Agissements anormaux de mon PC
Résolu/Fermé
revolt98
Messages postés
6
Date d'inscription
lundi 22 septembre 2008
Statut
Membre
Dernière intervention
30 novembre 2008
-
15 nov. 2008 à 18:55
revolt98 Messages postés 6 Date d'inscription lundi 22 septembre 2008 Statut Membre Dernière intervention 30 novembre 2008 - 30 nov. 2008 à 04:27
revolt98 Messages postés 6 Date d'inscription lundi 22 septembre 2008 Statut Membre Dernière intervention 30 novembre 2008 - 30 nov. 2008 à 04:27
A voir également:
- Agissements anormaux de mon PC
- Benchmark pc - Guide
- Mon pc rame que faire - Guide
- Mon pc s'allume mais ne démarre pas windows 10 - Guide
- Reinitialiser pc - Guide
- Plus de son sur mon pc - Guide
7 réponses
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
18 nov. 2008 à 18:45
18 nov. 2008 à 18:45
Salut
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tuto : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tuto : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
21 nov. 2008 à 22:36
21 nov. 2008 à 22:36
Salut
Une petite vérif :
Télécharge et installe Malwarebytes' Anti-Malware : http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance MBAM, laisse les Mises à jour se télécharger et referme le programme
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle
Lance MBAM
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats
- Coche tous les éléments détectés puis clique sur Supprimer la sélection
- Enregistre le rapport
- S'il t'est demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici stp
@+
Une petite vérif :
Télécharge et installe Malwarebytes' Anti-Malware : http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance MBAM, laisse les Mises à jour se télécharger et referme le programme
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle
Lance MBAM
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats
- Coche tous les éléments détectés puis clique sur Supprimer la sélection
- Enregistre le rapport
- S'il t'est demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici stp
@+
revolt98
Messages postés
6
Date d'inscription
lundi 22 septembre 2008
Statut
Membre
Dernière intervention
30 novembre 2008
23 nov. 2008 à 18:47
23 nov. 2008 à 18:47
Voila le rapport demandé :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1414
Windows 5.1.2600 Service Pack 2
23/11/2008 12:36:29
mbam-log-2008-11-23 (12-36-29).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 179205
Temps écoulé: 3 hour(s), 33 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Adobe Acrobat Professional 8\acrobat8pro\Crack\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
____________
Merci d'avance
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1414
Windows 5.1.2600 Service Pack 2
23/11/2008 12:36:29
mbam-log-2008-11-23 (12-36-29).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 179205
Temps écoulé: 3 hour(s), 33 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Adobe Acrobat Professional 8\acrobat8pro\Crack\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
____________
Merci d'avance
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
24 nov. 2008 à 17:39
24 nov. 2008 à 17:39
Salut
ok, quelques bébéttes ...
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
@+
;-)
ok, quelques bébéttes ...
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
@+
;-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
revolt98
Messages postés
6
Date d'inscription
lundi 22 septembre 2008
Statut
Membre
Dernière intervention
30 novembre 2008
29 nov. 2008 à 16:47
29 nov. 2008 à 16:47
ComboFix 08-11-28.02 - Mehdi 2008-11-28 16:59:57.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1783 [GMT -5:00]
Lancé depuis: c:\documents and settings\Mehdi\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\MPG4c32.dll
D:\WinRAR.exe
.
---- Previous Run -------
.
c:\program files\Common\helper.sig
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.
2008-11-28 16:23 . 2008-11-28 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\IJJIGame
2008-11-28 13:14 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH001c.TMP
2008-11-28 13:14 . 2004-10-18 14:22 352,256 --a------ c:\windows\esellerateengine.dll
2008-11-28 13:11 . 2008-11-28 13:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Computer Business Solutions
2008-11-28 13:10 . 2008-11-28 13:10 <REP> d-------- c:\program files\Computer Business Solutions
2008-11-28 13:10 . 2007-02-14 01:26 749,568 --a------ c:\windows\system32\wodSmtp.dll
2008-11-28 13:10 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH001b.TMP
2008-11-28 13:10 . 2007-01-22 22:46 42,616 --a------ c:\windows\system32\kwmain.exe
2008-11-28 13:07 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH001a.TMP
2008-11-28 13:02 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0019.TMP
2008-11-28 12:46 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0018.TMP
2008-11-28 12:18 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0017.TMP
2008-11-23 12:43 . 2004-08-19 16:09 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-23 12:43 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-21 17:58 . 2008-11-21 17:58 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 17:58 . 2008-11-21 17:58 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Malwarebytes
2008-11-21 17:58 . 2008-11-21 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 17:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 17:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 07:19 . 2008-11-21 07:35 <REP> d-------- c:\program files\Absolute Sound Recorder
