alm21
-
Compteur de contenus
10 -
Inscription
-
Dernière visite
alm21's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
je souhaite diffuser ls image de mon ecran pc sue ma tv je passe par une par une carte graphique avec une sortie s video et je diffuse en infra rouge sur la tv mais ma carte grphique geforce mx 4000 qui me donne qu' un ecran quand je fais propriete sur le bureau puis option avance je n' ai pas la possibilite de faire clone d' ecran ni dans le menu de nvidia control panel on m' a dit qu'il fallait aller dans le bios puis sur la sortie svideo et mettre tv par contre le son passe bien sur la tv par infra rouge mais comment allez dans le bios merci
-
bonjour je souhaite diffuser le flux video du player meuh meuh tv su ma tv via une carte graphique nvdia ge force 4mx 4000 qui possede une sortie svideo et sa sortie vga pour l' ecran hors je ne recois sur ma tv que le son pas d' image .l' ecran reste noir je suis aller dans la config nvidia desktop manager mais je ne peux rien declarer ni en clone et dans panneau de config /affichage je n' ai pas acces au clone ou au 2eme ecarn que dois je faire merci on me dit d' aller dans le bios et d' afficher sortie tv sur la ligne svideo mais comment faire
-
en fait j' ai fais ta manip tout c' est bien passé je n' ai plus de traces des prog dans ajout sypp des programmes mais je crois que je virus se repropage chaque fois que je fais un reboot de ma machine puisque antivir me detecte TR:DROP.Agent.dgo.221 et me demande de le supprimer puis me plante le pc au bout de 3 a 4h de fonctionnement obliger d' eteindre mon pc quand a l' utilisation de combofix c' est un ami qui m'a dit de l'utiliser sans plus
-
ci joint le dernier rapport combofix apres plantage du pc j'aii l'impression que le virus revient apres chaque reboot du pc ComboFix 08-01-15.4 - ALAIN DAYAN 2008-01-19 20:40:30.7 - NTFSx86 Running from: C:\Documents and Settings\ALAIN DAYAN\Bureau\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\bccdd.ini C:\WINDOWS\system32\bccdd.ini2 C:\WINDOWS\system32\ddccb.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\efcawwv.dll C:\WINDOWS\system32\hgggfcc.dll C:\WINDOWS\system32\qttask .exe C:\WINDOWS\system32\urqponm.dll . ---- Previous Run ------- . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\bccdd.ini C:\WINDOWS\system32\bccdd.ini2 C:\WINDOWS\system32\byxuvts.dll C:\WINDOWS\system32\cbxwvtq.dll C:\WINDOWS\system32\ctfmon .exe C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\ddccb.dll C:\WINDOWS\system32\hggghig.dll C:\WINDOWS\system32\hgghife.dll C:\WINDOWS\system32\ljjghhg.dll C:\WINDOWS\system32\mljhgde.dll C:\WINDOWS\system32\nnnnnon.dll C:\WINDOWS\system32\opnljkl.dll C:\WINDOWS\system32\piknpwgk.exe C:\WINDOWS\system32\pmnnljh.dll <pre> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe ---> avgnt.exe C:\WINDOWS\system32\ctfmon .exe ---> QooBox C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe ---> avgnt.exe </pre> . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))))))) . 2008-01-19 20:49 . 2008-01-19 20:49 334,848 --------- C:\WINDOWS\system32\ddccb.dll 2008-01-19 20:49 . 2008-01-19 20:49 38,400 --a------ C:\WINDOWS\system32\vturoom.dll 2008-01-19 13:13 . 2008-01-19 13:13 <REP> d-------- C:\VundoFix Backups 2008-01-18 21:34 . 2008-01-18 21:43 367,104 --a------ C:\WINDOWS\system32\qttask.exe 2008-01-18 21:32 . 2008-01-18 21:34 <REP> d-------- C:\WINDOWS\system32\QuickTime 2008-01-18 21:32 . 2008-01-18 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-01-18 21:32 . 2008-01-18 21:32 388 --a------ C:\WINDOWS\system32\QuickTime.qtp 2008-01-18 21:31 . 2008-01-18 21:34 <REP> d-------- C:\Program Files\QuickTime 2008-01-18 20:25 . 2008-01-18 20:25 <REP> d-------- C:\Program Files\Avira 2008-01-16 22:20 . 2008-01-16 22:21 <REP> d-------- C:\Program Files\jv16 PowerTools 2008-01-16 12:15 . 2008-01-18 20:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-16 11:48 . 2008-01-16 11:48 21,300,224 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe 2008-01-15 13:20 . 2008-01-15 13:20 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 12:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 13:32 . 2008-01-14 13:32 <REP> d-------- C:\WINDOWS\AU_Temp 2008-01-14 13:31 . 2008-01-14 13:31 <REP> d-------- C:\Documents and Settings\All Users\ModŠles 2008-01-14 13:30 . 2008-01-16 13:34 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-13 20:54 . 