Aller au contenu

fabou4

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    114

  • Inscription

  • Dernière visite

Tout ce qui a été posté par fabou4

  1. fabou4

    routeur essouflé ?

    fabou4 a répondu à un(e) sujet de fabou4 dans Internet & Réseaux

    version courte (c'est peut-être moins pénible à lire) : Est-il possible qu'un routeur zyxel 300 (4 ports) soit "dérouté", "perturbé", si on lui branche plus d'une vingtaine de PC dont 17 sur UN SEUL port (via un switch) ? est-il capable de gérer ça ? n'hésitez pas à me transmettre vos idées !
  2. fabou4
    bonsoir à tous je travaille dans une école. Notre salle info et ses 17 Pc sont reliés via un switch de la manière suivante: modem --- routeur ---- switch --- 17 pc | | | |-------- PC s de la biblioth è que |-------- Pc d'une autre s alle etc... (routeur zyxel 300 (7 an s d' â ge) qui travaille en 10M (pa s 100!) deux questions : 1) on a une vieille connection (60 k/s ! alors qu'un bâtiment à côté a 800ko/s ...) et lorsque tous les PC sont sur internet, c'est pas rapide (ça je comprends) mais au bout de 3/4h, la connection est perdue et PLUS PERSONNE ne peut se connecter (quand on éteint les pc ça redevient normal en qq minutes) De plus, quand les 17 pc ne marchent pas, les autres bureaux/salles n'ont aucun pb pour naviguer. 2) on a mis une imprimante laser HP P1005 sur le PC01 (qui fait donc office de serveur juste pour l'impression) qu'on a partagée avec les 16 autres PC , tous sur le même switch donc. Pourquoi lorsqu'on imprime un document depuis un des 16PC , ce document met UNE MINUTE, une fois imprimé, pour partir de la file d'impression, et donc pour que le suivant puisse être imprimé ? si vous avez des idées ... MERCI !
  3. fabou4
    Chrifleur, c'était bien ça, j'ai désactivé ce parefeu nvidia et plus de " blue-screen-of-death " pour le scan en ligne, on va laisser tomber, déjà bien content que antivir marche et se mette à jour comme il faut ! merci bcp pour ton aide !!! amicalement;
  4. fabou4
    OK je transmets l'info pour ie6. Merci pour le lien du SP3; ça peut servir !!! Et encore merci pour toute ton aide !!! amicalement;
  5. fabou4
    Oui ! pour Eorezo, c'est réglé. J'ai lancé toutes les mises à jours windows mais bizarement le SP2 n'a pas pu s'installer (je précise que la version de XP est une version légale!) question sécurité, rester au SP1, c'est pas la panacée. mais les autres mises à jours de sécurité sont bien passées. un petit pb subsiste : avant désinfection, lorsque qu'on rentrait dans ie, yavait la page de lo.st qui s'affichait AINSI qu'une alerte de ie pour erreur de script La personne m'a dit que la page lo.st n'était plus là mais que sur certains site, une erreur apparaissait (erreur de ie,erreur de script, j'ai pas pu savoir) je lui ai dit qu'à mon avis, c'était parcequ'il avait une vieille version de IE (ie 6). Donc ça n'a l'air d'avoir aucun rapport avec eorezo. qu'en penses-tu ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:50, on 19/11/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Internet Explorer\iexplore.exe E:\prog\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227010023468 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe Au cas ou tu me demanderais de fixer des lignes (au hasard, o2 avec eorezo...); ce genre de fix est-il obligatoire (je ne suis pas sûr de pouvoir retourner sur le PC avant 2,3 semaines) bon, si vraiment besoin est, je "forcerai" la main (qu'est-ce qui faut pas faire tout de même!) merci;
  6. fabou4
    Aie, je voulais pas te froisser... mais en fait, tu as raison : J'avais écrit que c'est un PC que j'avais acheté. Que j'avais acheté pour qqun !!! Or je n'ai pas l'occasion d'allez souvent chez lui ! donc comme MBAM n'a pas marché quant à la suppression du rogue EoRezo, je me suis dit que plutôt qu'attendre plusieurs jours et t'embêter avec des allez-retour de message à plusieurs JOURS d'intervalles, j'allais essayer de faire avancer le schmilblik tout seul ! (j'ai marqué "t'embêter" car c'est sûr qu'on vous ennuie avec des mauvaises manip stupides ou des incompréhensions de trucs simples, déjà que vous faîtes tous ça BENEVOLEMENT) désolé. ya des fois où on croit bien faire(moi aussi , à mon niveau je rends service à propriétaire du PC) et finalement c'est pas le cas. En tout cas, MERCI BCP pour ton aide, falkra !
  7. fabou4
    ouh là, problème problème ! j'ai bien fixé les lignes qu'il fallait et effacé le dossier bdonline: rien n'a changé - panda bloque - bit defender bloque - kaspersky me refait le coup de la licence périmée ! mais surtout : j'ai eu une erreur windows avec l'ecran bleu de la mort !!!!!!!! (DRIVER irql_not_less_or_equal dans info technique : pb avec NVTCP.SYS) est-ce lié à ma manip ? peut-être le système n'était pas stable avant ? (vu le bazar qu'il y avait...) ça , ça me fait peur ces erreurs là... qu'en penses-tu ?
