Aller au contenu

darthsilver

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    20

  • Inscription

  • Dernière visite

darthsilver's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. darthsilver
    Et bien, un grand merci pour ton aide, j'ai remarqué que AntiVir ne pompait pas beaucoup de ressource contrairement aux autre, si c'est bien avguard dans le processus c'est acceptable. J'ai jamais eu d'antivirus ni de pare feu d'ailleur parce que ça cause beaucoup trop de probléme avec les jeux en ligne. Et paradoxallement j'ai jamais chopé de virus meme là, on va dire que je l'ai limite fait exprès je savait très bien que les site comme altavista et autre c'est des générateurs de trojan, d'ailleur un moyen simple de le vérifier c'est de taper n'importe quoi dans la recherche il va toujour te trouver un truc à dl avec le nom que ta tapé. Seulement sur le site en question j'avais toujour eu des clef valide jme suis dit que si j'extrait le rar sans executé le contenu il ne pouvait rien m'arriver mais en fait.... Au moin j'aurait appris la procedure à suivre pour se débarrasser d'une infection...
  2. darthsilver
    J'ai fait le hijackthis en sans echec comme un con.... vla le vrai: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:31, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\FRAPS\FRAPS.EXE C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SkillPowered\SkillPowered.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176618024234 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6047 bytes
  3. darthsilver
    Voila le rapport d'antiVir: AntiVir PersonalEdition Classic Report file date: samedi 27 octobre 2007 12:29 Scanning for 904194 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Parmenion Computer name: PARMENION Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:26:14 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 10:26:14 ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:26:14 ANTIVIR3.VDF : 7.0.0.142 3072 Bytes 26/10/2007 10:26:14 AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 27/10/2007 10:26:15 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 27 octobre 2007 12:29 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '33' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '479d139d.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '46f1e446.qua'! C:\Documents and Settings\All Users\Documents\pamela\_aleste.exe [DETECTION] Contains detection pattern of the Windows virus W32/Stanit [iNFO] The file was moved to '478f13c0.qua'! C:\Documents and Settings\Parmenion\Bureau\SDFix\backups\backups.zip [0] Archive type: ZIP --> backups/ntos.exe [DETECTION] Is the Trojan horse TR/Trash.Gen --> backups/win56.tmp.exe [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted) --> backups/win58.tmp.exe [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen --> backups/win5A.tmp.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.PurityScan.EG.7 --> backups/win5D.tmp.exe [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted) --> backups/win5F.tmp.exe [DETECTION] Is the Trojan horse TR/Zlob.CA.78 --> backups/win63.tmp.exe [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1 [iNFO] The file was moved to '478613e6.qua'! C:\Documents and Settings\Parmenion\Bureau\SDFix\backups_old1\Yazzle1162OinAdmin.exe [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EG.8 [iNFO] The file was moved to '479d13e6.qua'! C:\Documents and Settings\Parmenion\Mes documents\windows.xp.activation.crack\WPA_Kill.exe [DETECTION] Is the Trojan horse TR/Tool.Wpakill.F [iNFO] The file was moved to '47641496.qua'! C:\qoobox\Quarantine\catchme2007-10-27_113239.40.zip [0] Archive type: ZIP --> ljjkllm.dll [DETECTION] Is the Trojan horse TR/Dldr.Agent.dlu --> ljjkllm.dll.1 [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '479717bd.qua'! C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\abylylcd.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '479c17be.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\drvrun.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [iNFO] The file was moved to '479917cf.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\iifccab.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '478917c6.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\jkkhfff.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '478e17c8.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkllm.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '478d17c7.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\winzoa32.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [iNFO] The file was moved to '479117c6.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: samedi 27 octobre 2007 12:51 Used time: 22:04 min The scan has been done completely. 5510 Scanning directories 230816 Files were scanned 18 viruses and/or unwanted programs were found 2 Files were classified as suspicious: 0 files were deleted 0 files were repaired 13 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 230798 Files not concerned 2754 Archives were scanned 2 Warnings 0 Notes Et celui d'Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:31, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176618024234 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5228 bytes Ya encore des fichier incfecté d'après toi?
