WHYNOT8661

OK BRUCE ! ENCORE MERCI ET BONNE CONTINUATION !

Je te remercie une nouvelle fois pour tout ce que tu as fait ! Il n'y a plus de problèmes apparents, sauf une petite lenteur par rapport à avant mais qui est sûrement due à l'emmagasinement de tas de petites choses qui s'accumulent avec le temps. Un bon nettoyage serait sûrement necessaire. Dois je conserver tous ce que tu m'as fait télécharger ? dommage que je ne puisse pas linterpréter tout seul tous ces différents rapports, ça me permettrait de me dépanner. Trop de logiciels antisyware et nettoyage ne se mettent ils pas en conflit ? Merci encore et peut être à un de ce sjours. Bonne soirée. Hervé

Excuses moi Bruce, je suis le roi des "C" j'avais pas copier Files to delete !!!!!! Voici le rapport et j'ai vérifier dans "system" les fichiers n'y sont plus ! Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\da^eqlsi ******************* Script file located at: \??\C:\dyoeuauq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Program Files\Fichiers communs\System\bXZI.exe deleted successfully. File C:\Program Files\Fichiers communs\System\ErqTSm.exe deleted successfully. File C:\Program Files\Fichiers communs\System\iTB.exe deleted successfully. File C:\Program Files\Fichiers communs\System\LMPukW.exe deleted successfully. File C:\Program Files\Fichiers communs\System\pUlCP.exe deleted successfully. File C:\Program Files\Fichiers communs\System\vCs.exe deleted successfully. Completed script processing. ******************* Finished! Terminate.

Bonsoir Bruce : Désolé j'ai le même message d'erreur que hier soir ???

Je l'ai refaite à trois reprises et toujours le message "error". Merci Bruce à demain et comme aujourd'hui pas avant 19 ou 20 heures. Bonne soirée

Y a un problème jusqu'au moment ou je clique sur le premier "oui" aprés le feu vert ca va, et aprés j'ai une message "error" qui dit : selected file does not appear to be a valid script

Oui ils sont toujours là de couleur verte !

Bonsoir Bruce, désolé je rentre à peine ! voilà le log Pocket Killbox version 2.0.0.881 Running on Windows XP as Herve(Administrator) was started @ mercredi, janvier 17, 2007, 7:07 PM # 1 [Files to Delete] Path = C:\WINDOWS\SYSTEM32\KDPEO.EXE *This file does not seem to exist # 2 [Files to Delete] Path = C:\WINDOWS\SYSTEM32\KDPEO.EXE *This file does not seem to exist Killbox Closed(Exit) @ 7:11:07 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as Herve(Administrator) was started @ mercredi, janvier 24, 2007, 7:24 PM # 1 [Delete on Reboot] Path = C:\Program Files\Fichiers communs\System\bXZI.exe C:\Program Files\Fichiers communs\System\ErqTSm.exe C:\Program Files\Fichiers communs\System\iTB.exe C:\Program Files\Fichiers communs\System\LMPukW.exe C:\Program Files\Fichiers communs\System\pUlCP.exe C PendingFileRenameOperations Registry Data has been Removed by External Process! @ 7:27:09 PM Killbox Closed(Exit) @ 7:27:29 PM __________________________________________________

Voilà les fichiers qui s'y trouvent ado msadc Ole DB bXZI.exe directdb.dll ErqTSm.exe iTB.exe LMPukW.exe pUlCP.exe vCs.exe wab32.dll wab32res.dll

Aucun de ces fichiers n'est présent !

Voilà Bruce, le même que le précédent, à croire que je ne suis pas infecté ?? Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Program Files\Fichiers communs Trojan.Gromozon does not exist - your system is clean.

