Rapports
Fermé
unmecdu65
Messages postés
775
Statut
Membre
-
^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
depuis quelques temps mon ordi rame terriblement et parfois même la barre démarrer et le bureau qui s'efface et réaparraisse donc j'ai suivi à la lettre les " méthodes préliminaires de désinfection " de CCM et voilà mes 3 rapports dans l'ordre (AVG, BitDefender, Hijackthis) :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:48:30 28/10/2008
+ Résultat de l'analyse:
C:\Documents and Settings\Tony_2\Cookies\tony_2@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
Fin du rapport
-------------------------------------------------------------------------------------------------
BitDefender Online Scanner
Scan report generated at: Tue, Oct 28, 2008 - 16:38:46
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
02:29:55
Files
166117
Folders
3802
Boot Sectors
0
Archives
2100
Packed Files
8829
Results
Identified Viruses
0
Infected Files
0
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
0
Engines Info
Virus Definitions
1971512
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
No virus found.
----------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:19, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.adtrgt.com/cpv.jsp?p=111211&aid=7&partnerMin=0.001&ron=on&ronMin=0.0005&ip=90.5.169.172&context=onnexion&url=http%253A%252F%252Flogin.live.com%252Flogin.srf%253Fwa%253Dwsignin1.0%2526rpsnv%253D10%2526ct%253D1225183280%2526rver%253D4.5.2130.0%2526wp%253DMBI%2526wreply%253Dhttp%253A%25252F%25252Fmail.live.com%25252Fdefault.aspx%2526id%253D64855&selectedKeyword=ron&selectedListingId=7338871
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dplayx32.dll
O20 - Winlogon Notify: f8fad50e486 - C:\WINDOWS\System32\dplayx32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
depuis quelques temps mon ordi rame terriblement et parfois même la barre démarrer et le bureau qui s'efface et réaparraisse donc j'ai suivi à la lettre les " méthodes préliminaires de désinfection " de CCM et voilà mes 3 rapports dans l'ordre (AVG, BitDefender, Hijackthis) :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:48:30 28/10/2008
+ Résultat de l'analyse:
C:\Documents and Settings\Tony_2\Cookies\tony_2@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
Fin du rapport
-------------------------------------------------------------------------------------------------
BitDefender Online Scanner
Scan report generated at: Tue, Oct 28, 2008 - 16:38:46
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
02:29:55
Files
166117
Folders
3802
Boot Sectors
0
Archives
2100
Packed Files
8829
Results
Identified Viruses
0
Infected Files
0
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
0
Engines Info
Virus Definitions
1971512
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
No virus found.
----------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:19, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.adtrgt.com/cpv.jsp?p=111211&aid=7&partnerMin=0.001&ron=on&ronMin=0.0005&ip=90.5.169.172&context=onnexion&url=http%253A%252F%252Flogin.live.com%252Flogin.srf%253Fwa%253Dwsignin1.0%2526rpsnv%253D10%2526ct%253D1225183280%2526rver%253D4.5.2130.0%2526wp%253DMBI%2526wreply%253Dhttp%253A%25252F%25252Fmail.live.com%25252Fdefault.aspx%2526id%253D64855&selectedKeyword=ron&selectedListingId=7338871
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dplayx32.dll
O20 - Winlogon Notify: f8fad50e486 - C:\WINDOWS\System32\dplayx32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
A voir également:
- Rapports
- Les rapports de stage - Guide
10 réponses
poursui cela avec SDFIX (trouvera su google )
demarrer le pc en mode sans echec , (F8 au demarrage )
ensuite vas sur c:\SDFIX
lance alor "Run.This.Bat"
Colle aussi le rapport
demarrer le pc en mode sans echec , (F8 au demarrage )
ensuite vas sur c:\SDFIX
lance alor "Run.This.Bat"
Colle aussi le rapport
voilà le rapport SDFix :
[b]SDFix: Version 1.238 [/b]
Run by Tony_2 on 28/10/2008 at 19:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:34:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Disabled:ma3platform"
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Disabled:ubi.com Game Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorateur Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 19 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\12.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\13.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16E.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\17.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\18.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\19.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1A.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1E.tmp"
Sun 26 Oct 2008 0 A.SH. --- "C:\WINDOWS\system32\1F.tmp"