2008-11-19 20:59 . 2008-11-19 20:59 <REP> d-------- c:\documents and settings\Mehdi\Application Data\dvdcss
2008-11-19 19:08 . 2008-11-19 19:08 <REP> d-------- c:\program files\Trend Micro
2008-11-18 19:39 . 2008-11-18 19:39 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Media Player Classic
2008-11-18 19:38 . 2008-09-19 16:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-18 19:38 . 2008-09-24 13:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-11-18 19:38 . 2008-01-10 07:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-18 19:38 . 2007-09-04 11:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-18 19:38 . 2008-01-10 07:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-18 19:38 . 2007-09-20 19:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-11-18 19:38 . 2008-09-25 03:03 81,920 --a------ c:\windows\system32\dpl100.dll
2008-11-18 19:38 . 2008-10-03 07:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-18 19:38 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini
2008-11-18 19:37 . 2008-11-18 19:38 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-18 19:37 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\divx.dll
2008-11-18 19:37 . 2008-11-02 09:02 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-18 19:37 . 2007-07-10 11:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-18 19:31 . 2008-11-18 19:34 6,615,212 --a------ C:\video.mp4.AVI
2008-11-18 19:30 . 2008-11-18 19:24 <REP> d-------- c:\program files\AviSynth 2.5
2008-11-18 19:30 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll
2008-11-18 19:30 . 2006-10-07 17:43 502,784 --a------ c:\windows\x2.64.exe
2008-11-18 19:30 . 2007-05-14 15:24 394,240 --a------ c:\windows\system32\Smab.dll
2008-11-18 19:30 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll
2008-11-18 19:30 . 2005-02-28 13:16 240,128 --a------ c:\windows\system32\x.264.exe
2008-11-18 19:30 . 2004-01-25 11:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-18 19:30 . 2006-04-12 09:47 217,073 --a------ c:\windows\meta4.exe
2008-11-18 19:30 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2008-11-18 19:30 . 2006-04-05 08:09 66,560 --a------ c:\windows\MOTA113.exe
2008-11-18 19:30 . 2005-07-14 12:31 27,648 --a------ c:\windows\system32\AVSredirect.dll
2008-11-18 19:29 . 2005-02-12 17:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax
2008-11-18 19:29 . 2006-03-10 15:48 169,472 -r-hs---- c:\windows\system32\MatroskaDX.ax
2008-11-18 19:29 . 2006-05-03 04:06 163,328 -r-hs---- c:\windows\system32\flvDX.dll
2008-11-18 19:29 . 2005-11-25 14:46 161,792 -r-hs---- c:\windows\system32\RealMediaDX.ax
2008-11-18 19:29 . 2005-02-05 17:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax
2008-11-18 19:29 . 2005-02-12 17:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax
2008-11-18 19:29 . 2003-11-20 17:00 54,784 -r-hs---- c:\windows\system32\RLAPEDec.ax
2008-11-18 19:29 . 2005-02-12 17:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax
2008-11-18 19:29 . 2004-04-26 17:00 37,888 -r-hs---- c:\windows\system32\RLMPCDec.ax
2008-11-18 19:29 . 2007-02-21 05:47 31,232 -r-hs---- c:\windows\system32\msfDX.dll
2008-11-18 19:28 . 2006-09-12 05:46 227,328 -r-hs---- c:\windows\system32\ac3DX.ax
2008-11-18 19:28 . 2005-01-17 17:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax
2008-11-18 19:28 . 2006-08-16 08:53 175,104 -r-hs---- c:\windows\system32\CoreAAC.ax
2008-11-18 19:28 . 2006-01-12 17:23 123,904 -r-hs---- c:\windows\system32\AVCDX.ax
2008-11-18 19:28 . 2005-02-22 10:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax
2008-11-18 19:28 . 2007-07-03 00:59 9,292 ---h----- c:\windows\super.chm
2008-11-18 19:24 . 2008-11-18 19:24 <REP> d-------- c:\program files\eRightSoft
2008-11-18 19:22 . 2008-11-18 19:22 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Publish Providers
2008-11-18 19:19 . 2008-11-18 19:22 156 --a------ c:\windows\Twunk001.MTX
2008-11-18 19:19 . 2008-11-18 19:22 2 --a------ c:\windows\Twain001.Mtx
2008-11-18 19:19 . 2008-11-18 19:19 0 --a------ c:\windows\Twunk002.MTX
2008-11-18 19:18 . 2008-11-18 19:18 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Sony
2008-11-18 19:17 . 2008-11-18 19:17 <REP> d-------- c:\program files\Vstplugins
2008-11-18 19:17 . 2008-11-18 19:17 <REP> d-------- c:\program files\Sony
2008-11-18 19:17 . 2008-11-18 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-18 18:52 . 2008-11-18 18:52 <REP> d-------- c:\program files\Sony Setup
2008-11-18 18:06 . 2008-11-18 18:06 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Apple Computer
2008-11-17 17:28 . 2008-11-17 17:28 <REP> d-------- c:\program files\Audacity
2008-11-16 12:31 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0016.TMP
2008-11-14 22:01 . 2008-11-19 20:32 230,424 --a------ C:\DC6810xp-001.raw
2008-11-14 21:45 . 2008-11-14 21:55 <REP> d-------- c:\program files\Microsoft LifeCam
2008-11-10 20:30 . 2008-11-10 21:25 <REP> d-------- c:\documents and settings\Mehdi\Application Data\vlc
2008-11-09 13:10 . 2008-11-09 13:10 134 --a------ C:\CTMeasureTiming.ini
2008-11-09 12:53 . 1999-10-10 12:00 41,984 --------- c:\windows\Ctregrun.exe
2008-11-09 12:51 . 2008-11-09 12:51 <REP> d-------- c:\program files\Fichiers communs\Creative
2008-11-09 12:51 . 2008-11-09 12:51 <REP> d--h----- c:\program files\Creative Installation Information
2008-11-09 12:51 . 1999-12-12 12:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-11-09 12:51 . 1999-11-17 12:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-11-09 12:42 . 2008-11-09 12:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-11-09 08:58 . 2008-11-28 16:44 <REP> d-------- c:\program files\Common