2006-09-25 08:30 24,963,953 --a------ C:\WINDOWS\LPT$VPN.787 2008-01-13 14:46 . 2008-01-13 14:46 357,768 --a------ C:\Documents and Settings\ALAIN DAYAN\SymXPep2.dll 2008-01-13 13:48 . 2008-01-13 14:08 16 --a------ C:\WINDOWS\system32\coh.cache 2008-01-12 19:21 . 2008-01-13 00:20 39,936 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-01-12 19:21 . 2008-01-12 19:21 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-01-12 18:52 . 2008-01-13 21:49 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-12 18:52 . 2008-01-13 21:49 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 19:49 28,672 ----a-w C:\WINDOWS\system32\qttask .exe 2008-01-19 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-18 19:04 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-01-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-01-16 11:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-16 10:59 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\InstallShield 2008-01-14 12:28 --------- d-----w C:\Program Files\Brother 2008-01-14 12:28 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\dvdcss 2008-01-14 12:25 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\Symantec 2008-01-13 09:27 --------- d-----w C:\Program Files\Tweak-XP Pro 4 2008-01-13 08:54 47,360 ----a-w C:\Documents and Settings\ALAIN DAYAN\Application Data\pcouffin.sys 2007-12-04 14:11 --------- d-----w C:\Program Files\Nuance 2007-12-04 14:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-12-04 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-04 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother 2007-11-26 17:18 --------- d-----w C:\Program Files\Mpeg4ModifierMod.1.4.4 2007-11-25 16:19 --------- d-----w C:\Program Files\SdLL 2007-11-25 14:30 --------- d-----w C:\Program Files\SlySoft 2007-11-25 14:26 --------- d-----w C:\Program Files\Any dvd 6.1.9.3.+Key--July-- 2007-11-25 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-25 14:18 --------- d-----w C:\Program Files\Slysoft.AnyDVD.HD.v6.1.9.3-RES 2007-11-24 12:13 24,278,048 ----a-w C:\Program Files\dotnetfx.exe 2007-11-22 19:23 --------- d-----w C:\Program Files\Freeplayer 2007-11-22 18:55 --------- d-----w C:\Program Files\VideoLAN 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-07-09 19:47 92,064 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmmdm.sys 2007-07-09 19:47 9,232 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmmdfl.sys 2007-07-09 19:47 79,328 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmserd.sys 2007-07-09 19:47 66,656 ----a-w C:\Documents and Settings\ALAIN DAYAN\mqdmbus.sys 2007-07-09 19:47 6,208 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmcmnt.sys 2007-07-09 19:47 5,936 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmwhnt.sys 2007-07-09 19:47 4,048 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmcr.sys 2007-07-09 19:47 25,600 ----a-w C:\Documents and Settings\ALAIN DAYAN\usbsermptxp.sys 2007-07-09 19:47 22,768 -c--a-w C:\Documents and Settings\ALAIN DAYAN\usbsermpt.sys 2006-10-17 19:06 115,381 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_16_08_21_26_small.dmp.zip 2006-08-17 19:37 102,173 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_17_12_54_47_small.dmp.zip 2006-08-15 06:21 99,283 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_13_15_11_56_small.dmp.zip 2006-06-06 19:59 50,591 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_06_05_00_14_21_small.dmp.zip 2006-06-06 19:59 101,000 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_04_06_16_03_small.dmp.zip 2006-02-25 19:24 4,653,917 ----a-w C:\Program Files\eMule0.47a-Installer.exe 2006-02-04 19:40 63,784 ----a-w C:\Documents and Settings\ALAIN DAYAN\Application Data\GDIPFONTCACHEV1.DAT 2005-06-25 18:48 3,630 -c--a-w C:\Program Files\server.met.gz 2004-10-29 06:02 4,168,439 -c--a-w C:\Program Files\Codec Real Media 9 (Codec format RV9).exe 2004-10-26 20:25 6,073,595 ----a-w C:\Program Files\Satsuki.Video.GUI.1.0.0.8.exe 2004-09-28 02:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS 2005-04-16 21:59 12,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A9ACC51-F02F-4993-9006-F4A68ED448B1}] 2008-01-19 20:49 334848 --------- C:\WINDOWS\system32\ddccb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 01:50 4620288] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [ ] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [ ] "nwiz"="nwiz.exe" [2004-10-30 01:50 921600 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-30 01:50 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "ADS TVR Agent"="C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe" [ ] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "QuickTime Task"="C:\WINDOWS\system32\qttask .exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 14:00 78848] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "NTSpool"= NTSpool.exe "System Patcher"= BTCPatcher.