Fri 24 Oct 2008 278,528 A.SH. --- "C:\WINDOWS\system32\2.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\218.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\25.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\26.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\261.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\27.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\28.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\29.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2B.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3A.tmp"
Mon 27 Oct 2008 57,344 A.SH. --- "C:\WINDOWS\system32\3B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3C.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3E.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3F.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\4.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\40.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\44.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\47.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\5.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\6.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\7.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\8.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\9.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\B.tmp"
Mon 27 Oct 2008 4,096 A.SH. --- "C:\WINDOWS\system32\C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\D.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\F.tmp"
Thu 21 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 21 Jun 2007 4,348 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 29 Sep 2008 20 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 21 Jun 2007 400 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 29 Sep 2008 13,312 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
[b]Finished![/b]
[b]SDFix: Version 1.238 [/b]
Run by Tony_2 on 28/10/2008 at 19:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:34:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Disabled:ma3platform"
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Disabled:ubi.com Game Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorateur Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 19 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\12.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\13.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16E.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\17.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\18.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\19.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1A.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1E.tmp"
Sun 26 Oct 2008 0 A.SH. --- "C:\WINDOWS\system32\1F.tmp"
Fri 24 Oct 2008 278,528 A.SH. --- "C:\WINDOWS\system32\2.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\218.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\25.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\26.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\261.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\27.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\28.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\29.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2B.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3A.tmp"
Mon 27 Oct 2008 57,344 A.SH. --- "C:\WINDOWS\system32\3B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3C.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3E.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3F.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\4.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\40.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\44.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\47.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\5.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\6.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\7.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\8.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\9.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\B.tmp"
Mon 27 Oct 2008 4,096 A.SH. --- "C:\WINDOWS\system32\C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\D.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\F.tmp"
Thu 21 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 21 Jun 2007 4,348 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 29 Sep 2008 20 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 21 Jun 2007 400 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 29 Sep 2008 13,312 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
[b]Finished![/b]
voilà le rapport SDFix :
[b]SDFix: Version 1.238 [/b]
Run by Tony_2 on 28/10/2008 at 19:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:34:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Disabled:ma3platform"