2008-11-07 20:06 . 2008-11-07 20:06 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-07 18:59 . 2008-11-07 19:45 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-07 18:59 . 2008-11-07 20:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 18:51 . 2008-11-07 20:06 <REP> d-------- c:\program files\Uniblue
2008-11-07 18:51 . 2008-11-07 20:06 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Uniblue
2008-11-07 18:51 . 2008-11-07 18:51 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-05 23:29 . 2008-11-05 23:29 <REP> d-------- c:\windows\Sun
2008-11-04 20:17 . 2008-11-15 10:43 <REP> d-------- c:\documents and settings\Mehdi\Application Data\LimeWire
2008-11-04 20:16 . 2008-11-04 20:30 <REP> d-------- c:\program files\Java
2008-11-04 20:16 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-04 20:15 . 2008-11-04 20:16 <REP> d-------- c:\program files\LimeWire
2008-11-04 20:15 . 2008-11-04 20:15 <REP> d-------- c:\program files\Fichiers communs\Java
2008-11-03 19:43 . 2008-11-03 19:43 <REP> d-------- c:\program files\Teamspeak2_RC2
2008-11-03 19:43 . 2008-11-27 16:25 <REP> d-------- c:\documents and settings\Mehdi\Application Data\teamspeak2
2008-11-03 19:43 . 2008-11-03 19:43 34,064 --a------ c:\windows\system32\lhacm.acm
2008-11-03 17:38 . 2008-11-08 07:20 3,162,278 --------- c:\windows\{00000001-00000000-00000000-00001102-00000004-00531102}.BAK
2008-11-03 17:14 . 2008-11-03 17:14 <REP> d-------- c:\program files\CCleaner
2008-11-01 20:41 . 2008-11-01 20:41 <REP> d-------- C:\games
2008-11-01 00:37 . 2008-11-01 00:37 <REP> d-------- c:\documents and settings\kidsadmin\Application Data\ESET
2008-11-01 00:37 . 2008-11-01 00:37 <REP> d-------- c:\documents and settings\kidsadmin\Application Data\3M
2008-11-01 00:36 . 2008-10-13 08:03 <REP> d--h----- c:\documents and settings\kidsadmin\Voisinage réseau
2008-11-01 00:36 . 2008-10-13 08:03 <REP> d--h----- c:\documents and settings\kidsadmin\Voisinage d'impression
2008-11-01 00:36 . 2008-10-13 13:09 <REP> d--h----- c:\documents and settings\kidsadmin\Modèles
2008-11-01 00:36 . 2008-11-01 00:36 <REP> dr------- c:\documents and settings\kidsadmin\Mes documents
2008-11-01 00:36 . 2008-10-13 08:03 <REP> dr------- c:\documents and settings\kidsadmin\Menu Démarrer
2008-11-01 00:36 . 2008-11-01 00:36 <REP> dr------- c:\documents and settings\kidsadmin\Favoris
2008-11-01 00:36 . 2008-10-13 08:03 <REP> d-------- c:\documents and settings\kidsadmin\Bureau
2008-11-01 00:36 . 2008-11-01 00:36 <REP> d-------- c:\documents and settings\kidsadmin
2008-11-01 00:32 . 2004-08-10 05:00 413,696 --a------ c:\windows\system32\~GLH0015.TMP
2008-11-01 00:32 . 2000-05-21 17:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2008-11-01 00:32 . 1998-06-17 19:00 2,496 --a------ c:\windows\system32\Msflxgrd.dep
2008-11-01 00:32 . 1998-06-25 19:00 2,496 --a------ c:\windows\system32\mscomct2.dep
2008-10-30 17:26 . 2008-10-30 17:26 <REP> d-------- c:\program files\QuickTime
2008-10-30 17:26 . 2008-10-30 17:26 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-30 17:26 . 2008-10-30 17:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:25 . 2008-10-30 17:25 <REP> d-------- c:\program files\Apple Software Update
2008-10-30 17:25 . 2008-10-30 17:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 17:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 00:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 15:42 --------- d-----w c:\documents and settings\Mehdi\Application Data\Creative
2008-11-14 03:04 --------- d-----w c:\documents and settings\Mehdi\Application Data\Canon
2008-11-09 17:53 --------- d-----w c:\program files\Creative
2008-11-04 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-02 17:49 --------- d-----w c:\documents and settings\Mehdi\Application Data\Skype
2008-11-02 15:55 --------- d-----w c:\documents and settings\Mehdi\Application Data\skypePM
2008-10-26 15:21 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-20 20:55 --------- d-----w c:\program files\News Screensaver
2008-10-20 20:51 --------- d-----w c:\program files\Nature 3D Screensaver
2008-10-19 22:14 --------- d-----w c:\documents and settings\Mehdi\Application Data\ArcSoft
2008-10-19 03:08 --------- d-----w c:\documents and settings\Mehdi\Application Data\uTorrent
2008-10-19 02:49 --------- d-----w c:\program files\ABBYY PDF Transformer 2.0
2008-10-19 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2008-10-19 02:42 --------- d-----w c:\program files\ABBYY PDF Transformer 1.0
2008-10-19 02:40 --------- d-----w c:\program files\uTorrent
2008-10-18 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-10-18 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-10-18 15:00 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-10-18 14:54 --------- d-----w c:\program files\Zune
2008-10-18 14:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-10-18 14:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-10-18 11:12 --------- d-----w c:\documents and settings\Mehdi\Application Data\3M
2008-10-18 03:18 --------- d-----w c:\program files\topdownloads
2008-10-18 03:13 --------- d-----w c:\program files\LockFolder
2008-10-18 03:11 --------- d-----w c:\program files\Everstrike Software
2008-10-17 15:59 --------- d-----w c:\program files\3M
2008-10-17 04:39 --------- d-----w c:\program files\Fichiers communs\Everstrike Software
2008-10-17 04:37 --------- d-----w c:\program files\TechSmith
2008-10-17 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-10-17 04:36 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-15 05:01 --------- d-----w c:\program files\MSXML 4.0
