2006|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/03/2006|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[05/06/2005|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[06/11/2007|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[16/05/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
[05/10/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fighters
[12/07/2007|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/11/2005|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[01/01/2005|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[29/08/2005|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[05/10/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/11/2007|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[21/01/2006|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/01/2005|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[05/06/2005|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/05/2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[19/07/2005|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[19/06/2008|21:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[12/04/2006|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Web Meta Send Glue
[29/01/2006|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/03/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/07/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[19/07/2007|19:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ACD Systems
[07/02/2008|19:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
[29/05/2005|04:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
[22/08/2005|06:42] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Ahead
[19/06/2008|19:58] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AKVIS LLC
[10/04/2006|19:55] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AOL
[15/05/2006|14:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
[04/12/2007|17:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Corel
[18/05/2005|10:02] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Creative
[18/06/2006|21:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DeskSoft
[22/12/2005|18:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
[12/05/2005|17:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
[14/05/2005|07:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Hewlett-Packard
[02/10/2005|07:04] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
[25/07/2005|01:16] C:\DOCUME~1\COMPAQ~1\APPLIC~1\InterVideo
[06/04/2006|13:18] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ispnews
[03/06/2006|21:42] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
[24/05/2005|11:03] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
[05/10/2008|21:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Malwarebytes
[12/04/2006|20:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\math frag proc
[07/04/2008|20:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
[12/12/2006|19:31] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Morpheus Software
[04/10/2005|22:51] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Motive
[09/09/2008|20:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
[16/05/2005|21:58] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
[29/06/2005|11:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OLYMPUS
[19/05/2006|14:41] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
[01/01/2005|20:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\SampleView
[03/06/2006|21:43] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
[01/01/2005|20:05] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
[12/05/2005|14:44] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Symantec
[12/04/2006|19:50] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Thunderbird
[19/07/2007|19:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Wannadoo
[20/02/2008|18:54] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Windows Live Writer
[14/05/2007|19:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\wxMozze

[01/01/2005|20:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[25/11/2004|05:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2005|20:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2005|20:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|20:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2005|20:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[12/04/2006|21:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\math frag proc
[18/04/2006|17:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[28/12/2005|01:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\math frag proc
[27/03/2006|08:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[15/08/2005 10:15][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1116048714.job
[07/10/2008 15:16][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000