  8. fabou4
    voici le rapport Ogu ! ///// ST_Fix \\\\\ Debut le 18/11/2008 a 12:50:16,39 Option [2] - Internet Explorer ///// Internet Explorer \\\\\ Valeur de la page de demarrage avant desinfection : http://lo.st# Valeur de la page de demarrage apres desinfection : http://www.google.fr Valeur de la page de Tabs avant desinfection : http://www.lo.st/?tabs Valeur de la page de Tabs apres desinfection : res://ieframe.dll/tabswelcome.htm Fin du Rapport le 18/11/2008 a 12:50:20,53 **************** Fin ****************
  9. fabou4
    bonjour pear j'ai demandé à ma collègue de faire un scan . Quand elle le fera, je te posterai le rapport moi-même merci encore pour ton aide !!! cordialement;
  10. fabou4
    Bonjour falkra voici le rapport MBAM Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1306 Windows 5.1.2600 Service Pack 1 12/11/2008 12:37:14 mbam-log-2008-11-12 (12-37-14).txt Type de recherche: Examen rapide Eléments examinés: 50782 Temps écoulé: 24 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot. cependant malgré le reboot, ça n'a rien effacé. j'ai relancé mbam ; j'ai rebooté ; idem rien n'a changé alors (comme je n'ai pas tjs accès à ce PC) j'ai fait une recherche pour essayer de l'en sortir et je suis tombé sur ST_Fix_Beta.bat de batchman, j'ai lancé et là ça a l'air correct : le detournement est neutralisé. dois-je mettre résolu ? cordialement;
  11. fabou4
    AVIRA save mode Avira AntiVir Personal Report file date: mardi 18 novembre 2008 09:25 Scanning for 1038808 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: AVI Computer name: LUGASSI-PC Version information: BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:29:38 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:56:28 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 01:32:22 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 01:32:22 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 10:49:38 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 16:04:06 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 16:35:16 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 07:43:26 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 11:48:30 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 16:35:14 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 16:35:14 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 16:35:14 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 16:35:14 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 10:49:36 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 16:35:14 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 10:49:34 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18/11/2008 01:32:23 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 18 novembre 2008 09:25 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '72' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Windows_Media_Player_9.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> 9SeriesDefault_.wmz [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: mardi 18 novembre 2008 09:51 Used time: 26:17 Minute(s) The scan has been done completely. 6141 Scanning directories 389406 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 389404 Files not concerned 2359 Archives were scanned 7 Warnings 0 Notes HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:43:54, on 18/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Labtec\Mouse\2.1\moffice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe J:\prog\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- End of file - 9486 bytes
  12. fabou4
    Bon, j'ai dû arrêter le pc et redemarrer (ya pas eu de pb, mais j'étais en train de faire le menage dans les programmes et j'ai eu à redemarrer) et la, je me suis dit : si panda remarche, antivir devrait marcher ! alors j'ai desinstallé-reinstallé antivir et ça marche !!! il s'ouvre et se met à jour normalement seulement maintenant : AUCUN des scanneur en ligne ne marche (panda se bloque à99%, bitdefender ne peut charger la base virale, quant à kaspersky : la licence est PERIMEE !!! sais-tu où l'on peut supprimer cela ? peut-être que lui, il marcherait ... à part ça, le PC marche plutôt bien. Veux-tu un scan ANTIVIR (c'est le seul que je peux faire !!!) ?
  13. fabou4
    chrifleur, je suis en train de constater que j'arrive (enfin) à lancer le scan PANDA, alors qu'avant il se bloquait. je poste le rapport demain matin, quand le scan finira. a+
  14. fabou4
    Search Navipromo version 3.6.9 commencé le 18/11/2008 à 0:37:51,92 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "AVI" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\AVI\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\cecile\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\AVI\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\cecile\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\AVI\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\cecile\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\AVI\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\cecile\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\AVI\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\cecile\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 18/11/2008 à 0:41:09,14 ***
  15. fabou4
    en fait c'est ma clé que j'ai utilisée dans son PC. voici le resultat USBFIX avec SON pc et MA clé je suppose que le fichier uaoaqwc est plus que suspect ... a+ -------------- UsbFix V2.408 --------------- * User : AVI - LUGASSI-PC * Outils mis a jours le 16/11/2008 par Chiquitine29 et Chimay8 * Recherche effectuée à 18:02:53 le 17/11/2008 * Windows Xp - Internet Explorer 6.0.2900.2180 --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\DOCUME~1\AVI\LOCALS~1\Temp\1.tmp\b2e.