  4. darthsilver
    C'était un keygen d'un site de confiance, apparament il ne l'est plus.... Voila le nouveau rapport de combofix: ComboFix 07-10-26.4 - Parmenion 2007-10-27 12:02:01.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1487 [GMT 2:00] Running from: C:\Documents and Settings\Parmenion\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Parmenion\Bureau\CFScript.txt * Created a new restore point FILE:: C:\tmp03sz.exe C:\WINDOWS\system32\drivers\iteio.sys C:\WINDOWS\system32\drvrun.dll C:\WINDOWS\system32\jkkhfff.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\tmp03sz.exe C:\WINDOWS\system32\drvrun.dll C:\WINDOWS\system32\jkkhfff.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))))))) . 2007-10-27 11:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-27 09:04 <REP> d-------- C:\WINDOWS\ERUNT 2007-10-27 08:48 1,866 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-27 08:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-27 08:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-27 08:47 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-27 08:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-27 08:47 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-26 22:58 <REP> d-------- C:\Program Files\Alwil Software 2007-10-26 22:04 <REP> d-------- C:\Program Files\Trend Micro 2007-10-26 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-26 19:51 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\Sites 2007-10-26 19:51 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\Dynamique 2007-10-26 19:51 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\Classes de site 2007-10-26 19:50 <REP> d-------- C:\Program Files\Visicom Media 2007-10-26 19:50 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\vmntoolbar 2007-10-19 22:41 <REP> d-------- C:\Program Files\Fichiers communs\Futuremark Shared 2007-10-19 19:47 <REP> d-------- C:\Documents and Settings\Parmenion\.DownloadManager 2007-10-19 08:02 <REP> d-------- C:\Program Files\Flagship Studios 2007-10-14 09:15 <REP> d-------- C:\Documents and Settings\Joseph\Application Data\Logitech 2007-10-13 20:06 162,304 --a------ C:\UNWISE.EXE 2007-10-13 10:47 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\InstallShield Installation Information 2007-10-13 10:44 <REP> d-------- C:\Program Files\Unreal Tournament 3 Demo 2007-10-08 20:25 <REP> d-------- C:\Program Files\dBpowerAMP 2007-10-04 15:44 <REP> d-------- C:\Program Files\LiveUpdate 2007-10-04 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-02 17:08 <REP> d-------- C:\WINDOWS\nview 2007-10-02 17:08 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-02 17:07 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-09-30 12:28 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-27 09:52 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Skype 2007-10-27 09:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-27 08:40 --------- d-s---w C:\Program Files\Steam 2007-10-26 18:12 --------- d-----w C:\Program Files\RamBoost XP 2007-10-26 17:28 --------- d-s---w C:\Program Files\eMule 2007-10-23 05:58 --------- d-s---w C:\Program Files\Xfire 2007-10-20 07:30 --------- d-----w C:\Program Files\Winamp 2007-10-19 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-18 20:20 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\IGN_DLM 2007-10-18 18:14 --------- d-----w C:\Program Files\THQ 2007-10-17 07:05 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Xfire 2007-10-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-12 18:27 --------- d-----w C:\Program Files\AGEIA Technologies 2007-10-11 19:02 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\dvdcss 2007-10-11 09:55 27,672 ----a-r C:\WINDOWS\system32\drivers\Entech.sys 2007-10-09 12:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-07 14:42 --------- d-----w C:\Program Files\Electronic Arts 2007-10-07 14:01 --------- d-----w C:\Program Files\DivX 2007-10-06 11:38 --------- d-----w C:\Program Files\SpeedFan 2007-10-02 05:59 22,328 ----a-w C:\Documents and Settings\Parmenion\Application Data\PnkBstrK.sys 2007-09-30 09:56 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Hamachi 2007-09-24 16:12 --------- d-----w C:\Program Files\GameSpy 2007-09-19 17:32 --------- d-----w C:\Program Files\Skype 2007-09-19 17:32 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-09-19 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-15 15:46 --------- d-----w C:\Program Files\MSN Messenger 2007-09-13 16:26 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-08 08:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-09-07 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2007-09-04 12:53 --------- d-----w C:\Program Files\Gabest 2007-09-01 18:56 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\GetRightToGo 2007-09-01 11:12 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Logitech 2007-09-01 11:09 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-09-01 11:09 --------- d-----w C:\Program Files\Logitech 2007-09-01 11:09 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2007-08-30 07:20 --------- d-----w C:\Program Files\AsfTools 3.1 2007-07-10 20:47 1 ----a-w C:\Documents and Settings\Parmenion\SI.bin 2007-05-30 13:26 139 --sh--w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fraps"="C:\FRAPS\FRAPS.EXE" [2007-03-16 05:58] C:\Documents and Settings\Parmenion\Menu Démarrer\Programmes\Démarrage\ Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 15:56:00] Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-03 01:55:24] Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 15:41:00] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 13:09:14] SkillPowered.lnk - C:\Program Files\SkillPowered\SkillPowered.exe [2007-05-06 08:45:16] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abylylcd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\abylylcd.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp] C:\WINDOWS\TEMP\win63.tmp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive] rundll32.exe C:\WINDOWS\system32\drvrun.dll,startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\edcdedyb] rundll32.exe "C:\Program Files\edcdedyb\qbcvyvwn.dll",Init [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fonileba] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fonileba.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nczwhkfy] rundll32.exe "C:\Program Files\nczwhkfy\ruhebyns.dll",Init [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orep] "C:\WINDOWS\system32\SSTEM3~1\notepad.exe" -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] C:\WINDOWS\AdobeR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2] C:\Program Files\SecCenter\scprot4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr] mgrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R1 SSHDRV76;SSHDRV76;\??\C:\WINDOWS\system32\drivers\SSHDRV76.sys R1 SSHDRV85;SSHDRV85;\??\C:\WINDOWS\system32\drivers\SSHDRV85.sys R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys S3 CrystalSysInfo;CrystalSysInfo;\??\C:\Program Files\OCCT\SysInfo.sys S3 iteio;iteio;\??\C:\WINDOWS\system32\drivers\iteio.sys S3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8a6c35d-eff3-11db-b3f8-0007cb0000ff}] Auto\command - AdobeR.exe e AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-10-25 14:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 12:04:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-27 12:04:36 - machine was rebooted . --- E O F --- Je vais installer antivir de suite. EDIT pour ce qui est des symptome a part la fenetre cmd qui s'ouvrait une fraction de seconde yavais rien( pas de d'utilisation d'uc à 100%) bon j'ai plus la fenetre mais l'ideal serait que je retourne un temp sur CS pour voir si j'ai encore des coups de rame.
  5. darthsilver
    Salut, en effet j'ai pas d'anti virus trouvant leur utilité toute relative, j'ai l'hzbitude de me débarrasser de mes problémes avec smitfraudfix, sauf que là.... Voila le rapport de comboFix: ------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------ ComboFix 07-10-26.4 - Parmenion 2007-10-27 11:28:48.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1422 [GMT 2:00] Running from: C:\Documents and Settings\Parmenion\Mes documents\My Completed Downloads\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\abylylcd.dll C:\WINDOWS\system32\drvrunr.dll C:\WINDOWS\system32\drvsirr.dll C:\WINDOWS\system32\iifccab.dll C:\WINDOWS\system32\lidkfqkv C:\WINDOWS\system32\lidkfqkv\bg1.gif C:\WINDOWS\system32\lidkfqkv\bgtop.gif C:\WINDOWS\system32\lidkfqkv\bottom1.gif C:\WINDOWS\system32\lidkfqkv\essentials.gif C:\WINDOWS\system32\lidkfqkv\icon1.ico C:\WINDOWS\system32\lidkfqkv\install1.gif C:\WINDOWS\system32\lidkfqkv\left1.gif C:\WINDOWS\system32\lidkfqkv\li.gif C:\WINDOWS\system32\lidkfqkv\lidkfqkv1.exe C:\WINDOWS\system32\lidkfqkv\lidkfqkv2.exe C:\WINDOWS\system32\lidkfqkv\lidkfqkv3.exe C:\WINDOWS\system32\lidkfqkv\logo.gif C:\WINDOWS\system32\lidkfqkv\main.htm C:\WINDOWS\system32\lidkfqkv\mainframe.htm C:\WINDOWS\system32\lidkfqkv\reinstall1.gif