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Disabled:ubi.com Game Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorateur Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 19 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\12.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\13.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16E.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\17.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\18.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\19.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1A.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1E.tmp"
Sun 26 Oct 2008 0 A.SH. --- "C:\WINDOWS\system32\1F.tmp"
Fri 24 Oct 2008 278,528 A.SH. --- "C:\WINDOWS\system32\2.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\218.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\25.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\26.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\261.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\27.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\28.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\29.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2B.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3A.tmp"
Mon 27 Oct 2008 57,344 A.SH. --- "C:\WINDOWS\system32\3B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3C.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3E.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3F.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\4.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\40.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\44.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\47.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\5.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\6.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\7.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\8.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\9.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\B.tmp"
Mon 27 Oct 2008 4,096 A.SH. --- "C:\WINDOWS\system32\C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\D.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\F.tmp"
Thu 21 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 21 Jun 2007 4,348 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 29 Sep 2008 20 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 21 Jun 2007 400 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 29 Sep 2008 13,312 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
[b]Finished![/b]
[b]SDFix: Version 1.238 [/b]
Run by Tony_2 on 28/10/2008 at 19:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:34:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Disabled:ma3platform"
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Disabled:ubi.com Game Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorateur Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 19 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\12.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\13.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\16E.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\17.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\18.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\19.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1A.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1E.tmp"
Sun 26 Oct 2008 0 A.SH. --- "C:\WINDOWS\system32\1F.tmp"
Fri 24 Oct 2008 278,528 A.SH. --- "C:\WINDOWS\system32\2.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\218.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\25.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\26.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\261.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\27.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\28.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\29.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\2B.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3A.tmp"
Mon 27 Oct 2008 57,344 A.SH. --- "C:\WINDOWS\system32\3B.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3C.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3E.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\3F.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\4.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\40.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\44.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\47.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\5.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\6.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\7.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\8.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\9.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\A.tmp"
Mon 27 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\B.tmp"
Mon 27 Oct 2008 4,096 A.SH. --- "C:\WINDOWS\system32\C.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\D.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\F.tmp"