Bonjour Bruce ! Voilà tout d'abord ce qui se trouvait dans le cadre lors de l'analyse : Gromozon rootkit component not detected - searching for other components Scanning: C:\Program Files\Fichiers communs Scanning Windows Directory... Scanning Temporary files... Trojan.Gromozon does not exist on the system. Scan finished normally For a detailed log, please refer to \gromozon_removal.log Et voici le log : Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Program Files\Fichiers communs Trojan.Gromozon does not exist - your system is clean. Est-ce que le virus ne peut pas se trouver dans "D" puisque mon disque est partionné ? A la fin on me demande si je veux installer PREVX 1 dois je le faire, n'est ce pas un antivirus qui rissquerait de se mettre en conflit avec le mien ? Merci.

Tiens chez JOTTI ca marché ? File: ddfbaed_s.dll Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 b3267754dfe67617da627347576fb449 Packers detected: - Scan taken on 21 Jan 2007 12:52:28 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing cxarxmdd.dll Status: OK MD5 af6bcf85245bd398c3ac21fbdb13cb60 Packers detected: - Scan taken on 21 Jan 2007 12:47:41 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing

Tiens chez JOTTI ca marché ? File: ddfbaed_s.dll Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 b3267754dfe67617da627347576fb449 Packers detected: - Scan taken on 21 Jan 2007 12:52:28 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing cxarxmdd.dll Status: OK MD5 af6bcf85245bd398c3ac21fbdb13cb60 Packers detected: - Scan taken on 21 Jan 2007 12:47:41 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing

Tu ne te reposes donc jamais ? Voici les rapport : merci ! "Herve" - 07-01-21 12:30:26 Service Pack 2 ComboFix 07-01-21 - Running from: "C:\Documents and Settings\Herve\Bureau" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\Downloaded Program Files\Temp ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\WINDOWS\FNTS~1 C:\qoobox\purity\WINDOWS\SKS~1 C:\qoobox\purity\WINDOWS\SKS~1\??sks ((((((((((((((((((((((((((((((( Files Created from 2006-12-21 to 2007-01-21 )))))))))))))))))))))))))))))))))) 2007-01-19 05:01 <REP> d-------- C:\DOCUME~1\INVIT~1\Application Data\Adobe 2007-01-18 07:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-01-17 19:13 <REP> d-------- C:\WINDOWS\system32\_avast4_ 2007-01-17 19:07 <REP> d-------- C:\!KillBox 2007-01-17 05:16 <REP> d-------- C:\WINDOWS\AU_Temp 2007-01-15 20:32 <REP> d-------- C:\fixwareout 2007-01-13 18:16 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris 2007-01-13 18:16 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Google 2007-01-06 11:27 2,522 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-02 13:39 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-01-02 13:39 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-02 13:39 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-01-02 13:39 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-02 13:39 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-01-02 13:39 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-01-02 13:39 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-01-02 13:26 <REP> d-------- C:\Program Files\AxBx 2007-01-02 13:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft(3) 2007-01-02 12:30 <REP> d-------- C:\DOCUME~1\Herve\Application Data\AVG7 2007-01-02 12:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft(2) 2006-12-23 16:55 <REP> d-------- C:\DOCUME~1\Herve\Application Data\IrfanView 2006-12-23 11:24 <REP> d-------- C:\DOCUME~1\Herve\Application Data\Leadertech 2006-12-23 06:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-21 12:33 -------- d-------- C:\DOCUME~1\Herve\Application Data\openoffice.org2 2007-01-19 18:12 -------- d-------- C:\Program Files\msn messenger 2007-01-18 18:33 -------- d-------- C:\Program Files\lx_cats 2007-01-17 05:16 86094 --a------ C:\WINDOWS\bpmnt.dll 2007-01-17 05:16 1101904 --a------ C:\WINDOWS\vsapi32.dll 2007-01-17 05:15 71749 --a------ C:\WINDOWS\hcextoutput.dll 2007-01-17 05:15 176709 --a------ C:\WINDOWS\tsc.exe 2007-01-17 05:14 69689 --a------ C:\WINDOWS\unzip.dll 2007-01-17 05:14 507904 --a------ C:\WINDOWS\tmupdate.dll 2007-01-17 05:14 286720 --a------ C:\WINDOWS\patch.exe 2007-01-16 21:25 -------- d-------- C:\Program Files\jasc software inc 2007-01-15 20:53 -------- d-------- C:\Program Files\jv16 powertools 2007-01-06 07:02 -------- d-------- C:\Program Files\Fichiers communs\adobe 2007-01-02 13:27 -------- d-------- C:\Program Files\google 2007-01-02 13:26 -------- d-------- C:\Program Files\windows nt 2007-01-02 13:26 -------- d-------- C:\Program Files\picasa2 2007-01-02 13:26 -------- d-------- C:\Program Files\movie maker 2007-01-02 13:26 -------- d-------- C:\Program Files\microsoft intellipoint 2007-01-02 13:26 -------- d-------- C:\Program Files\lexmark 730 series 2007-01-02 13:26 -------- d-------- C:\Program Files\k-lite codec pack 2007-01-02 13:26 -------- d-------- C:\Program Files\incredimail 2007-01-02 13:26 -------- d-------- C:\Program Files\hardwaredetection 2007-01-02 13:26 -------- d-------- C:\Program Files\free.fr 2007-01-02 13:26 -------- d-------- C:\Program Files\eurobarre 2007-01-02 13:26 -------- d-------- C:\Program Files\easyrencontre 2007-01-02 13:26 -------- d-------- C:\Program Files\dvd shrink 2007-01-02 13:26 -------- d-------- C:\Program Files\ccleaner 2007-01-02 13:25 -------- d-------- C:\Program Files\spywareblaster 2007-01-02 13:25 -------- d-------- C:\Program Files\mon argent facile 2007-01-02 13:25 -------- d-------- C:\Program Files\grisoft 2007-01-02 13:25 -------- d-------- C:\Program Files\avisplit 2006-12-19 07:30 -------- d-------- C:\Program Files\estsoft 2006-12-19 07:30 -------- d-------- C:\DOCUME~1\Herve\Application Data\estsoft 2006-12-09 05:51 -------- d-------- C:\DOCUME~1\Herve\Application Data\adobeum 2006-12-09 05:50 -------- d-------- C:\DOCUME~1\Herve\Application Data\adobe 2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-11 06:17 4789792 --a------ C:\picasa2-current.exe 2006-11-11 06:17 4789792 --a------ C:\picasa2-current(2).exe 2006-11-11 05:40 1238220 --a------ C:\notepad_notepad_3.9_francais_9567.exe 