C:\WINDOWS\system32\lidkfqkv\right1.gif C:\WINDOWS\system32\lidkfqkv\s1.htm C:\WINDOWS\system32\lidkfqkv\s2.htm C:\WINDOWS\system32\lidkfqkv\s3.htm C:\WINDOWS\system32\lidkfqkv\SMTop1.gif C:\WINDOWS\system32\lidkfqkv\SMTop2.gif C:\WINDOWS\system32\lidkfqkv\SMTop3.gif C:\WINDOWS\system32\lidkfqkv\SMTop4.gif C:\WINDOWS\system32\lidkfqkv\soft1_off.gif C:\WINDOWS\system32\lidkfqkv\soft1_off_ext.gif C:\WINDOWS\system32\lidkfqkv\soft1_on.gif C:\WINDOWS\system32\lidkfqkv\soft1_on_ext.gif C:\WINDOWS\system32\lidkfqkv\soft2_off.gif C:\WINDOWS\system32\lidkfqkv\soft2_off_ext.gif C:\WINDOWS\system32\lidkfqkv\soft2_on.gif C:\WINDOWS\system32\lidkfqkv\soft2_on_ext.gif C:\WINDOWS\system32\lidkfqkv\soft3_off.gif C:\WINDOWS\system32\lidkfqkv\soft3_off_ext.gif C:\WINDOWS\system32\lidkfqkv\soft3_on.gif C:\WINDOWS\system32\lidkfqkv\soft3_on_ext.gif C:\WINDOWS\system32\lidkfqkv\softbottom_off.gif C:\WINDOWS\system32\lidkfqkv\softbottom_on.gif C:\WINDOWS\system32\lidkfqkv\softleft_off.gif C:\WINDOWS\system32\lidkfqkv\softleft_on.gif C:\WINDOWS\system32\lidkfqkv\top1.gif C:\WINDOWS\system32\lidkfqkv\top2.gif C:\WINDOWS\system32\lidkfqkv\turnoff1.gif C:\WINDOWS\system32\lidkfqkv\turnon1.gif C:\WINDOWS\system32\ljjkllm.dll C:\WINDOWS\system32\sstem3~1 C:\WINDOWS\system32\sstem3~1\s?stem32\ C:\WINDOWS\system32\winzoa32.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))))))) . 2007-10-27 11:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-27 09:04 <REP> d-------- C:\WINDOWS\ERUNT 2007-10-27 08:48 1,866 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-27 08:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-27 08:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-27 08:47 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-27 08:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-27 08:47 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-27 08:40 43,520 --a------ C:\tmp03sz.exe 2007-10-26 22:58 <REP> d-------- C:\Program Files\Alwil Software 2007-10-26 22:57 33,792 --a------ C:\WINDOWS\system32\jkkhfff.dll 2007-10-26 22:04 <REP> d-------- C:\Program Files\Trend Micro 2007-10-26 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-26 19:54 102,912 --a------ C:\WINDOWS\system32\drvrun.dll 2007-10-26 19:51 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\Sites 2007-10-26 19:51 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\Dynamique 2007-10-26 19:51 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\Classes de site 2007-10-26 19:50 <REP> d-------- C:\Program Files\Visicom Media 2007-10-26 19:50 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\vmntoolbar 2007-10-19 22:41 <REP> d-------- C:\Program Files\Fichiers communs\Futuremark Shared 2007-10-19 19:47 <REP> d-------- C:\Documents and Settings\Parmenion\.DownloadManager 2007-10-19 08:02 <REP> d-------- C:\Program Files\Flagship Studios 2007-10-14 09:15 <REP> d-------- C:\Documents and Settings\Joseph\Application Data\Logitech 2007-10-13 20:06 162,304 --a------ C:\UNWISE.EXE 2007-10-13 10:47 <REP> d-------- C:\Documents and Settings\Parmenion\Application Data\InstallShield Installation Information 2007-10-13 10:44 <REP> d-------- C:\Program Files\Unreal Tournament 3 Demo 2007-10-08 20:25 <REP> d-------- C:\Program Files\dBpowerAMP 2007-10-04 15:44 <REP> d-------- C:\Program Files\LiveUpdate 2007-10-04 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-02 17:08 <REP> d-------- C:\WINDOWS\nview 2007-10-02 17:08 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-02 17:07 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-09-30 12:28 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-27 09:14 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Skype 2007-10-27 08:40 --------- d-s---w C:\Program Files\Steam 2007-10-27 08:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-26 18:12 --------- d-----w C:\Program Files\RamBoost XP 2007-10-26 17:28 --------- d-s---w C:\Program Files\eMule 2007-10-23 05:58 --------- d-s---w C:\Program Files\Xfire 2007-10-20 07:30 --------- d-----w C:\Program Files\Winamp 2007-10-19 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-18 20:20 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\IGN_DLM 2007-10-18 18:14 --------- d-----w C:\Program Files\THQ 2007-10-17 07:05 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Xfire 2007-10-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-12 18:27 --------- d-----w C:\Program Files\AGEIA Technologies 2007-10-11 19:02 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\dvdcss 2007-10-11 09:55 