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe --------------- [ Informations lecteurs ] ---------------- C: - Lecteur fixeJ: - Lecteur amovible --------------- [ Lecteur C ] ---------------- C: - Lecteur fixe +- Listing des fichiers présents : [01/12/2005 09:54][--a------] C:\AUTOEXEC.BAT [01/12/2005 10:17][-rahs----] C:\NTDETECT.COM [12/05/2007 17:22][--a------] C:\reboot.cmd [08/07/2007 20:30][--a------] C:\Windows_Media_Player_9.exe [01/12/2005 10:20][-rahs----] C:\boot.ini [16/11/2008 01:16][--a------] C:\cleannavi.txt [16/11/2008 01:16][--a------] C:\dumpconsole.txt [16/11/2008 01:16][--a------] C:\fixnavi.txt [16/11/2008 01:16][--a------] C:\mbam-log-2008-11-16 (01-02-14).txt [16/11/2008 01:16][--a------] C:\ntbtlog_check.txt [16/11/2008 01:16][--a------] C:\UsbFix.txt [01/12/2005 09:54][--a------] C:\CONFIG.SYS [01/12/2005 09:54][--a------] C:\IO.SYS [01/12/2005 09:54][--a------] C:\MSDOS.SYS [01/12/2005 09:54][--a------] C:\pagefile.sys --------------- [ Lecteur J ] ---------------- J: - Lecteur amovible +- Listing des fichiers présents : --------------- [ Registre / Startup ] ---------------- ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run nTrayFw REG_SZ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe SoundMan REG_SZ SOUNDMAN.EXE ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime DAEMON Tools-1033 REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033 HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" FLMOFFICE4DMOUSE REG_SZ C:\Program Files\Labtec\Mouse\2.1\moffice.exe EoEngine REG_SZ EoSudoku REG_SZ iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background uaoaqwc REG_SZ "c:\documents and settings\avi\local settings\application data\uaoaqwc.exe" uaoaqwc --------------- [ Registre / Mountpoint2 ] ---------------- Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51be59fe-624f-11da-b6a0-806d6172696f}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51be5a04-624f-11da-b6a0-0013d4dec2c7}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ccd394-797d-11db-b98a-0013d4dec2c7}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ccd394-797d-11db-b98a-0013d4dec2c7}\Shell\explore\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ccd394-797d-11db-b98a-0013d4dec2c7}\Shell\open\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcca5f1-92d8-11db-b9c8-0013d4dec2c7}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcca5f1-92d8-11db-b9c8-0013d4dec2c7}\Shell\open\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e788dcb2-116f-11dd-a4af-0013d4dec2c7}\Shell\AutoRun\command --------------- [ Nettoyage des disques ] ---------------- --------------- [ Resumé ] ---------------- -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\ [01/12/2005 09:54][--a------] C:\AUTOEXEC.BAT [01/12/2005 10:17][-rahs----] C:\NTDETECT.COM [12/05/2007 17:22][--a------] C:\reboot.cmd [08/07/2007 20:30][--a------] C:\Windows_Media_Player_9.exe [01/12/2005 10:20][-rahs----] C:\boot.ini --------------- ! Fin du rapport ! ----------------
  16. fabou4
    bonjour chrifleur je pense que mes cles usb sont saines : en effet mon PC à moi n'a pas d'infection (scan de panda hier : ok) Puisqu'il sagissait de desinfecter les CLEs, j'ai préféré executer usbfix sur MON PC avec mes deux cles branchés Faut il aussi que je l'execute sur le PC infecté ? si oui, je charge usbfix direct par ton lien, ou je peux le transmettre par la cle ? (j'ai utilisé mon PC pour cette raison : si les cles etaient infectées, usbfix aurait pu l'etre aussi , tandis que sur le mien ça serait ok... bon calcul ou pas ?) -------------- UsbFix V2.408 --------------- * User : David - POWERMATE-VL5 * Outils mis a jours le 16/11/2008 par Chiquitine29 et Chimay8 * Recherche effectuée à 9:16:00 le 17/11/2008 * Windows Xp - Internet Explorer 6.0.2900.2180 --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\DOCUME~1\David\LOCALS~1\Temp\1.tmp\b2e.exe --------------- [ Informations lecteurs ] ---------------- C: - Lecteur fixe D: - Lecteur de CD-ROM E: - Lecteur fixe F: - Lecteur amovible G: - Lecteur fixe H: - Lecteur fixe I: - Lecteur fixe J: - Lecteur fixe K: - Lecteur fixe L: - Lecteur amovible --------------- [ Lecteur C ] ---------------- C: - Lecteur fixe +- Listing des fichiers présents : [07/11/2007 11:40][--a------] C:\AUTOEXEC.BAT [03/08/2004 21:38][-rahs----] C:\NTDETECT.COM [22/02/2001 00:07][--a------] C:\DIRB.EXE [12/09/2008 11:32][---hs----] C:\boot.ini [25/08/2008 14:23][--a------] C:\testfile.txt [25/08/2008 14:23][--a------] C:\UsbFix.txt [07/11/2007 11:40][--a------] C:\CONFIG.SYS [07/11/2007 11:40][--a------] C:\IO.SYS [07/11/2007 11:40][--a------] C:\MSDOS.SYS [07/11/2007 11:40][--a------] C:\pagefile.sys --------------- [ Lecteur D ] ---------------- D: - Lecteur de CD-ROM +- Listing des fichiers présents : --------------- [ Lecteur E ] ---------------- E: - Lecteur fixe +- Listing des fichiers présents : [04/05/2008 22:30][--a------] E:\autoexec.bat [05/05/1999 22:22][--a------] E:\COMMAND.COM [05/05/1999 22:22][--a------] E:\LIST.COM [27/01/2007 22:30][--ah-----] E:\BOOTLOG.TXT [27/01/2007 22:30][--ah-----] E:\DETLOG.TXT [27/01/2007 22:30][--ah-----] E:\NETLOG.TXT [27/01/2007 22:30][--ah-----] E:\FRUNLOG.TXT [27/01/2007 22:30][--ah-----] E:\SETUPXLG.TXT [27/01/2007 22:30][--ah-----] E:\SETUPLOG.TXT [02/10/2008 14:40][--a------] E:\CONFIG.SYS [02/10/2008 14:40][--a------] E:\MSDOS.SYS [02/10/2008 14:40][--a------] E:\IO.SYS --------------- [ Lecteur F ] ---------------- F: - Lecteur amovible +- Listing des fichiers présents : [27/02/2008 12:08][--a------] F:\ccleaner205.exe [27/02/2008 12:08][--a------] F:\disk expert maj.exe [27/02/2008 12:08][--a------] F:\mbam-setup.exe [27/02/2008 12:08][--a------] F:\Navilog1.exe [27/02/2008 12:08][--a------] F:\Tweak_UI_2.10.exe [27/02/2008 12:08][--a------] F:\HiJackThis.exe [27/02/2008 12:08][--a------] F:\ToolBarSD.exe [01/11/2008 20:24][--a------] F:\winlogon.txt [01/11/2008 20:24][--a------] F:\hijackthis leon.txt [01/11/2008 20:24][--a------] F:\hijackthis judith.txt [01/11/2008 20:24][--a------] F:\ActiveScan judith.txt [01/11/2008 20:24][--a------] F:\TB.txt [01/11/2008 20:24][--a------] F:\fixnavi.txt [01/11/2008 20:24][--a------] F:\cleannavi.txt [01/11/2008 20:24][--a------] F:\hijackthis2.txt --------------- [ Lecteur G ] ---------------- G: - Lecteur fixe +- Listing des fichiers présents : --------------- [ Lecteur H ] ---------------- H: - Lecteur fixe +- Listing des fichiers présents : [16/10/2008 10:08][--a------] H:\dir-ARCHIVE.txt [16/10/2008 10:08][--a------] H:\dir-PRINCIPAL.txt [16/10/2008 10:08][--a------] H:\ordinateur individuel.txt [16/10/2008 10:08][--a------] H:\REINSTALL.txt [16/10/2008 10:08][--a------] H:\SyncToyDirectoryId.txt --------------- [ Lecteur I ] ---------------- I: - Lecteur fixe +- Listing des fichiers présents : [23/06/2008 22:53][--a------] I:\MP3 Cut procedure.txt [23/06/2008 