2008-10-14 22:39 --------- d-----w c:\program files\Skype
2008-10-14 22:39 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-14 22:39 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-14 20:47 --------- d-----w c:\program files\Ventrilo
2008-10-14 20:47 --------- d-----w c:\documents and settings\Mehdi\Application Data\Ventrilo
2008-10-14 15:04 --------- d-----w c:\program files\Hewlett-Packard
2008-10-14 15:03 --------- d--h--w c:\program files\Zenographics
2008-10-14 14:58 --------- d-----w c:\program files\Canon
2008-10-14 14:56 --------- d-----w c:\program files\ArcSoft
2008-10-14 02:25 --------- d-----w c:\documents and settings\Mehdi\Application Data\Winamp
2008-10-14 00:40 --------- d-----w c:\documents and settings\Mehdi\Application Data\Nero
2008-10-14 00:39 --------- d-----w c:\program files\Fichiers communs\Nero
2008-10-14 00:38 --------- d-----w c:\program files\Nero
2008-10-14 00:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-14 00:25 --------- d-----w c:\program files\Windows Live
2008-10-14 00:24 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-10-14 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-14 00:16 --------- d-----w c:\program files\Winamp
2008-10-13 22:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\ESET
2008-10-13 21:48 --------- d-----w c:\program files\Common Files
2008-10-13 21:46 --------- d--h--w c:\documents and settings\Mehdi\Application Data\ijjigame
2008-10-13 21:37 --------- d-----w c:\program files\NHN USA
2008-10-13 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-13 21:28 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-13 21:28 --------- d-----w c:\program files\Fichiers communs\Corel
2008-10-13 21:28 --------- d-----w c:\program files\Corel
2008-10-13 21:28 --------- d-----w c:\documents and settings\Mehdi\Application Data\Corel
2008-10-13 21:26 --------- d-----w c:\program files\ASUS
2008-10-13 21:03 --------- d-----w c:\documents and settings\Mehdi\Application Data\ESET
2008-10-13 21:02 --------- d-----w c:\program files\ESET
2008-10-13 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-13 20:48 --------- d-----w c:\program files\Microsoft Works
2008-10-13 20:47 --------- d-----w c:\program files\Microsoft.NET
2008-10-13 20:45 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-13 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-13 20:41 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-10-13 20:41 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-13 20:22 --------- d-----w c:\program files\Reference Assemblies
2008-10-13 20:22 --------- d-----w c:\program files\MSBuild
2008-10-13 20:20 --------- d-----w c:\program files\MSXML 6.0
2008-10-13 20:14 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-13 19:49 --------- d-----w c:\program files\Intel
2008-10-13 18:12 --------- d-----w c:\program files\microsoft frontpage
2008-10-13 18:09 --------- d-----w c:\program files\Services en ligne
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TCTray"="c:\program files\Computer Business Solutions\Time Control\TCTray.exe" [2007-03-14 128632]
"drkly16j"="drkly16j.dll" [2004-08-19 c:\windows\system32\drkly16j.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Post-it© Software Notes Lite.lnk - c:\program files\3M\PSN2Lite\Psn2Lite.exe [2002-01-24 520192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KWNTA]
2004-08-19 15:09 288376 c:\windows\system32\ickgw32i.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ickgw32i
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-10-16 06:20 2321600 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 18:10 1688872 c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 17:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2005-03-18 18:17 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 11:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
--a------ 2006-10-13 17:04 994096 c:\windows\vVX6000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 17:46 160160 c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drkly16j]
--a------ 2004-08-19 15:09 288376 c:\windows\system32\drkly16j.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
R2 LF30FS;LF30FS;\??\c:\program files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [2004-11-19 101488]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-30 24652]
R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2008-10-13 29696]
R3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys []
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2006-06-29 2383152]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2001-08-28 3584]
S4 hpt3xx;hpt3xx; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b310da-9f64-11dd-933b-001d607ba4fb}]
\Shell\Auto\command - ServerNet.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\gj15o5ri.default\
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 17:08:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\Msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\progra~1\3M\PSN2Lite\PSNGive.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Heure de fin: 2008-11-28 17:09:29 - La machine a redémarré [Mehdi]
ComboFix-quarantined-files.txt 2008-11-28 22:09:27
Avant-CF: 74 271 993 856 octets libres
Après-CF: 74,278,862,848 octets libres
361 --- E O F --- 2008-11-04 12:46:07
____________-
Merci beaucoup
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1783 [GMT -5:00]
Lancé depuis: c:\documents and settings\Mehdi\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\MPG4c32.dll
D:\WinRAR.exe
.