27,672 ----a-r C:\WINDOWS\system32\drivers\Entech.sys 2007-10-09 12:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-07 14:42 --------- d-----w C:\Program Files\Electronic Arts 2007-10-07 14:01 --------- d-----w C:\Program Files\DivX 2007-10-06 11:38 --------- d-----w C:\Program Files\SpeedFan 2007-10-02 05:59 22,328 ----a-w C:\Documents and Settings\Parmenion\Application Data\PnkBstrK.sys 2007-09-30 09:56 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Hamachi 2007-09-24 16:12 --------- d-----w C:\Program Files\GameSpy 2007-09-19 17:32 --------- d-----w C:\Program Files\Skype 2007-09-19 17:32 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-09-19 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-15 15:46 --------- d-----w C:\Program Files\MSN Messenger 2007-09-13 16:26 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-08 08:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-09-07 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2007-09-04 12:53 --------- d-----w C:\Program Files\Gabest 2007-09-01 18:56 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\GetRightToGo 2007-09-01 11:12 --------- d-----w C:\Documents and Settings\Parmenion\Application Data\Logitech 2007-09-01 11:09 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-09-01 11:09 --------- d-----w C:\Program Files\Logitech 2007-09-01 11:09 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2007-08-30 07:20 --------- d-----w C:\Program Files\AsfTools 3.1 2007-07-10 20:47 1 ----a-w C:\Documents and Settings\Parmenion\SI.bin 2007-05-30 13:26 139 --sh--w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}] C:\Program Files\Trrrklrq\nxirmnkm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}] C:\Program Files\E404 Helper\e404.v1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fraps"="C:\FRAPS\FRAPS.EXE" [2007-03-16 05:58] C:\Documents and Settings\Parmenion\Menu Démarrer\Programmes\Démarrage\ Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 15:56:00] Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-03 01:55:24] Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 15:41:00] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 13:09:14] SkillPowered.lnk - C:\Program Files\SkillPowered\SkillPowered.exe [2007-05-06 08:45:16] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abylylcd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\abylylcd.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp] C:\WINDOWS\TEMP\win63.tmp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive] rundll32.exe C:\WINDOWS\system32\drvrun.dll,startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\edcdedyb] rundll32.exe "C:\Program Files\edcdedyb\qbcvyvwn.dll",Init [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fonileba] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fonileba.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nczwhkfy] rundll32.exe "C:\Program Files\nczwhkfy\ruhebyns.dll",Init [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orep] "C:\WINDOWS\system32\SSTEM3~1\notepad.exe" -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] C:\WINDOWS\AdobeR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2] C:\Program Files\SecCenter\scprot4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr] mgrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R1 SSHDRV76;SSHDRV76;\??\C:\WINDOWS\system32\drivers\SSHDRV76.sys R1 SSHDRV85;SSHDRV85;\??\C:\WINDOWS\system32\drivers\SSHDRV85.sys R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys S3 CrystalSysInfo;CrystalSysInfo;\??\C:\Program Files\OCCT\SysInfo.sys S3 iteio;iteio;\??\C:\WINDOWS\system32\drivers\iteio.sys S3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8a6c35d-eff3-11db-b3f8-0007cb0000ff}] Auto\command - AdobeR.exe e AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-10-25 14:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 11:32:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-27 11:33:11 - machine was rebooted . --- E O F --- ------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------ Et voila le rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:38:52, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SkillPowered\SkillPowered.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Trrrklrq\nxirmnkm.dll (file missing) O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing) O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176618024234 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) -- End of file - 5704 bytes Merci pour ton aide.