22:53][--a------] I:\SyncToyDirectoryId.txt --------------- [ Lecteur J ] ---------------- J: - Lecteur fixe +- Listing des fichiers présents : [30/01/2007 16:57][--a------] J:\adr pdf.txt [30/01/2007 16:57][--a------] J:\RESU.TXT [30/01/2007 16:57][--a------] J:\RESU2.TXT [30/01/2007 16:57][--a------] J:\SyncToyDirectoryId.txt --------------- [ Lecteur K ] ---------------- K: - Lecteur fixe +- Listing des fichiers présents : --------------- [ Lecteur L ] ---------------- L: - Lecteur amovible +- Listing des fichiers présents : --------------- [ Registre / Startup ] ---------------- ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck REG_SZ C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 VTTimer REG_SZ VTTimer.exe avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min Cloneur Expert Monitor REG_SZ "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" Acronis Scheduler2 Service REG_SZ "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe atwtusb REG_SZ atwtusb.exe WinampAgent REG_SZ "C:\Program Files\Winamp\Winampa.exe" tsnp2std REG_SZ C:\WINDOWS\tsnp2std.exe snp2std REG_SZ C:\WINDOWS\vsnp2std.exe PinnacleDriverCheck REG_SZ C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized Copernic Desktop Search - Home REG_SZ "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray --------------- [ Registre / Mountpoint2 ] ---------------- Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e51c3256-7ff3-11dd-94de-000c76fd16c0}\Shell\AutoRun\command --------------- [ Nettoyage des disques ] ---------------- --------------- [ Resumé ] ---------------- -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\ [07/11/2007 11:40][--a------] C:\AUTOEXEC.BAT [03/08/2004 21:38][-rahs----] C:\NTDETECT.COM [22/02/2001 00:07][--a------] C:\DIRB.EXE [12/09/2008 11:32][---hs----] C:\boot.ini [04/05/2008 22:30][--a------] E:\autoexec.bat [05/05/1999 22:22][--a------] E:\COMMAND.COM [05/05/1999 22:22][--a------] E:\LIST.COM [27/02/2008 12:08][--a------] F:\ccleaner205.exe [27/02/2008 12:08][--a------] F:\disk expert maj.exe [27/02/2008 12:08][--a------] F:\mbam-setup.exe [27/02/2008 12:08][--a------] F:\Navilog1.exe [27/02/2008 12:08][--a------] F:\Tweak_UI_2.10.exe [27/02/2008 12:08][--a------] F:\HiJackThis.exe [27/02/2008 12:08][--a------] F:\ToolBarSD.exe --------------- ! Fin du rapport ! ----------------
  17. fabou4
    voici le rapport sdfix SDFix: Version 1.240 Run by AVI on 16/11/2008 at 21:40 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\autorun.inf - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 22:03:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] "khjeh"=hex:20,02,00,00,70,70,01,de,ce,98,14,11,59,50,0a,94,88,96,ae,10,8b,.. "hj34z0"=hex:9b,d9,28,47,4a,3f,bf,ec,d0,12,0c,a5,79,54,3c,5c,6f,00,02,e3,b3,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41] "khjeh"=hex:20,02,00,00,11,70,01,de,71,0a,4a,12,40,3b,dc,2c,e3,cb,98,9e,da,.. "hj34z0"=hex:67,e1,a3,2b,c6,29,c1,ec,6c,ca,46,c1,e5,89,55,6c,6b,40,87,9f,ba,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 3 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 3 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak" Mon 9 Jul 2007 1,291 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti5C0.tmp" Sun 3 May 1998 178,176 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc101\RUNMPEG.EXE" Mon 31 Jan 2000 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc103\borlndmm.dll" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc103\cc3250mt.dll" Thu 15 Apr 2004 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc103\Dx6Wrap.dll" Mon 31 Jan 2000 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc161\borlndmm.dll" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc161\cc3250mt.dll" Thu 15 Apr 2004 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc161\Dx6Wrap.dll" Mon 31 Jan 2000 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc58\borlndmm.dll" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc58\cc3250mt.dll" Thu 15 Apr 2004 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc58\Dx6Wrap.dll" Mon 31 Jan 2000 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc59\BORLNDMM.DLL" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc59\CC3250MT.DLL" Fri 16 Apr 2004 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc59\DX6WRAP.DLL" Mon 31 Jan 2000 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc60\BORLNDMM.DLL" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc60\CC3250MT.DLL" Fri 16 Apr 2004 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc60\DX6WRAP.DLL" Mon 31 Jan 2000 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc61\BORLNDMM.DLL" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc61\CC3250MT.DLL" Fri 16 Apr 2004 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc61\DX6WRAP.DLL" Mon 31 Jan 2000 25,600 A..H. --- "C:\Documents and Settings\AVI\Bureau\lea &eliahou\NESHEK4 (E)\borlndmm.dll" Mon 7 Aug 2000 1,497,088 A..H. --- "C:\Documents and Settings\AVI\Bureau\lea &eliahou\NESHEK4 (E)\cc3250mt.dll" Thu 15 Apr 2004 40,960 A..H. --- "C:\Documents and Settings\AVI\Bureau\lea &eliahou\NESHEK4 (E)\Dx6Wrap.dll" Wed 3 Jan 2007 4,348 ...H. --- "C:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Ma musique\Sauvegarde de la licence\drmv1key.bak" Tue 1 Jan 2008 401 A..H. --- "C:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sun 30 Apr 2006 312 ...H. --- "C:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Ma musique\Sauvegarde de la licence\drmv2key.bak" Tue 1 Jan 2008 22,016 A..H. --- "C:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Ma musique\Sauvegarde de la licence\drmv2lic.bak" Finished! ainsi que le nouveau rapport hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:17:03, on 16/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Labtec\Mouse\2.1\moffice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\UltimateZip 2007\uzqkst.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe J:\prog\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [uaoaqwc] "c:\documents and settings\avi\local settings\application data\uaoaqwc.exe" uaoaqwc O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- End of file - 9515 bytes nb : Antivir n'est toujours pas actif au démarage (je peux juste démarrer manuellement le service) et ne se met toujours pas à jour, même manuellement. bonne soirée !