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AAF23D8-4489-43D8-A064-319D1254ABCA}"= C:\WINDOWS\system32\vturoom.dll [2008-01-19 20:49 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtutqn] awtutqn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturoom] vturoom.dll 2008-01-19 20:49 38400 C:\WINDOWS\system32\vturoom.dll [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=C:\WINDOWS\system32\ddccb.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddccb R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-09-24 20:35] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 08:34] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 21:00:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\vturoom.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\ddccb.dll . Completion time: 2008-01-19 21:04:59 - machine was rebooted [ALAIN DAYAN] ComboFix-quarantined-files.txt 2008-01-19 20:04:54 . 2008-01-10 11:02:55 --- E O F ---
-
bonjour je suis un peu desemparé.j'ai fais ce que tu m'as dit. demarrer puis executer puis les items orange puis demarrerr panneau de config outils administrateur desactive tout mes ancien programme ont disparu mais lorsque je relance mon pc j' ai ce message d' ereur ERROR the application module C:\programe files\avira\anivir personal edition classic\avgnt.exe cannot be found or has been modified or destroyed the AVGNT.EXE cannot be started please check for installation je clic ok j' ai mon bureau mais antivir ne se met plus en tache de fond j' ai desistalle puis reinstalé antivir meme pb si je lance le scan complet avec antivir il me trouve des choses comme TR/drop.agent.dgo.221 je t'envoi mon dernier hijack this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:45:41, on 18/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\system32\piknpwgk.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\qttask .exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon .exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;www.manutan-cd.fr;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ADS TVR Agent] C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask .exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [system Patcher] BTCPatcher.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DomainService - - C:\WINDOWS\system32\piknpwgk.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SpywareCleanerService - Sony Corporation - (no file) -- End of file - 6213 bytes merci pour ta patience
-
bonjour apparamment c' est ok je n' ai plus le message qui apparait quand je demmarre mon pc t' es un chef par contre j' ai toujour dans ajout suppression de programe norton 360 alors que je l' ai desinstallé ci joint hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:30, on 17/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;www.manutan-cd.fr;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ADS TVR Agent] C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [system Patcher] BTCPatcher.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: awtutqn - awtutqn.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Unknown owner - (no file) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SpywareCleanerService - Sony Corporation - (no file) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 7693 bytes
-
bonjour j' ai fais comme tu m'as dis j'ai viré emule j' ai viré norton ghost puis norton internet security j' ai viré avast j' ai installe antivir puis 2 scan consecutif j' ai instalé JV16pt puis nettoyé la base de regitre je rboote 100 fois plus vite tu es un champion apparament plus de virus ni blocage par contre dans ajout suppression de programme j' ai toujours norton 360 qui apparait sans la possibilite de le supprimer puisque je l' ai desinstalle normalement et aussi lorsque je redemmare mon pc j' ai une fenetre qui apparait et qui dit C:Windows\Temp\4379ehe7.exe C:\PROGRA~1\Symantec\532EVNT1.DLL L'initialisation de la DLL d'un pilote de peripherique installe a echoué .choississez fermer pour mettre fin a l' application. comment virer cette annonce? merci