Thu 21 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 21 Jun 2007 4,348 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 29 Sep 2008 20 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 21 Jun 2007 400 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 29 Sep 2008 13,312 A..H. --- "C:\Documents and Settings\Tony_2\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-10-29.04 - Tony_2 2008-10-29 10:25:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.54 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Tony_2\Mes documents\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\MSINET.oca
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550U
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-28 23:49 . 2008-10-28 23:50 318,464 --ahs---- C:\WINDOWS\system32\137.tmp
2008-10-28 23:47 . 2008-10-28 23:47 0 --a------ C:\WINDOWS\system32\136.tmp
2008-10-28 23:26 . 2008-10-28 23:27 <REP> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-28 22:46 . 2008-10-28 22:47 318,464 --ahs---- C:\WINDOWS\system32\129.tmp
2008-10-28 21:39 . 2008-10-28 21:39 318,464 --ahs---- C:\WINDOWS\system32\118.tmp
2008-10-28 20:39 . 2008-10-28 20:39 318,464 --ahs---- C:\WINDOWS\system32\9F.tmp
2008-10-28 16:33 . 2008-10-28 16:34 318,464 --ahs---- C:\WINDOWS\system32\261.tmp
2008-10-28 14:02 . 2008-10-28 14:02 <REP> d---s---- C:\Documents and Settings\Tony_2\UserData
2008-10-27 21:49 . 2008-10-27 21:49 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\Datel
2008-10-27 21:46 . 2008-10-27 21:46 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\GRETECH
2008-10-27 21:11 . 2008-10-28 23:36 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\LimeWire
2008-10-27 20:28 . 2008-10-27 20:34 <REP> d-------- C:\Documents and Settings\Tony_2\Contacts
2008-10-27 20:24 . 2007-06-19 10:35 <REP> d--h----- C:\Documents and Settings\Tony_2\Voisinage réseau
2008-10-27 20:24 . 2007-06-19 10:35 <REP> d--h----- C:\Documents and Settings\Tony_2\Voisinage d'impression
2008-10-27 20:24 . 2007-06-19 09:32 <REP> d--h----- C:\Documents and Settings\Tony_2\Modèles
2008-10-27 20:24 . 2008-10-29 10:16 <REP> dr------- C:\Documents and Settings\Tony_2\Mes documents
2008-10-27 20:24 . 2007-06-19 10:35 <REP> dr------- C:\Documents and Settings\Tony_2\Menu Démarrer
2008-10-27 20:24 . 2008-10-27 20:24 <REP> dr------- C:\Documents and Settings\Tony_2\Favoris
2008-10-27 20:24 . 2008-10-29 09:13 <REP> d-------- C:\Documents and Settings\Tony_2\Bureau
2008-10-27 20:24 . 2008-03-18 19:54 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\Apple Computer
2008-10-27 20:24 . 2008-10-28 14:02 <REP> d-------- C:\Documents and Settings\Tony_2
2008-10-27 20:20 . 2008-10-27 20:20 318,464 --ahs---- C:\WINDOWS\system32\44.tmp
2008-10-27 19:46 . 2008-10-27 19:47 318,464 --ahs---- C:\WINDOWS\system32\40.tmp
2008-10-27 19:12 . 2008-10-27 19:12 318,464 --ahs---- C:\WINDOWS\system32\3F.tmp
2008-10-27 19:06 . 2008-10-27 19:06 318,464 --ahs---- C:\WINDOWS\system32\3E.tmp
2008-10-27 18:44 . 2008-10-27 18:45 318,464 --ahs---- C:\WINDOWS\system32\3C.tmp
2008-10-27 18:44 . 2008-10-27 18:44 57,344 --ahs---- C:\WINDOWS\system32\3B.tmp
2008-10-27 18:22 . 2008-10-27 18:22 318,464 --ahs---- C:\WINDOWS\system32\3A.tmp
2008-10-27 18:15 . 2008-10-27 18:15 318,464 --ahs---- C:\WINDOWS\system32\2B.tmp
2008-10-27 11:54 . 2008-10-27 11:55 318,464 --ahs---- C:\WINDOWS\system32\13.tmp
2008-10-27 00:39 . 2008-10-27 00:39 318,464 --ahs---- C:\WINDOWS\system32\2A.tmp
2008-10-27 00:34 . 2008-10-27 00:34 318,464 --ahs---- C:\WINDOWS\system32\27.tmp
2008-10-27 00:28 . 2008-10-27 00:28 318,464 --ahs---- C:\WINDOWS\system32\1C.tmp
2008-10-27 00:12 . 2008-10-27 00:12 318,464 --ahs---- C:\WINDOWS\system32\18.tmp
2008-10-26 22:48 . 2008-10-26 22:49 318,464 --ahs---- C:\WINDOWS\system32\26.tmp
2008-10-26 22:41 . 2008-10-26 22:42 318,464 --ahs---- C:\WINDOWS\system32\25.tmp
2008-10-26 22:30 . 2008-10-26 22:30 214 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-26 22:29 . 2008-09-08 22:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-26 22:29 . 2008-10-01 14:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-26 22:29 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-26 22:29 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-26 22:29 . 2008-08-18 11:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-26 22:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-26 22:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-26 22:28 . 2008-05-18 20:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-26 22:28 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-26 22:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-26 22:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-26 22:22 . 2008-10-26 22:22 0 --ahs---- C:\WINDOWS\system32\1F.tmp
2008-10-26 22:20 . 2008-10-26 22:20 318,464 --ahs---- C:\WINDOWS\system32\1E.tmp
2008-10-26 22:15 . 2008-10-26 22:15 318,464 --ahs---- C:\WINDOWS\system32\1B.tmp
2008-10-26 22:10 . 2008-10-26 22:10 318,464 --ahs---- C:\WINDOWS\system32\1A.tmp
2008-10-26 21:55 . 2008-10-26 21:55 318,464 --ahs---- C:\WINDOWS\system32\19.tmp