  18. fabou4
    bonjour merci pour ta réponse ! le rapport hijack est APRES les essais de desinfections (mbam et navilog) j'ai pu lancer ANTIVIR mais yavait pas de mise a jour possible (vielles définitions virales ?) pour mbam, j'ai effectivement lancé la suppression Avira AntiVir Personal Report file date: dimanche 16 novembre 2008 09:58 Scanning for 1026777 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: AVI Computer name: LUGASSI-PC Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:29:38 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:56:28 ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 16:56:30 ANTIVIR3.VDF : 7.1.0.70 84480 Bytes 11/11/2008 16:04:22 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 10:49:38 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 16:04:06 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 16:35:16 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 07:43:26 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 11:48:30 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 16:35:14 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 16:35:14 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 16:35:14 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 16:35:14 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 10:49:36 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 16:35:14 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 10:49:34 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 16 novembre 2008 09:58 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'hprblog.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'mouse32a.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'uzqkst.exe' - '1' Module(s) have been scanned Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned Scan process 'NkbMonitor.exe' - '1' Module(s) have been scanned Scan process 'WG111v2.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'moffice.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'Apache.exe' - '1' Module(s) have been scanned Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned Scan process 'Apache.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 52 processes with 52 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '76' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Windows_Media_Player_9.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> 9SeriesDefault_.wmz [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Documents and Settings\AVI\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-40fb8dfb.XXX [0] Archive type: ZIP --> OP.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit [NOTE] The file was moved to '4957e11e.qua'! C:\Documents and Settings\AVI\Local Settings\Temp\hosou25k.dll.XXX [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4992e1b9.qua'! C:\Documents and Settings\AVI\Local Settings\Temp\jzuqe.dll.XXX [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4994e1c4.qua'! C:\Documents and Settings\AVI\Local Settings\Temp\m.dll.XXX [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4983e178.qua'! C:\Documents and Settings\AVI\Local Settings\Temp\o9t4alj.dll.XXX [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4993e184.qua'! C:\Documents and Settings\AVI\Local Settings\Temp\ot7lp8ri.dll.XXX [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4956e1bf.qua'! C:\Documents and Settings\AVI\Local Settings\Temp\wzw9.dll.XXX [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4996e1c5.qua'! C:\Documents and Settings\AVI\Local Settings\Temporary Internet Files\Content.IE5\MHLAZEDC\kavwebscan_unicode[1].cab [0] Archive type: CAB (Microsoft) --> kavuninstall.exe [DETECTION] Is the TR/Agent.65536.W Trojan [NOTE] The file was moved to '4995e24f.qua'! C:\WINDOWS\system32\ckvo0.dll.XXX [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4995e7dd.qua'! C:\WINDOWS\system32\ckvo1.dll.XXX [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4995e7de.qua'! C:\WINDOWS\system32\kavo0.dll.XXX [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4995e7e2.qua'! C:\WINDOWS\system32\kavo1.dll.XXX [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4995e7e3.qua'! C:\WINDOWS\system32\tavo1.dll.XXX [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4995e7fc.qua'! C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavuninstall.exe [DETECTION] Is the TR/Agent.65536.W Trojan [NOTE] The file was moved to '4995e821.qua'! End of the scan: dimanche 16 novembre 2008 10:29 Used time: 30:37 Minute(s) The scan has been done completely. 6224 Scanning directories 391236 Files were scanned 14 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 14 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 391220 Files not concerned 2455 Archives were scanned 7 Warnings 14 Notes LOG.TXT Logfile of random's system information tool 1.04 (written by random/random) Run by AVI at 2008-11-16 10:39:41 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 65 GB (56%) free of 117 GB Total RAM: 1023 MB (55% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:48, on 16/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Labtec\Mouse\2.1\moffice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\UltimateZip 2007\uzqkst.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe J:\Nouveau dossier (2)\RSIT.exe J:\prog\AVI.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [uaoaqwc] "c:\documents and settings\avi\local settings\application data\uaoaqwc.exe" uaoaqwc O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- End of file - 9475 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-08-04 343112] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344] "FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\Mouse\2.1\moffice.exe [2006-05-22 802816] "EoEngine"= [] "EoSudoku"= [] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-03-17 282624] "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-03-18 26112] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] "uaoaqwc"=c:\documents and settings\avi\local settings\application data\uaoaqwc.exe uaoaqwc [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Barre d'état système d'ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Documents and Settings\AVI\Menu Démarrer\Programmes\Démarrage OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2007\uzqkst.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] shell\AutoRun\command - 39lpji.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51be59fe-624f-11da-b6a0-806d6172696f}] shell\AutoRun\command - E:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51be5a04-624f-11da-b6a0-0013d4dec2c7}] shell\AutoRun\command - K:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51ccd394-797d-11db-b98a-0013d4dec2c7}] shell\AutoRun\command - J:\f.bat shell\explore\command - J:\f.bat shell\open\command - J:\f.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdcca5f1-92d8-11db-b9c8-0013d4dec2c7}] shell\AutoRun\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe shell\open\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e788dcb2-116f-11dd-a4af-0013d4dec2c7}] shell\1\command - J:\.\recycled\info.