--------------------\\ Listing des dossiers dans C:\Program Files

[12/04/2006|19:56] C:\Program Files\ACD Systems
[01/07/2008|15:55] C:\Program Files\Adobe
[29/07/2005|10:43] C:\Program Files\Ahead
[19/06/2008|19:49] C:\Program Files\AKVIS
[20/08/2005|01:28] C:\Program Files\Alwil Software
[01/10/2005|23:09] C:\Program Files\AxBx
[09/09/2005|09:53] C:\Program Files\BoontyGames
[06/07/2008|23:39] C:\Program Files\CCleaner
[17/03/2006|23:30] C:\Program Files\Classysoft
[25/03/2006|05:17] C:\Program Files\Common Files
[24/11/2004|03:37] C:\Program Files\ComPlus Applications
[01/02/2008|17:06] C:\Program Files\Controle Parental
[17/05/2005|22:17] C:\Program Files\Creative
[12/04/2006|19:06] C:\Program Files\Easy Internet signup
[12/08/2008|20:04] C:\Program Files\eMule
[16/05/2007|21:49] C:\Program Files\ENJOY Plus!
[14/05/2007|19:58] C:\Program Files\Evermore
[05/03/2008|00:48] C:\Program Files\Fichiers communs
[06/10/2008|18:39] C:\Program Files\Fighters
[18/12/2006|19:35] C:\Program Files\Google
[10/11/2005|22:54] C:\Program Files\Grisoft
[25/05/2005|11:56] C:\Program Files\help
[12/04/2006|19:34] C:\Program Files\Help and Support Additions
[20/01/2008|20:15] C:\Program Files\Hercules
[14/05/2005|07:31] C:\Program Files\Hewlett-Packard
[25/08/2008|17:51] C:\Program Files\IMS Ltd
[06/07/2008|23:54] C:\Program Files\InstallShield Installation Information
[15/08/2008|00:01] C:\Program Files\Internet Explorer
[30/04/2007|21:38] C:\Program Files\InterVideo
[27/06/2007|16:27] C:\Program Files\IrfanView
[24/08/2008|13:02] C:\Program Files\Java
[12/12/2006|17:15] C:\Program Files\KC Softwares
[19/05/2005|19:38] C:\Program Files\Lavasoft
[03/09/2005|15:26] C:\Program Files\Livecom
[27/10/2005|01:19] C:\Program Files\Lyrod
[01/01/2005|20:48] C:\Program Files\Macrovision Corp
[05/10/2008|21:11] C:\Program Files\Malwarebytes' Anti-Malware
[15/08/2008|00:02] C:\Program Files\Messenger
[09/04/2008|16:24] C:\Program Files\Messenger Plus! Live
[23/09/2006|10:43] C:\Program Files\MessengerPlus! 3
[09/05/2007|23:25] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/11/2004|05:27] C:\Program Files\microsoft frontpage
[03/12/2007|12:21] C:\Program Files\Microsoft SQL Server Compact Edition
[26/06/2007|09:08] C:\Program Files\Mihov Image Resizer
[25/08/2005|09:24] C:\Program Files\Montparnasse multimedia
[25/11/2004|05:27] C:\Program Files\Movie Maker
[07/10/2008|16:19] C:\Program Files\Mozilla Firefox
[02/06/2008|16:38] C:\Program Files\Mozilla Thunderbird
[12/05/2005|06:11] C:\Program Files\MSN
[17/05/2005|22:48] C:\Program Files\MSN Apps
[25/11/2004|05:27] C:\Program Files\MSN Gaming Zone
[07/11/2007|20:49] C:\Program Files\MSXML 4.0
[11/09/2007|22:58] C:\Program Files\NetMeeting
[29/04/2007|22:03] C:\Program Files\Noiseware Community Edition
[09/11/2007|10:43] C:\Program Files\Nsasoft
[29/06/2005|11:24] C:\Program Files\OLYMPUS
[25/11/2004|05:27] C:\Program Files\Online Services
[16/01/2008|23:30] C:\Program Files\Orange
[13/06/2007|22:42] C:\Program Files\Outlook Express
[11/09/2008|18:45] C:\Program Files\Paint.NET
[06/07/2008|23:16] C:\Program Files\Panda Security
[01/05/2008|23:07] C:\Program Files\Panda Software
[23/06/2006|14:10] C:\Program Files\Photobie
[13/12/2006|15:33] C:\Program Files\PhotoFiltre
[22/05/2008|21:08] C:\Program Files\Picasa2
[29/06/2005|11:23] C:\Program Files\PIXELA
[10/04/2007|22:25] C:\Program Files\program
[30/04/2007|20:36] C:\Program Files\QuickTime
[12/05/2005|23:06] C:\Program Files\Real
[12/04/2006|19:24] C:\Program Files\RegCleaner
[12/04/2006|19:15] C:\Program Files\RegSeeker
[12/04/2006|19:09] C:\Program Files\RegSupreme Pro
[16/01/2008|23:14] C:\Program Files\SAGEM
[16/01/2008|23:13] C:\Program Files\Securitoo
[17/03/2006|14:33] C:\Program Files\Serif
[01/01/2005|20:30] C:\Program Files\Services en ligne
[25/05/2005|11:55] C:\Program Files\share
[01/01/2005|20:18] C:\Program Files\Sonic
[12/12/2006|21:11] C:\Program Files\Sonic RecordNow!
[19/05/2006|09:09] C:\Program Files\Sunbelt Software
[08/04/2006|11:21] C:\Program Files\Symantec
[05/09/2008|19:57] C:\Program Files\Tech
[06/10/2008|18:33] C:\Program Files\Trend Micro
[06/07/2008|23:55] C:\Program Files\Ubisoft
[24/11/2004|03:37] C:\Program Files\Uninstall Information
[25/05/2005|11:56] C:\Program Files\user
[28/10/2006|18:37] C:\Program Files\Vimicro
[11/02/2007|22:15] C:\Program Files\VI-SOFT
[10/04/2006|19:23] C:\Program Files\Wanadoo
[28/02/2008|00:04] C:\Program Files\Windows Live
[08/12/2006|19:07] C:\Program Files\Windows Media Connect 2
[25/04/2007|20:41] C:\Program Files\Windows Media Player
[01/01/2005|10:06] C:\Program Files\Windows NT
[24/11/2004|03:37] C:\Program Files\WindowsUpdate
[22/10/2005|03:10] C:\Program Files\WinRamTurboLanguage
[30/04/2007|20:37] C:\Program Files\WinRAR
[25/11/2004|05:28] C:\Program Files\xerox
[06/07/2008|23:39] C:\Program Files\Yahoo!
[25/07/2005|00:06] C:\Program Files\Zero Assumption Digital Image Recovery
[12/12/2006|21:19] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[25/06/2007|14:30] C:\Program Files\Fichiers communs\ACD Systems
[21/02/2008|12:02] C:\Program Files\Fichiers communs\Adobe
[29/07/2005|10:39] C:\Program Files\Fichiers communs\Ahead
[10/04/2006|19:55] C:\Program Files\Fichiers communs\AOL
[05/06/2005|21:52] C:\Program Files\Fichiers communs\BOONTY Shared
[16/01/2008|23:27] C:\Program Files\Fichiers communs\France Telecom
[14/05/2005|07:02] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2005|20:48] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|20:05] C:\Program Files\Fichiers communs\Java
[29/08/2005|13:58] C:\Program Files\Fichiers communs\Macrovision Shared
[03/12/2007|12:11] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|05:26] C:\Program Files\Fichiers communs\MSSoap
[12/05/2005|23:06] C:\Program Files\Fichiers communs\Nullsoft
[25/11/2004|05:26] C:\Program Files\Fichiers communs\ODBC
[01/05/2008|23:11] C:\Program Files\Fichiers communs\Panda Software
[19/05/2006|14:41] C:\Program Files\Fichiers communs\Real
[01/01/2005|10:06] C:\Program Files\Fichiers communs\Services
[25/11/2004|05:26] C:\Program Files\Fichiers communs\SpeechEngines
[01/01/2005|20:18] C:\Program Files\Fichiers communs\SureThing Shared
[08/04/2006|11:17] C:\Program Files\Fichiers communs\Symantec Shared