---- Previous Run -------
.
c:\program files\Common\helper.sig
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.
2008-11-28 16:23 . 2008-11-28 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\IJJIGame
2008-11-28 13:14 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH001c.TMP
2008-11-28 13:14 . 2004-10-18 14:22 352,256 --a------ c:\windows\esellerateengine.dll
2008-11-28 13:11 . 2008-11-28 13:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Computer Business Solutions
2008-11-28 13:10 . 2008-11-28 13:10 <REP> d-------- c:\program files\Computer Business Solutions
2008-11-28 13:10 . 2007-02-14 01:26 749,568 --a------ c:\windows\system32\wodSmtp.dll
2008-11-28 13:10 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH001b.TMP
2008-11-28 13:10 . 2007-01-22 22:46 42,616 --a------ c:\windows\system32\kwmain.exe
2008-11-28 13:07 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH001a.TMP
2008-11-28 13:02 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0019.TMP
2008-11-28 12:46 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0018.TMP
2008-11-28 12:18 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0017.TMP
2008-11-23 12:43 . 2004-08-19 16:09 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-23 12:43 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-21 17:58 . 2008-11-21 17:58 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 17:58 . 2008-11-21 17:58 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Malwarebytes
2008-11-21 17:58 . 2008-11-21 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 17:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 17:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 07:19 . 2008-11-21 07:35 <REP> d-------- c:\program files\Absolute Sound Recorder
2008-11-19 20:59 . 2008-11-19 20:59 <REP> d-------- c:\documents and settings\Mehdi\Application Data\dvdcss
2008-11-19 19:08 . 2008-11-19 19:08 <REP> d-------- c:\program files\Trend Micro
2008-11-18 19:39 . 2008-11-18 19:39 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Media Player Classic
2008-11-18 19:38 . 2008-09-19 16:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-18 19:38 . 2008-09-24 13:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-11-18 19:38 . 2008-01-10 07:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-18 19:38 . 2007-09-04 11:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-18 19:38 . 2008-01-10 07:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-18 19:38 . 2007-09-20 19:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-11-18 19:38 . 2008-09-25 03:03 81,920 --a------ c:\windows\system32\dpl100.dll
2008-11-18 19:38 . 2008-10-03 07:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-18 19:38 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini
2008-11-18 19:37 . 2008-11-18 19:38 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-18 19:37 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\divx.dll
2008-11-18 19:37 . 2008-11-02 09:02 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-18 19:37 . 2007-07-10 11:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-18 19:31 . 2008-11-18 19:34 6,615,212 --a------ C:\video.mp4.AVI
2008-11-18 19:30 . 2008-11-18 19:24 <REP> d-------- c:\program files\AviSynth 2.5
2008-11-18 19:30 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll
2008-11-18 19:30 . 2006-10-07 17:43 502,784 --a------ c:\windows\x2.64.exe
2008-11-18 19:30 . 2007-05-14 15:24 394,240 --a------ c:\windows\system32\Smab.dll
2008-11-18 19:30 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll
2008-11-18 19:30 . 2005-02-28 13:16 240,128 --a------ c:\windows\system32\x.264.exe
2008-11-18 19:30 . 2004-01-25 11:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-18 19:30 . 2006-04-12 09:47 217,073 --a------ c:\windows\meta4.exe
2008-11-18 19:30 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2008-11-18 19:30 . 2006-04-05 08:09 66,560 --a------ c:\windows\MOTA113.exe
2008-11-18 19:30 . 2005-07-14 12:31 27,648 --a------ c:\windows\system32\AVSredirect.dll
2008-11-18 19:29 . 2005-02-12 17:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax
2008-11-18 19:29 . 2006-03-10 15:48 169,472 -r-hs---- c:\windows\system32\MatroskaDX.ax
2008-11-18 19:29 . 2006-05-03 04:06 163,328 -r-hs---- c:\windows\system32\flvDX.dll
2008-11-18 19:29 . 2005-11-25 14:46 161,792 -r-hs---- c:\windows\system32\RealMediaDX.ax
2008-11-18 19:29 . 2005-02-05 17:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax
2008-11-18 19:29 . 2005-02-12 17:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax
2008-11-18 19:29 . 2003-11-20 17:00 54,784 -r-hs---- c:\windows\system32\RLAPEDec.ax
2008-11-18 19:29 . 2005-02-12 17:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax
2008-11-18 19:29 . 2004-04-26 17:00 37,888 -r-hs---- c:\windows\system32\RLMPCDec.ax
2008-11-18 19:29 . 2007-02-21 05:47 31,232 -r-hs---- c:\windows\system32\msfDX.dll
2008-11-18 19:28 . 2006-09-12 05:46 227,328 -r-hs---- c:\windows\system32\ac3DX.ax