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe ======List of files/folders created in the last 1 months====== 2008-11-16 10:39:41 ----D---- C:\rsit 2008-11-16 02:18:08 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-11-16 01:54:24 ----D---- C:\Program Files\Panda Security 2008-11-16 01:53:32 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2008-11-16 01:42:05 ----D---- C:\Program Files\Avira 2008-11-16 01:42:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2008-11-16 01:32:00 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7 2008-11-16 01:15:05 ----A---- C:\cleannavi.txt 2008-11-16 01:06:58 ----A---- C:\fixnavi.txt 2008-11-16 01:02:22 ----A---- C:\mbam-log-2008-11-16 (01-02-14).txt 2008-11-16 00:26:23 ----D---- C:\Documents and Settings\AVI\Application Data\Malwarebytes 2008-11-16 00:26:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-16 00:26:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-15 21:08:28 ----SHD---- C:\WINDOWS\CSC 2008-11-06 13:55:27 ----D---- C:\Documents and Settings\AVI\Application Data\Sony Corporation 2008-11-06 09:28:56 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2008-11-06 09:28:56 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2008-11-06 09:28:54 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2008-11-06 09:28:54 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2008-11-06 09:28:53 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2008-11-06 09:28:52 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2008-11-06 09:28:52 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2008-11-06 09:28:51 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2008-11-06 09:28:51 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2008-11-06 09:28:51 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-11-06 09:28:51 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2008-11-06 09:28:50 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2008-11-06 09:28:50 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2008-11-06 09:28:50 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2008-11-06 09:28:50 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2008-11-06 09:28:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2008-11-06 09:28:45 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2008-11-06 09:28:45 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2008-11-06 09:28:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2008-11-06 09:28:44 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2008-11-06 09:28:44 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2008-11-06 09:28:44 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2008-11-06 09:28:43 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2008-11-06 09:28:43 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2008-11-06 09:28:42 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2008-11-06 09:28:40 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2008-11-06 09:28:23 ----A---- C:\WINDOWS\system32\vxblock.dll 2008-11-06 09:28:23 ----A---- C:\WINDOWS\system32\PxInsI64.exe 2008-11-06 09:28:23 ----A---- C:\WINDOWS\system32\PxInsA64.exe 2008-11-06 09:28:23 ----A---- C:\WINDOWS\system32\pxhpinst.exe 2008-11-06 09:28:23 ----A---- C:\WINDOWS\system32\PxCpyI64.exe 2008-11-06 09:28:23 ----A---- C:\WINDOWS\system32\PxCpyA64.exe 2008-11-06 09:23:15 ----D---- C:\Program Files\Sony ======List of files/folders modified in the last 1 months====== 2008-11-16 10:39:46 ----D---- C:\WINDOWS\Prefetch 2008-11-16 10:27:55 ----D---- C:\WINDOWS\system32 2008-11-16 09:58:33 ----D---- C:\WINDOWS 2008-11-16 09:58:11 ----D---- C:\Documents and Settings\AVI\Application Data\OpenOffice.org2 2008-11-16 09:57:48 ----D---- C:\Program Files\UltimateZip 2007 2008-11-16 09:50:51 ----D---- C:\WINDOWS\Temp 2008-11-16 02:29:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-16 01:56:11 ----D---- C:\WINDOWS\BDOSCAN8 2008-11-16 01:54:45 ----HD---- C:\WINDOWS\inf 2008-11-16 01:54:07 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-16 01:51:42 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-16 01:42:07 ----D---- C:\WINDOWS\system32\drivers 2008-11-16 01:42:05 ----RD---- C:\Program Files 2008-11-16 01:41:01 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-16 01:38:26 ----D---- C:\Program Files\Hijackthis Version Française 2008-11-16 01:35:45 ----A---- C:\dumpconsole.txt 2008-11-16 01:32:00 ----D---- C:\WINDOWS\system 2008-11-16 01:16:01 ----D---- C:\Program Files\Navilog1 2008-11-15 23:10:09 ----D---- C:\Documents and Settings 2008-11-15 22:56:28 ----SHD---- C:\System Volume Information 2008-11-15 22:38:38 ----D---- C:\Driver 2008-11-10 09:54:57 ----D---- C:\WINDOWS\system32\config 2008-11-10 09:54:47 ----D---- C:\WINDOWS\system32\wbem 2008-11-10 09:54:47 ----D---- C:\WINDOWS\Registration 2008-11-07 11:25:07 ----D---- C:\Documents and Settings\AVI\Application Data\dvdcss 2008-11-06 09:28:57 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-06 09:28:27 ----D---- C:\WINDOWS\system32\DirectX 2008-11-05 09:04:38 ----A---- C:\WINDOWS\CSTBox.INI 2008-11-04 13:21:45 ----SD---- C:\Documents and Settings\AVI\Application Data\Microsoft 2008-10-26 10:37:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072] R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-04-05 100096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-18 21035] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-03-18 8552] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-28 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-28 55936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-06 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-06 12928] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\AVI\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921] S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 194304] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-06-29 376832] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264] R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136] R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865] S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- INFO.TXT info.txt logfile of random's system information tool 1.04 2008-11-16 10:39:51 ======Uninstall list====== -->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x040c/cont -removeonly -->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{E078134D-A344-41B6-A0F8-147AB235396E}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x040c -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adibou et Les Voleurs d'Energie Démo-->C:\WINDOWS\unvise32.exe C:\Program Files\Coktel\Adibou et Les Voleurs d'Energie Démo\uninstal.log Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x40c -uninst ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x40c ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x40c -uninst AsusUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{6539AC4E-1146-479C-9774-A8949B1ECEF3} ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" BubbleBall-->C:\Program Files\BubbleBall\SXUNINST.EXE Cannon Smash-->"C:\Program Files\Cannon Smash\Uninstall Cannon Smash.exe" Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x40c anything Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x40c anything Cedric - La chasse au trésor-->C:\emme\Cedric2\Desinst.exe Chicken Attack-->MsiExec.exe /I{FAD1DFD3-FFB7-4CCF-9DB5-01E42B2BCE34} Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Counter-Strike: Condition Zero-->C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC EVEREST Home Edition v1.50-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Five A Side Football-->MsiExec.exe /I{7548AA9A-BE7D-479F-9D4C-3D47D336AD98} Foot Quiz Challenge-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Cryo\Foot Quiz Challenge\Uninst.isu" Ford Racing 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797E03F8-C8A0-47ED-AA9F-D7076276E491}\setup.exe" Frankie Les Aventuriers du Temps-->C:\WINDOWS\UnJSExp.exe Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" HijackThis 2.0.2-->"J:\prog\HijackThis.exe" /uninstall