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm(3).dll 2006-11-03 06:03 41 --a------ C:\WINDOWS\system32\ddfbaed_s.dll 2006-10-31 06:10 4608 --a------ C:\WINDOWS\system32\cxarxmdd.dll 2006-10-29 17:01 342 --a------ C:\Program Files\regsearch.txt 2006-10-25 17:57 3262369 --a------ C:\Program Files\alzip.exe 2006-10-23 21:50 460392 --a------ C:\incredimail_install.exe 2006-10-23 21:50 460392 --a------ C:\incredimail_install(2).exe 2006-10-23 21:32 6350088 --a------ C:\Thunderbird Setup 1.5.0.7.exe 2006-10-23 21:25 73216 --a------ C:\WINDOWS\st6unst.exe 2006-10-23 21:25 249856 --a------ C:\WINDOWS\setup1.exe 2006-10-23 19:59 460392 --a------ C:\Program Files\incredimail_install.exe 2006-10-23 16:53 9635432 --a------ C:\Program Files\incredimailsetup_fr.exe 2006-10-23 16:18 96768 --a------ C:\WINDOWS\system32\inseng(2).dll 2006-10-23 16:18 663040 --a------ C:\WINDOWS\system32\wininet(5).dll 2006-10-23 16:18 615936 --a------ C:\WINDOWS\system32\urlmon(5).dll 2006-10-23 16:18 55808 --a------ C:\WINDOWS\system32\extmgr(2).dll 2006-10-23 16:18 532480 --a------ C:\WINDOWS\system32\mstime(2).dll 2006-10-23 16:18 474624 --a------ C:\WINDOWS\system32\shlwapi(3).dll 2006-10-23 16:18 448512 --a------ C:\WINDOWS\system32\mshtmled(2).dll 2006-10-23 16:18 39424 --a------ C:\WINDOWS\system32\pngfilt(3).dll 2006-10-23 16:18 357888 --a------ C:\WINDOWS\system32\dxtmsft(3).dll 2006-10-23 16:18 3076096 --a------ C:\WINDOWS\system32\mshtml(2).dll 2006-10-23 16:18 251392 --a------ C:\WINDOWS\system32\iepeers(3).dll 2006-10-23 16:18 205312 --a------ C:\WINDOWS\system32\dxtrans(2).dll 2006-10-23 16:18 16384 --a------ C:\WINDOWS\system32\jsproxy(2).dll 2006-10-23 16:18 152064 --a------ C:\WINDOWS\system32\cdfview(2).dll 2006-10-23 16:18 1495040 --a------ C:\WINDOWS\system32\shdocvw(5).dll 2006-10-23 16:18 146432 --a------ C:\WINDOWS\system32\msrating(3).dll 2006-10-23 16:18 1056768 --a------ C:\WINDOWS\system32\danim(2).dll 2006-10-23 16:18 1023488 --a------ C:\WINDOWS\system32\browseui(2).dll 2006-10-23 12:42 121856 --a------ C:\WINDOWS\system32\xpsp3res(3).dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Acronis Scheduler2 Service"="\"C:\\Program Files\\Fichiers communs\\Acronis\\Schedule2\\schedhlp.exe\"" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\"" "LXCFCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16" "snpstd"="C:\\WINDOWS\\vsnpstd.exe" "Cloneur Expert Monitor"="\"C:\\Program Files\\Micro Application\\Cloneur Expert\\TrueImageMonitor.exe\"" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" "Adobe Photo Downloader"="\"D:\\3.0\\Apps\\apdproxy.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] "location"="Common Startup" "item"="Lancement rapide d'Adobe Reader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ScanPanel.lnk] "location"="Common Startup" "command"="C:\\SCANPA~1\\ScnPanel.exe " "item"="ScanPanel" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Herve^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk] "location"="Startup" "command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE " "item"="OpenOffice.org 2.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgas" "hkey"="HKLM" "command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ewido" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AnyDVD" "hkey"="HKCU" "command"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Ad-Watch" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICEKEYBOARD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OFFICEKB" "hkey"="HKLM" "command"="C:\\Program Files\\Office keyboard utility\\1.2\\OFFICEKB.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kav" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBJ" "hkey"="HKCU" "command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PicasaMediaDetector" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="raid_tool" "hkey"="HKLM" "command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vsnpstd" "hkey"="HKLM" "command"="C:\\WINDOWS\\vsnpstd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleToolbarNotifier" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTTimer" "hkey"="HKLM" "command"="VTTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTtrayp" "hkey"="HKLM" "command"="VTtrayp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ Usnsvc REG_MULTI_SZ usnsvc\ [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35a1b765-5cf6-11db-8bd0-00142aad59a0}] Shell\AutoRun\command G:\LaunchU3.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_LXCFCUSTOMERCONNECT Completion time: 07-01-21 12:38:05