2008-11-18 19:28 . 2005-01-17 17:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax
2008-11-18 19:28 . 2006-08-16 08:53 175,104 -r-hs---- c:\windows\system32\CoreAAC.ax
2008-11-18 19:28 . 2006-01-12 17:23 123,904 -r-hs---- c:\windows\system32\AVCDX.ax
2008-11-18 19:28 . 2005-02-22 10:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax
2008-11-18 19:28 . 2007-07-03 00:59 9,292 ---h----- c:\windows\super.chm
2008-11-18 19:24 . 2008-11-18 19:24 <REP> d-------- c:\program files\eRightSoft
2008-11-18 19:22 . 2008-11-18 19:22 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Publish Providers
2008-11-18 19:19 . 2008-11-18 19:22 156 --a------ c:\windows\Twunk001.MTX
2008-11-18 19:19 . 2008-11-18 19:22 2 --a------ c:\windows\Twain001.Mtx
2008-11-18 19:19 . 2008-11-18 19:19 0 --a------ c:\windows\Twunk002.MTX
2008-11-18 19:18 . 2008-11-18 19:18 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Sony
2008-11-18 19:17 . 2008-11-18 19:17 <REP> d-------- c:\program files\Vstplugins
2008-11-18 19:17 . 2008-11-18 19:17 <REP> d-------- c:\program files\Sony
2008-11-18 19:17 . 2008-11-18 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-18 18:52 . 2008-11-18 18:52 <REP> d-------- c:\program files\Sony Setup
2008-11-18 18:06 . 2008-11-18 18:06 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Apple Computer
2008-11-17 17:28 . 2008-11-17 17:28 <REP> d-------- c:\program files\Audacity
2008-11-16 12:31 . 2004-08-10 06:00 413,696 --a------ c:\windows\system32\~GLH0016.TMP
2008-11-14 22:01 . 2008-11-19 20:32 230,424 --a------ C:\DC6810xp-001.raw
2008-11-14 21:45 . 2008-11-14 21:55 <REP> d-------- c:\program files\Microsoft LifeCam
2008-11-10 20:30 . 2008-11-10 21:25 <REP> d-------- c:\documents and settings\Mehdi\Application Data\vlc
2008-11-09 13:10 . 2008-11-09 13:10 134 --a------ C:\CTMeasureTiming.ini
2008-11-09 12:53 . 1999-10-10 12:00 41,984 --------- c:\windows\Ctregrun.exe
2008-11-09 12:51 . 2008-11-09 12:51 <REP> d-------- c:\program files\Fichiers communs\Creative
2008-11-09 12:51 . 2008-11-09 12:51 <REP> d--h----- c:\program files\Creative Installation Information
2008-11-09 12:51 . 1999-12-12 12:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-11-09 12:51 . 1999-11-17 12:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-11-09 12:42 . 2008-11-09 12:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-11-09 08:58 . 2008-11-28 16:44 <REP> d-------- c:\program files\Common
2008-11-07 20:06 . 2008-11-07 20:06 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-07 18:59 . 2008-11-07 19:45 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-07 18:59 . 2008-11-07 20:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 18:51 . 2008-11-07 20:06 <REP> d-------- c:\program files\Uniblue
2008-11-07 18:51 . 2008-11-07 20:06 <REP> d-------- c:\documents and settings\Mehdi\Application Data\Uniblue
2008-11-07 18:51 . 2008-11-07 18:51 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-05 23:29 . 2008-11-05 23:29 <REP> d-------- c:\windows\Sun
2008-11-04 20:17 . 2008-11-15 10:43 <REP> d-------- c:\documents and settings\Mehdi\Application Data\LimeWire
2008-11-04 20:16 . 2008-11-04 20:30 <REP> d-------- c:\program files\Java
2008-11-04 20:16 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-04 20:15 . 2008-11-04 20:16 <REP> d-------- c:\program files\LimeWire
2008-11-04 20:15 . 2008-11-04 20:15 <REP> d-------- c:\program files\Fichiers communs\Java
2008-11-03 19:43 . 2008-11-03 19:43 <REP> d-------- c:\program files\Teamspeak2_RC2
2008-11-03 19:43 . 2008-11-27 16:25 <REP> d-------- c:\documents and settings\Mehdi\Application Data\teamspeak2
2008-11-03 19:43 . 2008-11-03 19:43 34,064 --a------ c:\windows\system32\lhacm.acm
2008-11-03 17:38 . 2008-11-08 07:20 3,162,278 --------- c:\windows\{00000001-00000000-00000000-00001102-00000004-00531102}.BAK
2008-11-03 17:14 . 2008-11-03 17:14 <REP> d-------- c:\program files\CCleaner
2008-11-01 20:41 . 2008-11-01 20:41 <REP> d-------- C:\games
2008-11-01 00:37 . 2008-11-01 00:37 <REP> d-------- c:\documents and settings\kidsadmin\Application Data\ESET
2008-11-01 00:37 . 2008-11-01 00:37 <REP> d-------- c:\documents and settings\kidsadmin\Application Data\3M
2008-11-01 00:36 . 2008-10-13 08:03 <REP> d--h----- c:\documents and settings\kidsadmin\Voisinage réseau
2008-11-01 00:36 . 2008-10-13 08:03 <REP> d--h----- c:\documents and settings\kidsadmin\Voisinage d'impression
2008-11-01 00:36 . 2008-10-13 13:09 <REP> d--h----- c:\documents and settings\kidsadmin\Modèles
2008-11-01 00:36 . 2008-11-01 00:36 <REP> dr------- c:\documents and settings\kidsadmin\Mes documents
2008-11-01 00:36 . 2008-10-13 08:03 <REP> dr------- c:\documents and settings\kidsadmin\Menu Démarrer
2008-11-01 00:36 . 2008-11-01 00:36 <REP> dr------- c:\documents and settings\kidsadmin\Favoris
2008-11-01 00:36 . 2008-10-13 08:03 <REP> d-------- c:\documents and settings\kidsadmin\Bureau