2008-10-26 21:53 . 2008-10-26 21:53 318,464 --ahs---- C:\WINDOWS\system32\17.tmp
2008-10-26 21:24 . 2008-10-26 21:24 318,464 --ahs---- C:\WINDOWS\system32\16.tmp
2008-10-26 20:17 . 2008-10-26 20:17 318,464 --ahs---- C:\WINDOWS\system32\12.tmp
2008-10-26 18:45 . 2008-10-26 19:06 <REP> d-------- C:\Backups
2008-10-24 00:39 . 2008-10-24 00:40 318,464 --ahs---- C:\WINDOWS\system32\29.tmp
2008-10-22 21:02 . 2008-10-22 21:02 318,464 --ahs---- C:\WINDOWS\system32\218.tmp
2008-10-22 18:20 . 2008-10-22 18:22 318,464 --ahs---- C:\WINDOWS\system32\16E.tmp
2008-10-22 16:04 . 2008-10-22 16:04 318,464 --ahs---- C:\WINDOWS\system32\28.tmp
2008-10-22 12:34 . 2008-10-29 09:11 5,576 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-22 12:28 . 2008-10-22 12:28 318,464 --ahs---- C:\WINDOWS\system32\47.tmp
2008-10-22 12:28 . 2008-10-22 12:28 131,072 --a------ C:\WINDOWS\system32\dplayx32.dll
2008-10-22 12:28 . 2008-10-28 23:26 1,430 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-10 20:33 . 2008-10-10 20:33 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-10 20:33 . 2008-10-10 20:33 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-10-10 20:22 . 2008-10-10 20:22 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-10-10 20:22 . 2008-10-10 20:22 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-10-10 20:22 . 2008-10-10 20:22 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-10-10 20:15 . 2008-10-10 20:15 <REP> d-------- C:\Program Files\Avanquest update
2008-10-10 20:14 . 2008-10-10 20:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-10-10 20:11 . 2007-04-03 12:57 108,680 --a------ C:\WINDOWS\system32\drivers\s116mdm.sys
2008-10-10 20:11 . 2007-04-03 12:57 100,488 --a------ C:\WINDOWS\system32\drivers\s116mgmt.sys
2008-10-10 20:11 . 2007-04-03 12:57 99,080 --a------ C:\WINDOWS\system32\drivers\s116unic.sys
2008-10-10 20:11 . 2007-04-03 12:57 98,696 --a------ C:\WINDOWS\system32\drivers\s116obex.sys
2008-10-10 20:11 . 2007-04-03 12:57 83,336 --a------ C:\WINDOWS\system32\drivers\s116bus.sys
2008-10-10 20:11 . 2007-04-03 12:57 23,176 --a------ C:\WINDOWS\system32\drivers\s116nd5.sys
2008-10-10 20:11 . 2007-04-03 12:57 15,112 --a------ C:\WINDOWS\system32\drivers\s116mdfl.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116whnt.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116wh.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116cmnt.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116cm.sys
2008-10-10 20:11 . 2007-04-03 12:57 11,016 --a------ C:\WINDOWS\system32\drivers\s116cr.sys
2008-10-10 20:09 . 2008-10-10 20:15 <REP> d-------- C:\Program Files\Sony Ericsson
2008-10-10 20:09 . 2008-10-10 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-04 16:27 . 2008-10-04 16:29 <REP> d-------- C:\Program Files\PhotoFiltre
2008-09-29 20:45 . 2008-09-29 20:45 <REP> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 09:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-28 15:57 --------- d-----w C:\Program Files\Trend Micro
2008-10-10 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 16:51 --------- d-----w C:\Program Files\LimeWire
2008-09-23 19:27 --------- d-----w C:\Program Files\VDOWNLOADER
2008-09-23 18:44 --------- d-----w C:\Program Files\ConvertHelper
2008-09-22 18:32 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2008-09-18 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 18:51 --------- d-----w C:\Program Files\MobilZone
2008-09-08 18:35 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-09-06 09:26 --------- d-----w C:\Program Files\DivX
2008-09-06 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-04 19:36 --------- d-----w C:\Program Files\Messenger Plus! Live
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-08 925696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f8fad50e486]
2008-10-22 12:28 131072 C:\WINDOWS\system32\dplayx32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\System32\dplayx32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 08:47 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 50432]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-10-10 13352]
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2001-09-25 27519]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Tony_2\Application Data\Mozilla\Firefox\Profiles\a0y996y6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
.
------- Associations de fichier -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 10:34:27
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\dplayx32.dll
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\dplayx32.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 10:44:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 09:43:57
Avant-CF: 19 421 691 904 octets libres
Après-CF: 19,378,135,040 octets libres
236
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.54 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Tony_2\Mes documents\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\MSINET.oca