[13/06/2007|22:42] C:\Program Files\Fichiers communs\System
[17/03/2006|22:47] C:\Program Files\Fichiers communs\Vbox
[03/12/2007|12:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 65 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 17:34:10
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:142][D:3]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\COMPAQ~1\Cookies
[F:103][D:4]-> C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 07/10/2008|16:22 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 07/10/2008|17:36 - Option : [2]

--------------------\\ Fin du rapport a 17:36:53
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 39
cyrielle
7 oct. 2008 à 17:53
Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-10-07 17:49:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 138 GB (75%) free of 184 GB
Total RAM: 1023 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:40, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explore
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {D4294371-D084-CB53-69B2-096D52D5B7B1} - C:\DOCUME~1\COMPAQ~1\APPLIC~1\MATHFR~1\spamwin.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_0802] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\496ZC12J\WFI_FRA[1].exe"
O4 - HKLM\..\Run: [send glue shim cast] C:\Documents and Settings\All Users\Application Data\Web Meta Send Glue\Meet stupid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Road Window] c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Road Window] c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WiFi Station
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-8da5b693aa60ef72.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
0
Réponse 6 / 39
cyrielle
7 oct. 2008 à 17:58
RAPPORT TEXTE/ LOG rSIT



Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-10-07 17:49:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 138 GB (75%) free of 184 GB
Total RAM: 1023 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:40, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {D4294371-D084-CB53-69B2-096D52D5B7B1} - C:\DOCUME~1\COMPAQ~1\APPLIC~1\MATHFR~1\spamwin.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UWFX5V_0001_0802] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\496ZC12J\WFI_FRA[1].exe"
O4 - HKLM\..\Run: [send glue shim cast] C:\Documents and Settings\All Users\Application Data\Web Meta Send Glue\Meet stupid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Road Window] c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Road Window] c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WiFi Station
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-8da5b693aa60ef72.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
0
Réponse 7 / 39
cyrielle
7 oct. 2008 à 19:50
voila, merci