2008-11-01 00:36 . 2008-11-01 00:36 <REP> d-------- c:\documents and settings\kidsadmin
2008-11-01 00:32 . 2004-08-10 05:00 413,696 --a------ c:\windows\system32\~GLH0015.TMP
2008-11-01 00:32 . 2000-05-21 17:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2008-11-01 00:32 . 1998-06-17 19:00 2,496 --a------ c:\windows\system32\Msflxgrd.dep
2008-11-01 00:32 . 1998-06-25 19:00 2,496 --a------ c:\windows\system32\mscomct2.dep
2008-10-30 17:26 . 2008-10-30 17:26 <REP> d-------- c:\program files\QuickTime
2008-10-30 17:26 . 2008-10-30 17:26 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-30 17:26 . 2008-10-30 17:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 17:25 . 2008-10-30 17:25 <REP> d-------- c:\program files\Apple Software Update
2008-10-30 17:25 . 2008-10-30 17:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 17:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 00:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 15:42 --------- d-----w c:\documents and settings\Mehdi\Application Data\Creative
2008-11-14 03:04 --------- d-----w c:\documents and settings\Mehdi\Application Data\Canon
2008-11-09 17:53 --------- d-----w c:\program files\Creative
2008-11-04 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-02 17:49 --------- d-----w c:\documents and settings\Mehdi\Application Data\Skype
2008-11-02 15:55 --------- d-----w c:\documents and settings\Mehdi\Application Data\skypePM
2008-10-26 15:21 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-20 20:55 --------- d-----w c:\program files\News Screensaver
2008-10-20 20:51 --------- d-----w c:\program files\Nature 3D Screensaver
2008-10-19 22:14 --------- d-----w c:\documents and settings\Mehdi\Application Data\ArcSoft
2008-10-19 03:08 --------- d-----w c:\documents and settings\Mehdi\Application Data\uTorrent
2008-10-19 02:49 --------- d-----w c:\program files\ABBYY PDF Transformer 2.0
2008-10-19 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2008-10-19 02:42 --------- d-----w c:\program files\ABBYY PDF Transformer 1.0
2008-10-19 02:40 --------- d-----w c:\program files\uTorrent
2008-10-18 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-10-18 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-10-18 15:00 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-10-18 14:54 --------- d-----w c:\program files\Zune
2008-10-18 14:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-10-18 14:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-10-18 11:12 --------- d-----w c:\documents and settings\Mehdi\Application Data\3M
2008-10-18 03:18 --------- d-----w c:\program files\topdownloads
2008-10-18 03:13 --------- d-----w c:\program files\LockFolder
2008-10-18 03:11 --------- d-----w c:\program files\Everstrike Software
2008-10-17 15:59 --------- d-----w c:\program files\3M
2008-10-17 04:39 --------- d-----w c:\program files\Fichiers communs\Everstrike Software
2008-10-17 04:37 --------- d-----w c:\program files\TechSmith
2008-10-17 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-10-17 04:36 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-15 05:01 --------- d-----w c:\program files\MSXML 4.0
2008-10-14 22:39 --------- d-----w c:\program files\Skype
2008-10-14 22:39 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-14 22:39 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-14 20:47 --------- d-----w c:\program files\Ventrilo
2008-10-14 20:47 --------- d-----w c:\documents and settings\Mehdi\Application Data\Ventrilo
2008-10-14 15:04 --------- d-----w c:\program files\Hewlett-Packard
2008-10-14 15:03 --------- d--h--w c:\program files\Zenographics
2008-10-14 14:58 --------- d-----w c:\program files\Canon
2008-10-14 14:56 --------- d-----w c:\program files\ArcSoft
2008-10-14 02:25 --------- d-----w c:\documents and settings\Mehdi\Application Data\Winamp
2008-10-14 00:40 --------- d-----w c:\documents and settings\Mehdi\Application Data\Nero
2008-10-14 00:39 --------- d-----w c:\program files\Fichiers communs\Nero
2008-10-14 00:38 --------- d-----w c:\program files\Nero
2008-10-14 00:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-14 00:25 --------- d-----w c:\program files\Windows Live
2008-10-14 00:24 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-10-14 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-14 00:16 --------- d-----w c:\program files\Winamp
2008-10-13 22:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\ESET
2008-10-13 21:48 --------- d-----w c:\program files\Common Files
2008-10-13 21:46 --------- d--h--w c:\documents and settings\Mehdi\Application Data\ijjigame
2008-10-13 21:37 --------- d-----w c:\program files\NHN USA
2008-10-13 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-13 21:28 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-13 21:28 --------- d-----w c:\program files\Fichiers communs\Corel
2008-10-13 21:28 --------- d-----w c:\program files\Corel
2008-10-13 21:28 --------- d-----w c:\documents and settings\Mehdi\Application Data\Corel