Voilà le rapport ! VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines. Select file : DistributeSSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu: News Hot news in the virus/antivirus sector. Estadisticas Statistics of VirusTotal procesing. Virustotal More info about Virustotal. STATUS: FINISHEDComplete scanning result of "zDFX.exe", received in VirusTotal at 01.21.2007, 02:50:49 (CET). Antivirus Version Update Result AntiVir 7.3.0.26 01.21.2007 no virus found Authentium 4.93.8 01.20.2007 no virus found Avast 4.7.936.0 01.18.2007 no virus found AVG 386 01.21.2007 no virus found BitDefender 7.2 01.21.2007 no virus found CAT-QuickHeal 9.00 01.20.2007 no virus found ClamAV devel-20060426 01.20.2007 no virus found DrWeb 4.33 01.21.2007 no virus found eSafe 7.0.14.0 01.20.2007 no virus found eTrust-InoculateIT 23.73.118 01.20.2007 no virus found eTrust-Vet 30.3.3336 01.19.2007 no virus found Ewido 4.0 01.20.2007 no virus found Fortinet 2.82.0.0 01.20.2007 no virus found F-Prot 3.16f 01.20.2007 no virus found F-Prot4 4.2.1.29 01.21.2007 no virus found Ikarus T3.1.0.27 01.09.2007 no virus found Kaspersky 4.0.2.24 01.21.2007 no virus found McAfee 4943 01.19.2007 no virus found Microsoft 1.1904 01.21.2007 no virus found NOD32v2 1993 01.20.2007 no virus found Norman 5.80.02 01.20.2007 no virus found Panda 9.0.0.4 01.20.2007 no virus found Prevx1 V2 01.21.2007 no virus found Sophos 4.13.0 01.20.2007 no virus found Sunbelt 2.2.907.0 01.12.2007 no virus found TheHacker 6.0.3.151 01.19.2007 no virus found UNA 1.83 01.19.2007 no virus found VBA32 3.11.2 01.20.2007 no virus found VirusBuster 4.3.19:9 01.20.2007 no virus found Aditional Information File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com