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550U
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-28 23:49 . 2008-10-28 23:50 318,464 --ahs---- C:\WINDOWS\system32\137.tmp
2008-10-28 23:47 . 2008-10-28 23:47 0 --a------ C:\WINDOWS\system32\136.tmp
2008-10-28 23:26 . 2008-10-28 23:27 <REP> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-28 22:46 . 2008-10-28 22:47 318,464 --ahs---- C:\WINDOWS\system32\129.tmp
2008-10-28 21:39 . 2008-10-28 21:39 318,464 --ahs---- C:\WINDOWS\system32\118.tmp
2008-10-28 20:39 . 2008-10-28 20:39 318,464 --ahs---- C:\WINDOWS\system32\9F.tmp
2008-10-28 16:33 . 2008-10-28 16:34 318,464 --ahs---- C:\WINDOWS\system32\261.tmp
2008-10-28 14:02 . 2008-10-28 14:02 <REP> d---s---- C:\Documents and Settings\Tony_2\UserData
2008-10-27 21:49 . 2008-10-27 21:49 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\Datel
2008-10-27 21:46 . 2008-10-27 21:46 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\GRETECH
2008-10-27 21:11 . 2008-10-28 23:36 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\LimeWire
2008-10-27 20:28 . 2008-10-27 20:34 <REP> d-------- C:\Documents and Settings\Tony_2\Contacts
2008-10-27 20:24 . 2007-06-19 10:35 <REP> d--h----- C:\Documents and Settings\Tony_2\Voisinage réseau
2008-10-27 20:24 . 2007-06-19 10:35 <REP> d--h----- C:\Documents and Settings\Tony_2\Voisinage d'impression
2008-10-27 20:24 . 2007-06-19 09:32 <REP> d--h----- C:\Documents and Settings\Tony_2\Modèles
2008-10-27 20:24 . 2008-10-29 10:16 <REP> dr------- C:\Documents and Settings\Tony_2\Mes documents
2008-10-27 20:24 . 2007-06-19 10:35 <REP> dr------- C:\Documents and Settings\Tony_2\Menu Démarrer
2008-10-27 20:24 . 2008-10-27 20:24 <REP> dr------- C:\Documents and Settings\Tony_2\Favoris
2008-10-27 20:24 . 2008-10-29 09:13 <REP> d-------- C:\Documents and Settings\Tony_2\Bureau
2008-10-27 20:24 . 2008-03-18 19:54 <REP> d-------- C:\Documents and Settings\Tony_2\Application Data\Apple Computer
2008-10-27 20:24 . 2008-10-28 14:02 <REP> d-------- C:\Documents and Settings\Tony_2
2008-10-27 20:20 . 2008-10-27 20:20 318,464 --ahs---- C:\WINDOWS\system32\44.tmp
2008-10-27 19:46 . 2008-10-27 19:47 318,464 --ahs---- C:\WINDOWS\system32\40.tmp
2008-10-27 19:12 . 2008-10-27 19:12 318,464 --ahs---- C:\WINDOWS\system32\3F.tmp
2008-10-27 19:06 . 2008-10-27 19:06 318,464 --ahs---- C:\WINDOWS\system32\3E.tmp
2008-10-27 18:44 . 2008-10-27 18:45 318,464 --ahs---- C:\WINDOWS\system32\3C.tmp
2008-10-27 18:44 . 2008-10-27 18:44 57,344 --ahs---- C:\WINDOWS\system32\3B.tmp
2008-10-27 18:22 . 2008-10-27 18:22 318,464 --ahs---- C:\WINDOWS\system32\3A.tmp
2008-10-27 18:15 . 2008-10-27 18:15 318,464 --ahs---- C:\WINDOWS\system32\2B.tmp
2008-10-27 11:54 . 2008-10-27 11:55 318,464 --ahs---- C:\WINDOWS\system32\13.tmp
2008-10-27 00:39 . 2008-10-27 00:39 318,464 --ahs---- C:\WINDOWS\system32\2A.tmp
2008-10-27 00:34 . 2008-10-27 00:34 318,464 --ahs---- C:\WINDOWS\system32\27.tmp
2008-10-27 00:28 . 2008-10-27 00:28 318,464 --ahs---- C:\WINDOWS\system32\1C.tmp
2008-10-27 00:12 . 2008-10-27 00:12 318,464 --ahs---- C:\WINDOWS\system32\18.tmp
2008-10-26 22:48 . 2008-10-26 22:49 318,464 --ahs---- C:\WINDOWS\system32\26.tmp
2008-10-26 22:41 . 2008-10-26 22:42 318,464 --ahs---- C:\WINDOWS\system32\25.tmp
2008-10-26 22:30 . 2008-10-26 22:30 214 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-26 22:29 . 2008-09-08 22:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-26 22:29 . 2008-10-01 14:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-26 22:29 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-26 22:29 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-26 22:29 . 2008-08-18 11:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-26 22:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-26 22:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-26 22:28 . 2008-05-18 20:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-26 22:28 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-26 22:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-26 22:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-26 22:22 . 2008-10-26 22:22 0 --ahs---- C:\WINDOWS\system32\1F.tmp
2008-10-26 22:20 . 2008-10-26 22:20 318,464 --ahs---- C:\WINDOWS\system32\1E.tmp
2008-10-26 22:15 . 2008-10-26 22:15 318,464 --ahs---- C:\WINDOWS\system32\1B.tmp
2008-10-26 22:10 . 2008-10-26 22:10 318,464 --ahs---- C:\WINDOWS\system32\1A.tmp
2008-10-26 21:55 . 2008-10-26 21:55 318,464 --ahs---- C:\WINDOWS\system32\19.tmp
2008-10-26 21:53 . 2008-10-26 21:53 318,464 --ahs---- C:\WINDOWS\system32\17.tmp
2008-10-26 21:24 . 2008-10-26 21:24 318,464 --ahs---- C:\WINDOWS\system32\16.tmp
2008-10-26 20:17 . 2008-10-26 20:17 318,464 --ahs---- C:\WINDOWS\system32\12.tmp
2008-10-26 18:45 . 2008-10-26 19:06 <REP> d-------- C:\Backups
2008-10-24 00:39 . 2008-10-24 00:40 318,464 --ahs---- C:\WINDOWS\system32\29.tmp
2008-10-22 21:02 . 2008-10-22 21:02 318,464 --ahs---- C:\WINDOWS\system32\218.tmp
2008-10-22 18:20 . 2008-10-22 18:22 318,464 --ahs---- C:\WINDOWS\system32\16E.tmp