SmitFraudFix v2.356

Rapport fait à 19:46:21,37, 07/10/2008
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{96B2F56A-E3AC-4D8F-9F90-0C714AB82E59}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{96B2F56A-E3AC-4D8F-9F90-0C714AB82E59}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{96B2F56A-E3AC-4D8F-9F90-0C714AB82E59}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 8 / 39
Cyrielle
8 oct. 2008 à 00:29
voici ce rapport:merci *
ps;j'ai du recommencer a lancer combofix car le compte rendu ne venait pas! Puis aprés il est venu de suite!

ComboFix 08-10-07.03 - Compaq_Propriétaire 2008-10-08 0:10:14.2 - NTFSx86
Microsoft Windows XP Édition familiale [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\hpothb07.dat
C:\Documents and Settings\Compaq_Propriétaire\Cookies\hpothb07.tif
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\stera.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_FOPN
-------\Legacy_SVCPROC
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-07 au 2008-10-07 ))))))))))))))))))))))))))))))))))))
.

2008-10-07 19:46 . 2008-10-07 19:46 3,940 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-07 17:34 . 2008-10-07 17:53 <REP> d-------- C:\rsit
2008-10-07 16:14 . 2008-10-07 17:36 <REP> d-------- C:\Lop SD
2008-10-06 18:51 . 2008-10-06 18:51 <REP> d-------- C:\VundoFix Backups
2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 21:11 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 21:11 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 21:06 . 2008-10-06 18:39 <REP> d-------- C:\Program Files\Fighters
2008-10-05 21:06 . 2008-10-05 21:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fighters
2008-09-25 12:56 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 21:05 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-10-07 21:05 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-10-07 13:19 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-10-05 19:12 277,980 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-10-05 19:12 277,980 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-10-01 13:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-19 10:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-11 16:45 --------- d-----w C:\Program Files\Paint.NET
2008-09-08 21:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-05 17:57 --------- d-----w C:\Program Files\Tech
2008-08-25 15:51 --------- d-----w C:\Program Files\IMS Ltd
2008-08-24 11:02 --------- d-----w C:\Program Files\Java
2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-12 18:04 --------- d-----w C:\Program Files\eMule
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2007-11-06 18:01 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2005-07-18 19:02 193 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\hpothb07.dat
2005-07-18 19:02 174 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\hpothb07.dat
2005-07-18 19:02 174 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\hpothb07.dat
2005-07-18 19:02 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-05-25 09:56 632 ----a-w C:\Program Files\OpenOffice.org 1.1.4.lnk
2005-05-25 09:56 620 ----a-w C:\Program Files\OpenOffice.org Setup.lnk
2005-05-25 08:03 169 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-05-25 08:03 167 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-05-25 08:03 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2004-10-20 13:10 7,781 ----a-w C:\Program Files\license.txt
2004-10-20 13:10 15,317 ----a-w C:\Program Files\readme.txt
2007-04-25 21:37 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll
2005-05-16 06:27 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-12-04 14:58 248 --sh--r C:\WINDOWS\system32\86F7A459B2.sys
2006-03-17 14:17 104 --sh--r C:\WINDOWS\system32\B259A4F786.sys
2007-12-04 15:27 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-14 282624]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-06-23 61440]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 404536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ACROMOUSE"="C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 554496]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-04-10 962661]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2008-01-20 654336]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\WiFi Station
D‚sinstaller WiFi Station.lnk - C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe [2008-01-20 455600]
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe [2008-01-20 654336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 71608]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 21816]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50 132664]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 24760]
R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 624376]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [ ]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 143160]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
.
Contenu du dossier 'Tâches planifiées'