Hijackthis Version Française-->"C:\Program Files\Hijackthis Version Française\unins000.exe" HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Interactive Mishna-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Torah Fun\Interactive Mishna\DeIsL1.isu" -c"C:\Program Files\Torah Fun\Interactive Mishna\_ISREG32.DLL" InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe iPod for Windows 2006-06-28-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} iTunes-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1036 Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe Labtec Mouse V2.1-->C:\Program Files\Labtec\Mouse\2.1\uninst00.exe Le Monde de Nemo : Une Odyssée Sous-Marine-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCB8D603-985E-4765-B4AB-B4B991A535B7} NemoUWFUninstall LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x40c Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe Microsoft Word Viewer 97-->C:\Program Files\WordView\setup\setup.exe Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe Nathan Français CE2-->C:\Program Files\Nathan\Francais CE2\Uninstal.exe Nathan Français CM2-->C:\Program Files\Nathan\Francais CM2\Uninstal.exe Nathan Mathématiques CM1-->C:\Program Files\Nathan\Mathematiques CM1\Uninstal.exe Navilog1 3.6.9-->"C:\Program Files\Navilog1\unins000.exe" Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036 OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} OpenOffice.org 2.4-->MsiExec.exe /I{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A} Oui-Oui -En route pour l'école-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hachette Multimédia\Oui-Oui -En route pour l'école\Uninst.isu" Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" Philips Digital Audio Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C99E9B3-292B-4E0D-A719-998AFF4DB27C}\Setup.exe" -l0x40c PictureProject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninst PowerPuffs Screen Saver-->C:\WINDOWS\NCUNINST.EXe RMSCR PowerPuffs QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036 RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c /removeonly uninstall -removeonly Starsky&Hutch-->C:\Program Files\Empire Interactive\Starsky&Hutch\Uninstall.exe Tennis Antics-->MsiExec.exe /I{865ABB97-49E9-474F-95D0-C88C438A5BC3} Tibère et la Maison Bleue - Tibère Découvre les 5 sens-->C:\WINDOWS\IsUn040c.exe -fC:\KA\TIBERE\DeIsL2.isu Total Immersion Racing-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2FE0127-0F86-43C7-824E-AA78E6B5F4F3}\setup.exe" UltimateZip 2007-->"C:\Program Files\UltimateZip 2007\unins000.exe" VideoLAN VLC media player 0.8.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Voyage au Pays de la Lecture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13E2C9A-5E09-41C8-ABCD-C7E67525C26D}\setup.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe zoo-->MsiExec.exe /I{678EADFF-59A2-4051-8FCF-1B61D56F66FC} ======Security center information====== AV: Avira AntiVir PersonalEdition (disabled) (outdated) FW: NVIDIA Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF-----------------
  19. fabou4
    Et voici les rapports MBAM Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1306 Windows 5.1.2600 Service Pack 2 16/11/2008 01:02:22 mbam-log-2008-11-16 (01-02-14).txt Type de recherche: Examen rapide Eléments examinés: 62933 Temps écoulé: 7 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 8 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\winantispyware 2006 scanner (Rogue.WinAntiSpyware) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Dossier(s) infecté(s): C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken. C:\Documents and Settings\AVI\Application Data\WinAntiSpyware 2006 (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\AVI\Application Data\WinAntiSpyware 2006\Logs (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\AVI\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> No action taken. C:\Documents and Settings\AVI\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> No action taken. Fichier(s) infecté(s): C:\Documents and Settings\AVI\Local Settings\Application Data\uaoaqwc_navps.dat (Adware.Navipromo.H) -> No action taken. C:\Documents and Settings\AVI\Local Settings\Application Data\uaoaqwc_nav.dat (Adware.Navipromo.H) -> No action taken. C:\Documents and Settings\AVI\Local Settings\Application Data\uaoaqwc.dat (Adware.Navipromo.H) -> No action taken. C:\Program Files\InternetGameBox\Conditions générales.url (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\Confidentialité.url (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\InternetGameBox.exe.XXX (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\uninst.exe.XXX (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\Website.url (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken. C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken. C:\Documents and Settings\AVI\Application Data\WinAntiSpyware 2006\Logs\update.log (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\AVI\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> No action taken. C:\WINDOWS\system32\uabwrqf_navps.dat (Adware.NaviPromo) -> No action taken. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken. NAVILOG avant Search Navipromo version 3.6.9 commencé le 16/11/2008 à 1:06:58,15 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "AVI" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Recherche executé en mode sans échec *** Recherche Programmes installés *** InternetGameBox *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\AVI\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\cecile\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\AVI\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\cecile\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\AVI\menudm~1\progra~1" *** ...\InternetGameBox trouvé ! *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\cecile\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\AVI\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\cecile\locals~1\applic~1" * *** Recherche fichiers *** C:\Documents and Settings\AVI\locals~1\Temp\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\AVI\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\cecile\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 16/11/2008 à 1:10:47,48 *** NAVILOG après Clean Navipromo version 3.6.9 commencé le 16/11/2008 à 1:15:05,56 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "AVI" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage executé en mode sans échec *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\AVI\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\cecile\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\AVI\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\cecile\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\AVI\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\cecile\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\AVI\menudm~1\progra~1" *** ...\InternetGamebox ...suppression... ...\InternetGamebox supprimé ! *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\cecile\menudm~1\progra~1" *** *** Suppression fichiers *** C:\Documents and Settings\AVI\locals~1\Temp\pack.epk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\AVI\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\AVI\locals~1\applic~1" * * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Dans "C:\DOCUME~1\cecile\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 16/11/2008 à 1:16:01,51 *** Merci à celui qui CONSACRERA du temps à lire (car ça prend vraiment du temps!)