2008-10-22 16:04 . 2008-10-22 16:04 318,464 --ahs---- C:\WINDOWS\system32\28.tmp
2008-10-22 12:34 . 2008-10-29 09:11 5,576 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-22 12:28 . 2008-10-22 12:28 318,464 --ahs---- C:\WINDOWS\system32\47.tmp
2008-10-22 12:28 . 2008-10-22 12:28 131,072 --a------ C:\WINDOWS\system32\dplayx32.dll
2008-10-22 12:28 . 2008-10-28 23:26 1,430 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-10 20:33 . 2008-10-10 20:33 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-10 20:33 . 2008-10-10 20:33 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-10-10 20:22 . 2008-10-10 20:22 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-10-10 20:22 . 2008-10-10 20:22 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-10-10 20:22 . 2008-10-10 20:22 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-10-10 20:15 . 2008-10-10 20:15 <REP> d-------- C:\Program Files\Avanquest update
2008-10-10 20:14 . 2008-10-10 20:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-10-10 20:11 . 2007-04-03 12:57 108,680 --a------ C:\WINDOWS\system32\drivers\s116mdm.sys
2008-10-10 20:11 . 2007-04-03 12:57 100,488 --a------ C:\WINDOWS\system32\drivers\s116mgmt.sys
2008-10-10 20:11 . 2007-04-03 12:57 99,080 --a------ C:\WINDOWS\system32\drivers\s116unic.sys
2008-10-10 20:11 . 2007-04-03 12:57 98,696 --a------ C:\WINDOWS\system32\drivers\s116obex.sys
2008-10-10 20:11 . 2007-04-03 12:57 83,336 --a------ C:\WINDOWS\system32\drivers\s116bus.sys
2008-10-10 20:11 . 2007-04-03 12:57 23,176 --a------ C:\WINDOWS\system32\drivers\s116nd5.sys
2008-10-10 20:11 . 2007-04-03 12:57 15,112 --a------ C:\WINDOWS\system32\drivers\s116mdfl.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116whnt.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116wh.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116cmnt.sys
2008-10-10 20:11 . 2007-04-03 12:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116cm.sys
2008-10-10 20:11 . 2007-04-03 12:57 11,016 --a------ C:\WINDOWS\system32\drivers\s116cr.sys
2008-10-10 20:09 . 2008-10-10 20:15 <REP> d-------- C:\Program Files\Sony Ericsson
2008-10-10 20:09 . 2008-10-10 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-04 16:27 . 2008-10-04 16:29 <REP> d-------- C:\Program Files\PhotoFiltre
2008-09-29 20:45 . 2008-09-29 20:45 <REP> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 09:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-28 15:57 --------- d-----w C:\Program Files\Trend Micro
2008-10-10 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 16:51 --------- d-----w C:\Program Files\LimeWire
2008-09-23 19:27 --------- d-----w C:\Program Files\VDOWNLOADER
2008-09-23 18:44 --------- d-----w C:\Program Files\ConvertHelper
2008-09-22 18:32 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2008-09-18 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 18:51 --------- d-----w C:\Program Files\MobilZone
2008-09-08 18:35 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-09-06 09:26 --------- d-----w C:\Program Files\DivX
2008-09-06 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-04 19:36 --------- d-----w C:\Program Files\Messenger Plus! Live
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-08 925696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f8fad50e486]
2008-10-22 12:28 131072 C:\WINDOWS\system32\dplayx32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\System32\dplayx32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 08:47 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 50432]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-10-10 13352]
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2001-09-25 27519]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Tony_2\Application Data\Mozilla\Firefox\Profiles\a0y996y6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
.
------- Associations de fichier -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 10:34:27
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\dplayx32.dll
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\dplayx32.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 10:44:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 09:43:57
Avant-CF: 19 421 691 904 octets libres
Après-CF: 19,378,135,040 octets libres
236
lance un nettoya avec ccleaner (google)
application et base de registre a nettoyer (sauvegarder la base de registre la premiere fois avec ccleaner )
Si ton pc chaud , donne un coup d'aspirateur a ton pc , partout icompris l'alimentation
application et base de registre a nettoyer (sauvegarder la base de registre la premiere fois avec ccleaner )
Si ton pc chaud , donne un coup d'aspirateur a ton pc , partout icompris l'alimentation
HA ! OK
Me suis K C le popotin pour rien
http://www.commentcamarche.net/forum/affich 9016511 rapport hijackthis ordi qui bug
Me suis K C le popotin pour rien
http://www.commentcamarche.net/forum/affich 9016511 rapport hijackthis ordi qui bug