Je l'ai déplacé sur le bureau mais impossible de le faire analyser le lien ne s'ouvre pas (sablier bloqué).

Je n'ai pas l'option "débloquer tout" chez unlocker : j'ai soit : aucune action / effacer / renommer ou déplacer ??? laquelle je choisis. D'autre part je ne peux ouvrir "virusscan.jotti : le sablier reste bloqué ;;;;

Voilà le rapport mais j'ai encore du télécharger sur l'ordi de ma fille, impossible sur le mien : Merci ! L2mfix 051206 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Killing 'smss.exe' \SystemRoot\System32\smss.exe (472) Killing 'winlogon.exe' winlogon.exe (552) Killing 'explorer.exe' C:\WINDOWS\Explorer.EXE (1404) Killing 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000000 "InstallNotifyShown"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,f8,59,d6,52,a0,24,02,46,bd,47,b0,84,3f,85,ab,0b,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d0,ef,b4,a1,e6,a3,f7,03,\ 0d,63,82,25,1b,e9,7c,ec,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,90,\ 4b,10,d9,91,b5,07,1a,f5,8b,c9,9f,fb,e0,83,19,18,02,00,00,2e,8d,88,7b,b9,7f,\ 01,f7,37,19,7f,3c,39,a8,36,4f,64,ba,d3,a5,4a,80,4d,9a,aa,d3,12,3b,2d,46,5a,\ 6b,11,e5,49,87,14,56,85,27,a2,76,ff,47,c1,f8,8f,24,e9,3f,ae,3a,74,24,39,ad,\ d3,f0,6b,ea,2e,7d,32,52,31,e4,85,0e,35,58,2b,28,0d,fd,03,30,5b,64,2e,f6,77,\ 76,67,cd,87,5d,31,93,25,d6,d6,38,48,bc,30,2b,7c,b5,0c,70,94,f7,c0,f2,2a,0d,\ a2,11,73,07,07,45,eb,a7,c3,4f,59,da,ff,cd,04,c4,b3,94,e8,55,e9,97,0f,55,a5,\ 10,19,1e,eb,a5,18,9f,a7,c6,2e,c6,d0,7a,46,50,7f,f4,fd,c1,55,2d,19,03,72,2e,\ 6f,62,73,be,e5,ac,88,dc,3e,b3,90,0a,dc,cc,fc,f6,54,ab,10,c4,b1,14,37,06,99,\ d1,07,2c,9a,cc,2f,24,c9,22,26,ce,7b,c4,75,f6,e6,e7,11,b3,0e,ae,14,7f,b5,19,\ bd,d2,24,d5,26,5b,96,63,b0,e2,d7,b0,a0,42,d0,a4,83,ed,8e,ff,a1,e6,91,05,52,\ ae,bb,05,bd,ae,7c,3d,9c,e1,a8,25,50,3e,54,6b,e5,3d,ed,6f,c7,53,4d,56,85,8d,\ e2,c0,ad,31,c0,c8,f2,8e,32,a9,98,e1,da,a8,e6,a4,91,5e,0b,d7,17,64,7b,f5,6d,\ ed,01,7e,14,21,b6,a6,f5,aa,74,0e,1d,da,34,d2,3b,43,63,e8,1f,1c,d7,7c,e6,35,\ 4e,0c,be,a7,b9,da,ef,64,d9,ff,8c,b5,e8,0f,bc,f7,ff,8f,38,86,a2,15,76,03,91,\ cc,3d,eb,1e,11,ec,b9,ba,34,6c,e9,87,aa,62,e9,fa,5a,d1,96,7e,d4,29,0c,a2,70,\ 0b,0e,58,52,ba,9b,d3,96,56,9c,6f,68,d1,68,55,fe,07,ce,3e,8c,7d,a7,04,3b,8a,\ 07,e5,df,15,69,ce,99,86,58,0c,3b,b2,1e,5c,bd,66,9f,10,76,f3,d7,61,6e,77,44,\ 55,d7,a2,4f,d0,ab,d0,48,23,81,9e,35,80,cc,e7,28,0d,f0,b0,c5,53,88,55,45,31,\ 2c,31,73,31,bb,b8,05,6f,d6,6a,f0,57,28,7b,2e,01,fa,9d,0a,d4,0f,13,75,56,a3,\ 94,47,d8,ca,92,78,80,1b,7c,eb,ab,e3,9b,d1,65,d0,65,0b,39,70,6e,db,fd,90,7c,\ 92,c6,d3,94,41,3d,b4,f6,03,6c,0b,fb,da,27,91,ff,82,8c,5d,d5,18,32,cb,e3,cd,\ 15,9e,e9,ef,b3,e0,c0,70,00,59,69,f9,e2,81,9a,5b,48,d9,9a,35,1c,d4,42,53,5c,\ 87,3b,f0,fd,b6,14,00,00,00,0a,71,25,da,4f,9a,ca,bd,d5,00,25,76,ce,6b,93,12,\ 5c,38,aa,32 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (164 bytes security) (deflated 82%) adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Bonjour Bruce : merci pour tes condoléances. Triste journée qui fait malheureusement partie de la vie ! Je n'ai tout d'abord pas pu télécharger Look2Me-Destroyer.exe sur mon PC je l'ai fait sru celui de maille est enregistré sur clé USB mais par la suite sur mon PC je n'ai pu l'ouvrir soit en partant de la clé soit en l'ayant d'abord copier sur disque. Je n'ai pas essayé en mode sans echec mais était-ce utile ? Merci !

Bonjour Bruce ! Pour plus de précision, sur mon ordi, il y a deux sessions : moi et invité (que je peux ouvrir en fermant ma cession, mais dont je ne me sers jamais ). Désolé si aujourd'ui je ne ferais pas ce que tu vas me demander mais je prend un train pour lyon à 07 heures 30 (décés dans la famille) et ne serais de retour qu'à 23 heures ! J'effectuerai donc tes manips soit ce soir tard soit demain. Bonne journée et merci encore ! Hervé

oui, mais j'ai un switch ethernet ou ma fille est branchée ! excuses moi de ne pas avoir répondu plus tôt (problèmes familiaux)

en cliquant droit et en choisissant "unlocker" il m'est dit : " erreur privilèges débogages" ??? désolé

Ca me donne rien, le sablier clignote et c'est tout, même en faisant un clic droit et en cliquant "ouvrir" !

Idem en mode normal, il ne s'ouvre pas !