-
bonjour j' ai chopé un virus vundo sur mon pc apparement j' ai suivi des instruction pour m'en debarasser - vundofix -otomovelt.exe pour hijack do a systemem scan only - combofix destruction fichier - renv de subs pour etat lorsque je redemarre mon pc j' ai une fenetre C WINDOWS\Temp\4379ehe7.exe le processeur NTVDM a rencontre une instruction non autorisé CS:0f75IP:01 de 6363652f31 choissiser fermer pour mettre fin a l' application voici les rapport hijack otomovelt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:32:09, on 16/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;www.manutan-cd.fr;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ADS TVR Agent] C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [system Patcher] BTCPatcher.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: awtutqn - awtutqn.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: GhostStartService - Unknown owner - C:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 9283 bytes voici le rapport renv de combo fix ComboFix 08-01-15.4 - ALAIN DAYAN 2008-01-16 8:47:29.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.485 [GMT 1:00] Running from: C:\Documents and Settings\ALAIN DAYAN\Bureau\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ljjiggf.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))))))) . 2008-01-16 08:06 . 2008-01-16 08:41 <REP> d-------- C:\VundoFix Backups 2008-01-15 13:20 . 2008-01-15 13:20 <REP> d-------- C:\Program Files\Trend Micro 2008-01-15 12:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 13:40 . 2008-01-14 13:40 <REP> d-------- C:\Program Files\Alwil Software 2008-01-14 13:40 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 13:40 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 13:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 13:40 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 13:40 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 13:40 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 13:40 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 13:40 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-14 13:39 . 2008-01-14 13:39 19,004,560 --a------ C:\Program Files\setupfre.exe 2008-01-14 13:32 . 2008-01-14 13:32 <REP> d-------- C:\WINDOWS\AU_Temp 2008-01-14 13:31 . 2008-01-14 13:31 <REP> d-------- C:\Documents and Settings\All Users\Modèles 2008-01-14 13:30 . 2008-01-16 08:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-14 01:45 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-01-14 01:45 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-01-14 01:45 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-01-13 20:54 . 2006-09-25 08:30 24,963,953 --a------ C:\WINDOWS\LPT$VPN.787 2008-01-13 14:46 . 2008-01-13 14:46 357,768 --a------ C:\Documents and Settings\ALAIN DAYAN\SymXPep2.dll 2008-01-13 13:48 . 2008-01-13 14:08 16 --a------ C:\WINDOWS\system32\coh.cache 2008-01-12 19:21 . 2004-08-30 21:00 1,499,136 --a------ C:\WINDOWS\system32\BTCPatcher.exe 2008-01-12 19:21 . 2008-01-13 00:20 39,936 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-01-12 19:21 . 2008-01-12 19:21 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-01-12 18:52 . 2008-01-13 21:49 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-12 18:52 . 2008-01-13 21:49 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 12:32 --------- d-----w C:\Program Files\emule 2008-01-15 12:05 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-01-14 12:32 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-01-14 12:30 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\InstallShield 2008-01-14 12:29 --------- d-----w C:\Program Files\Symantec 2008-01-14 12:28 --------- d-----w C:\Program Files\EPSON 2008-01-14 12:28 --------- d-----w C:\Program Files\Brother 2008-01-14 12:28 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\dvdcss 2008-01-14 12:25 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\Symantec 2008-01-14 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-13 20:49 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-13 20:49 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-13 09:27 --------- d-----w C:\Program Files\Tweak-XP Pro 4 2008-01-13 08:55 --------- d-----w