2005-08-15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1116048714.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 14:52]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{D4294371-D084-CB53-69B2-096D52D5B7B1} - C:\DOCUME~1\COMPAQ~1\APPLIC~1\MATHFR~1\spamwin.exe
HKCU-Run-BoontyBox - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
HKLM-Run-NI.UWFX5V_0001_0802 - C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\496ZC12J\WFI_FRA[1].exe
HKLM-Run-send glue shim cast - C:\Documents and Settings\All Users\Application Data\Web Meta Send Glue\Meet stupid.exe
HKU-Default-Run-Road Window - c:\documents and settings\compaq_propriétaire\application data\drive flap\log coal.exe
HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\301w9f6n.Utilisateur par défaut\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npredoute.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 00:13:53
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-08 0:16:31
ComboFix-quarantined-files.txt 2008-10-07 22:16:08

Avant-CF: 144,820,756,480 octets libres
Après-CF: 144,806,916,096 octets libres

202 --- E O F --- 2008-09-12 17:53:13
0
Réponse 9 / 39
Cyrielle
8 oct. 2008 à 14:46
Tout d'abord Bonjour et merci pour les précieuses aides !
Bon j'ai un petit souci technique venant de moi!
J'ai bien enregistré le fichier script , il est sur le bureau!

Aprés il faut donc le glisser déposer sur fichier combofixexe, c'est a dire le fichier ou il y a le rapport combofix!

Oui ou je me trompe !?
Bien que doit t'il se passer alors,
Merci
Je ne saisi pas trop la !Je dois mettre le dossier script sur le fichier combo, en le glissant dessus
Mais y a rien ki se passe !
Normalement je devrai avoir un seul fichier donc !?
pARDON, pour le dérangement mais la je bloque pour des petites choses et ca m'énerve sincérement !
Je fais pas exprés mais ....eN Fait je suis malade en ce moment , et trés fatiguées, mais je me plains pas je voudrai juste réussir a terminer ce travail
Bref on est des humains , je relativise et j'attends une réponse donc

Merci encore beaucoup**bonne journée**

Ps: donc j'ai un fichier script sur le bureau et fichier combofix !
Puis l'icone combofix sur le bureau aussi
0
Réponse 10 / 39
Cyrielle
8 oct. 2008 à 15:59
Mince ,je necomprends pas , tjrs rien!*
Je prends bien le script pour le faire glisser sur l'icone rouge, mais ca ouvre seulement combofix, et il s'éxecute pas du tout seul!
le script est ok! pas d'erreur , l'icone est bien la mais ca lance rien!
0
Réponse 11 / 39
cyrielle
8 oct. 2008 à 16:13
Dois je décocher ;tjrs demander avant d'ouvrir ce fichier( sur fichier combofix, avertissement de sécurité)
? cAR chez moi c'est coché!
Ca a un lien du pourquoi ca lance pas seu l'exécution de combofixl?
0
Réponse 12 / 39
cyrielle
8 oct. 2008 à 16:25
Voici 1er rapport


[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitFraudFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 13 / 39
cyrielle
8 oct. 2008 à 16:46
oui ok , et bien la ca piétine pourtant je fais de mon mieux!
Ca lance tjrs pas combofix!
J'ai bien regardé le tutoriel !
0
Réponse 14 / 39
Cyrielle
9 oct. 2008 à 11:04
Bonjour Vincent, voici rapport:





ComboFix 08-10-07.06 - Compaq_Propriétaire 2008-10-09 10:49:25.3 - NTFSx86
Microsoft Windows XP Édition familiale [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-07 19:46 . 2008-10-07 19:46 3,940 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-07 17:34 . 2008-10-07 17:53 <REP> d-------- C:\rsit
2008-10-06 18:33 . 2008-10-08 16:23 <REP> d-------- C:\Program Files\Trend Micro
2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-10-05 21:11 . 2008-10-05 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 21:11 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 21:11 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 21:06 . 2008-10-06 18:39 <REP> d-------- C:\Program Files\Fighters
2008-10-05 21:06 . 2008-10-05 21:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fighters
2008-09-25 12:56 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 08:47 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-10-09 08:47 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-10-09 08:20 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-10-05 19:12 277,980 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-10-05 19:12 277,980 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-10-01 13:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-19 10:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-11 16:45 --------- d-----w C:\Program Files\Paint.NET
2008-09-08 21:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-05 17:57 --------- d-----w C:\Program Files\Tech
2008-08-25 15:51 --------- d-----w C:\Program Files\IMS Ltd
2008-08-24 11:02 --------- d-----w C:\Program Files\Java
2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-12 18:04 --------- d-----w C:\Program Files\eMule
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-11-06 18:01 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2005-07-18 19:02 193 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\hpothb07.dat
2005-07-18 19:02 174 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\hpothb07.dat
2005-07-18 19:02 174 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\hpothb07.dat
2005-07-18 19:02 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-05-25 09:56 632 ----a-w C:\Program Files\OpenOffice.org 1.1.4.lnk
2005-05-25 09:56 620 ----a-w C:\Program Files\OpenOffice.org Setup.lnk
2005-05-25 08:03 169 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-05-25 08:03 167 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-05-25 08:03 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2004-10-20 13:10 7,781 ----a-w C:\Program Files\license.txt
2004-10-20 13:10 15,317 ----a-w C:\Program Files\readme.txt
2007-04-25 21:37 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll
2005-05-16 06:27 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-12-04 14:58 248 --sh--r C:\WINDOWS\system32\86F7A459B2.sys
2006-03-17 14:17 104 --sh--r C:\WINDOWS\system32\B259A4F786.sys
2007-12-04 15:27 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-14 282624]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-06-23 61440]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 404536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ACROMOUSE"="C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 554496]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-04-10 962661]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2008-01-20 654336]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\WiFi Station
D‚sinstaller WiFi Station.lnk - C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe [2008-01-20 455600]
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe [2008-01-20 654336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 71608]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 21816]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50 132664]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 24760]
R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 624376]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [ ]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 143160]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

*Newly Created Service* - COMFILTR
.
Contenu du dossier 'Tâches planifiées'

2005-08-15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1116048714.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 14:52]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\301w9f6n.Utilisateur par défaut\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npredoute.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 10:53:03
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-09 10:55:59
ComboFix-quarantined-files.txt 2008-10-09 08:55:24

Avant-CF: 144 812 605 440 octets libres
Après-CF: 144,801,767,424 octets libres

174 --- E O F --- 2008-09-12 17:53:13
0
Réponse 15 / 39
Cyrielle
9 oct. 2008 à 16:12
Outil? Quel outil stp
0
Réponse 16 / 39
Cyrielle
9 oct. 2008 à 18:21
voici rapport :

========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Web Meta Send Glue moved successfully.
C:\DOCUME~1\COMPAQ~1\APPLIC~1\math frag proc moved successfully.
C:\DOCUME~1\LOCALS~1\APPLIC~1\math frag proc moved successfully.
C:\DOCUME~1\NETWOR~1\APPLIC~1\math frag proc moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_181828
0
Réponse 17 / 39
Cyrielle
9 oct. 2008 à 18:49


Non il ne bloque plus sur le bureau aprés 5 minutes de non utilisation!Donc cela se peut bien que tout va etre ok de ce coté ci!
Je vais remettre mon écran de veille maintenant !C'est beaucoup plus judicieux!
Si un pb se déclare je te le ferai savoir!
En tout cas merci beaucoup du grand service apporté par tes soins!
Bonne continuation et trés belle fin de soirée*******
0
Réponse 18 / 39
Cyrielle
9 oct. 2008 à 19:24
Non !Bien sur

Voila c'est fait !!Mais il y a pas de dossier !Bizarre!!!!!
Je cherche partout...
0
Réponse 19 / 39
Cyrielle
9 oct. 2008 à 19:31
Mais c'est nettoyé !Tout propre !!
0
Réponse 20 / 39
Cyrielle
9 oct. 2008 à 19:41
Oui OUI je sais le rapportC:\TCleaner.txt
Bah Il est vraiment pas la ce dossier !!!!
La derniere fois , il y était pourtant !!Et la aucune trace de lui!
Voila*
0