  20. fabou4
    bonsoir a tous Un ami m'a (encore) confié son PC qui ne démarrait qu'en mode sans echec C'est INCROYABLE le nombre de virus/rogue/etc qu'il a pu se prendre ! alors voilà où il en est après plusieurs bêtises/essais plus ou moins frutueux désinstallation de AVG puis reinstallation de ANTIVIR : le pc redemarre en mode NORMAL mais le service d'Antivir ne peut démarrer (on peut juste lancer le logiciel) la mise a jour ne se fait pas. lancement de navilog ET desinfection lancer de MALWAREBYTES (mise a jour impossible) et desinfection Impossible de lancer un antivirus en ligne (panda, kaspersky, bit defender) : ils se bloquent ou refusent de charger leur appli. j'ai réussi à lancer AVAST (par CD bootable avec une mise à jour) mais je ne peux pas sauvegarder le rapport ! yavait plein de trucs trouvé Bref c'est pas simple MERCI A CELUI QUI ARRIVERA A VOIR QQCHOSE DANS TOUT CELA ! HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:27:04, on 16/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Labtec\Mouse\2.1\moffice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\UltimateZip 2007\uzqkst.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe J:\prog\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [uaoaqwc] "c:\documents and settings\avi\local settings\application data\uaoaqwc.exe" uaoaqwc O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- End of file - 9498 bytes
  21. fabou4
    Bonjour Pear j'ai rendu le PC à ma collègue (elle en avait besoin pour aujourdhui) je lui dirai de lancer un scan kaspersky MERCI BEAUCOUP POUR L'AIDE QUE VOUS NOUS AVEZ APPORTES !!!!!!! très cordialement nb : dois-je mettre "résolu" ?
  22. fabou4
    euh si si, j'ai bien eu le le dossier : il était sur ma clé USB (a partir de laquelle j'ai lancé le prog!!) ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder C:\Program Files\Spyware-Secure not found. File/Folder C:\Documents and Settings\Judith\Bureau\Spyware-Secure trial.lnk not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure\\ not found. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_105417 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. de toute façon, c'est le même log que j'ai eu
  23. fabou4
    après procédure, je n'ai pas de dossier C:\_OTMoveIt\MovedFiles voici le log que j'ai eu au démarrage : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder C:\Program Files\Spyware-Secure not found. File/Folder C:\Documents and Settings\Judith\Bureau\Spyware-Secure trial.lnk not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}\\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure\\ not found. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_105417 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
  24. fabou4
    bonsoir pear ! bon, je crois que ça y est : navilog n'a rien trouvé (j'ai quand même lancé la désinfection comme tu me l'as dis ! je suis bête et discipliné moi !) j'ai télécharger mbam en faisant attention au nom (je l'ai chargé sur autre pc, je l'ai renommé, puis je l'ai mis sur le pc problématique) j'ai lancé mbam: il a trouvé 110 clés infectés cette fois Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1395 Windows 5.1.2600 Service Pack 2 13/11/2008 21:25:49 av mbam-log-2008-11-13 (21-25-41) Type de recherche: Examen rapide Eléments examinés: 53956 Temps écoulé: 6 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 13 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 13 Fichier(s) infecté(s): 83 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Quarantine (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Temp (Rogue.Spyware-Secure) -> No action taken. Fichier(s) infecté(s): C:\Program Files\Internet Explorer\msimg32.dll.sps (Adware.MyWebSearch) -> No action taken. C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\guid (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\serial (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR.zip (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_intro.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_menu.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\file.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_f.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_o.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\index.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\menu3.js (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\spy.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_coud.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_droit.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_vert.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\fleche.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\key.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\support.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Documents and Settings\Judith\Bureau\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> No action taken. j'ai supprimé et : BLOCAGE !!! alors j'ai lancé mbam en mode sans echec et ça a marché !!!! la suppression a marché ! le résultat : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1395 Windows 5.1.2600 Service Pack 2 13/11/2008 22:24:24 mbam-log-2008-11-13 (22-24-24).txt Type de recherche: Examen rapide Eléments examinés: 53950 Temps écoulé: 6 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  25. fabou4
    bonjour Pear impossible de faire la desinfection par MALWAREBYTE ! ça bloque au premier quart dès que je lance "suppression" voici le rapport AVANT la desinfection Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1392 Windows 5.1.2600 Service Pack 2 13/11/2008 13:36:47 av Type de recherche: Examen rapide Eléments examinés: 54590 Temps écoulé: 6 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 13 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 13 Fichier(s) infecté(s): 83 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Quarantine (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Temp (Rogue.Spyware-Secure) -> No action taken. Fichier(s) infecté(s): C:\Program Files\Internet Explorer\msimg32.dll.sps (Adware.MyWebSearch) -> No action taken. C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\guid (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\serial (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR.zip (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_intro.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_menu.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\file.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_f.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_o.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\index.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\menu3.js (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\spy.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_coud.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_droit.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_vert.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\fleche.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\key.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\support.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> No action taken. C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> No action taken. C:\Documents and Settings\Judith\Bureau\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> No action taken. ce spyware-secure a l'air coriace... Dois-je charger un utilitaire plus puissant que malwarebytes ?
×
×
  • Créer...