  6. darthsilver
    Salut, j'ai un probléme d'infection par un vers ou un troyen je ne sais pas, les seuls symptomes que j'ai vu pour l'instant c'est l'ouverture du fenetre cmd toute seule une fraction de seconde, le fait que je ne puisse pas installer un logiciel comme spybot en mode normal et que en jeu mon PC rame un ptit coup toute les 5 min. J'ai repéré pas mal de merde dans msconfig que j'ai décoché: comme mgrs.exe a2guard abylylcd win63 et d'autre. J'ai aussi fait un smitfraudfix et un SDfix, sur le coup tout disparait en sans echec mais dès que je reviens en normal j'ai encore la fenetre cmd qui s'ouvre ect... je vous poste mon hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:26:27, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SkillPowered\SkillPowered.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Trrrklrq\nxirmnkm.dll (file missing) O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\ljjkllm.dll O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing) O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176618024234 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ljjkllm - C:\WINDOWS\SYSTEM32\ljjkllm.dll O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) -- End of file - 6061 bytes Merci de m'accorder un peu de votre aide
  7. darthsilver
    Désolé de ne pas avoir répondu avant mais mon réseau s'est mis à fonctionner aprés une coupure de courant (si si c'est vrai xD ) mon pére à coupé le courant et quand les PC se sont rallumer j'ai vu que je recevais des paquets je test internet sur l'autre PC et sa marche! Peut etre une intervention divine qui sait? ^^
  8. darthsilver
    UP
  9. darthsilver
    Bon alors j'ai fait le test sur les 2 PC et sa fonctionne je ne perd pas de paquet et mes 2 cartes réseau sont bien installé j'ai pas de point d'exclamation jaune, j'en avais 1 sur mes ports USB mais j'ai réglé le probléme. Et aussi je n'ai pas de pare feu ni d'anti virus, sur mon 1er PC j'ai une NForce 2 et sur l'autre la carte réseau est une realtek. Donc je m'en remet à vous
  10. darthsilver
    Pour les fire wall désactivé je l'ai fait je n'ai pas de pare feu et j'ai viré celui de windows. Sa peux etre le routeur qui fait que sur mon 2éme PC qui n'est pas relié à internet, juste par le cable ethernet, ne recois et n'envoi rien
  11. darthsilver
    Bon alors je viens de faire les manip du lien et le probléme se précise en effet lors du test ping, sur mon PC principal je recois tout les paquet et le meme test sur l'autre tout échoue... je regarde l'état de ma connection au réseau local et je vois que mon PC envoie des paquets mais ne recois rien... Je regarde sur l'autre PC 0 paquet envoyé 0 paquet recu... On dirait qu'il ne détecte meme pas le réseau... Pourtant il est bien branché et réagi quand je débranche le cable mais rien d'autre... Sinon pour la freebox en USB sa marche très bien comme ça et comme je n'ai qu'un port ethernet je n'ai pas envie de racheter une carte réseau alors que je l'ai deja fait plusieurs fois le réseau avec le meme materiel... J'ai une IP fixe aussi, si sa peux venir de là... Franchement j'ai jamais galéré autant d'habitude le logiciel de detection de réseau de windows XP marche très bien et c'est fait en 3s mais là...
  12. darthsilver
    Bonjour, j'ai toujour réussi à faire le réseau (jusqu'ici xD ) avec le meme cable et ça a toujour fonctionné mais depuis que j'ai formater mon autre PC plus moyen... Je vais allé faire un tour sur ton lien.
  13. darthsilver
    Bonjour, j'ai un petit probléme dans la réalisation d'un réseaux pourtant tout simple je souhaite relié 2 PC ayant win XP tout les 2, et partager leur connection internet. Le PC principal est relié à une freebox en USB et les 2 PC sont reliés ensemble par un cable éthernet au niveau de la carte mére. Je vais donc dans panneau de configuration/connexion réseau/créer un résaux domestique , je le fais à partir du PC principal donc je choisi que tous les ordinateurs viennent se connecter sur internet à partir de celui ci, je continue en créant une disquette réseau que je met dans l'autre PC, meme manip en sens inverse, je redemarre et... rien! Pas la moindre trace d'un réseaux et en regardant l'état des connexion local pas le moindre paquet recu .... Que faire? Merci
  14. darthsilver
    Merci à toi mais je viens de faire un point de restauration et sa remarche nickel merci quand même !
  15. darthsilver
    Rectification c'est juste Windows Update qui plante internet exploreur s'ouvre normalement...
×
×
  • Créer...