2008-10-13 21:26 --------- d-----w c:\program files\ASUS
2008-10-13 21:03 --------- d-----w c:\documents and settings\Mehdi\Application Data\ESET
2008-10-13 21:02 --------- d-----w c:\program files\ESET
2008-10-13 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-13 20:48 --------- d-----w c:\program files\Microsoft Works
2008-10-13 20:47 --------- d-----w c:\program files\Microsoft.NET
2008-10-13 20:45 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-13 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-13 20:41 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-10-13 20:41 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-13 20:22 --------- d-----w c:\program files\Reference Assemblies
2008-10-13 20:22 --------- d-----w c:\program files\MSBuild
2008-10-13 20:20 --------- d-----w c:\program files\MSXML 6.0
2008-10-13 20:14 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-13 19:49 --------- d-----w c:\program files\Intel
2008-10-13 18:12 --------- d-----w c:\program files\microsoft frontpage
2008-10-13 18:09 --------- d-----w c:\program files\Services en ligne
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TCTray"="c:\program files\Computer Business Solutions\Time Control\TCTray.exe" [2007-03-14 128632]
"drkly16j"="drkly16j.dll" [2004-08-19 c:\windows\system32\drkly16j.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Post-it© Software Notes Lite.lnk - c:\program files\3M\PSN2Lite\Psn2Lite.exe [2002-01-24 520192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KWNTA]
2004-08-19 15:09 288376 c:\windows\system32\ickgw32i.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ickgw32i
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-10-16 06:20 2321600 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 18:10 1688872 c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 17:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2005-03-18 18:17 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 11:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
--a------ 2006-10-13 17:04 994096 c:\windows\vVX6000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 17:46 160160 c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drkly16j]
--a------ 2004-08-19 15:09 288376 c:\windows\system32\drkly16j.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
R2 LF30FS;LF30FS;\??\c:\program files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [2004-11-19 101488]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-30 24652]
R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2008-10-13 29696]
R3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys []
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2006-06-29 2383152]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2001-08-28 3584]
S4 hpt3xx;hpt3xx; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b310da-9f64-11dd-933b-001d607ba4fb}]
\Shell\Auto\command - ServerNet.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\gj15o5ri.default\
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 17:08:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\Msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\progra~1\3M\PSN2Lite\PSNGive.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Heure de fin: 2008-11-28 17:09:29 - La machine a redémarré [Mehdi]
ComboFix-quarantined-files.txt 2008-11-28 22:09:27
Avant-CF: 74 271 993 856 octets libres
Après-CF: 74,278,862,848 octets libres
361 --- E O F --- 2008-11-04 12:46:07
____________-
Merci beaucoup
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
29 nov. 2008 à 21:30
29 nov. 2008 à 21:30
Salut
comment se comporte ton pc depuis ?
++
;-)
comment se comporte ton pc depuis ?
++
;-)
revolt98
Messages postés
6
Date d'inscription
lundi 22 septembre 2008
Statut
Membre
Dernière intervention
30 novembre 2008
30 nov. 2008 à 04:27
30 nov. 2008 à 04:27
Bref.... je crois qu'il se comporte beaucoup mieux cependant , il y a encore quelques redémarrages inatendus ... bref je crois que je vais me contenter de cela !
Merci pour ton aide ... je ne sais de quelle facon de remercier
Merci pour ton aide ... je ne sais de quelle facon de remercier
20 nov. 2008 à 01:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:35, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Computer Business Solutions\Time Control\TCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Downloaded Program Files\PurpleBean.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TCTray] C:\Program Files\Computer Business Solutions\Time Control\TCTray.exe
O4 - HKLM\..\Run: [drkly16j] rundll32.exe drkly16j.dll,ServiceCheck
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-602162358-1417001333-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ammar')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {565973a7-6ad0-4ca8-99d6-405efff000d0} - (no file)
O20 - Winlogon Notify: KWNTA - C:\WINDOWS\SYSTEM32\ICKGW32I.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://4.bp.blogspot.com/...