C:\Program Files\AVICalc2 2008-01-13 08:54 47,360 ----a-w C:\Documents and Settings\ALAIN DAYAN\Application Data\pcouffin.sys 2008-01-12 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-04 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2007-12-04 14:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-04 14:25 --------- d-----w C:\Documents and Settings\ALAIN DAYAN\Application Data\ScanSoft 2007-12-04 14:11 --------- d-----w C:\Program Files\Nuance 2007-12-04 14:10 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared 2007-12-04 14:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-12-04 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-04 14:09 --------- d-----w C:\Program Files\ScanSoft 2007-12-04 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother 2007-11-26 17:18 --------- d-----w C:\Program Files\Mpeg4ModifierMod.1.4.4 2007-11-25 16:19 --------- d-----w C:\Program Files\SdLL 2007-11-25 14:30 --------- d-----w C:\Program Files\SlySoft 2007-11-25 14:26 --------- d-----w C:\Program Files\Any dvd 6.1.9.3.+Key--July-- 2007-11-25 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-25 14:18 --------- d-----w C:\Program Files\Slysoft.AnyDVD.HD.v6.1.9.3-RES 2007-11-24 12:13 24,278,048 ----a-w C:\Program Files\dotnetfx.exe 2007-11-22 19:23 --------- d-----w C:\Program Files\Freeplayer 2007-11-22 18:55 --------- d-----w C:\Program Files\VideoLAN 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-07-09 19:47 92,064 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmmdm.sys 2007-07-09 19:47 9,232 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmmdfl.sys 2007-07-09 19:47 79,328 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmserd.sys 2007-07-09 19:47 66,656 ----a-w C:\Documents and Settings\ALAIN DAYAN\mqdmbus.sys 2007-07-09 19:47 6,208 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmcmnt.sys 2007-07-09 19:47 5,936 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmwhnt.sys 2007-07-09 19:47 4,048 -c--a-w C:\Documents and Settings\ALAIN DAYAN\mqdmcr.sys 2007-07-09 19:47 25,600 ----a-w C:\Documents and Settings\ALAIN DAYAN\usbsermptxp.sys 2007-07-09 19:47 22,768 -c--a-w C:\Documents and Settings\ALAIN DAYAN\usbsermpt.sys 2006-10-17 19:06 115,381 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_16_08_21_26_small.dmp.zip 2006-08-17 19:37 102,173 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_17_12_54_47_small.dmp.zip 2006-08-15 06:21 99,283 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_13_15_11_56_small.dmp.zip 2006-06-06 19:59 50,591 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_06_05_00_14_21_small.dmp.zip 2006-06-06 19:59 101,000 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_04_06_16_03_small.dmp.zip 2006-02-04 19:40 63,784 ----a-w C:\Documents and Settings\ALAIN DAYAN\Application Data\GDIPFONTCACHEV1.DAT 2004-10-29 06:02 4,168,439 -c--a-w C:\Program Files\Codec Real Media 9 (Codec format RV9).exe 2004-10-26 20:25 6,073,595 ----a-w C:\Program Files\Satsuki.Video.GUI.1.0.0.8.exe 2004-09-28 02:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS 2005-04-16 21:59 12,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-15_13.10.36.78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-16 07:43:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2008-01-13 13:50 1211176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 01:50 4620288] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2008-01-15 07:26 36864] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2008-01-15 07:26 410112] "nwiz"="nwiz.exe" [2004-10-30 01:50 921600 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-30 01:50 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-15 07:26 474624] "ADS TVR Agent"="C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe" [2008-01-15 07:27 1073152] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2008-01-15 07:26 210472] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-01-15 07:27 369152] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-01-15 07:27 46632] "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2008-01-15 07:27 255528] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-01-15 07:27 663552] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 14:00 78848] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ TV Remote Control.lnk - C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe [2007-10-14 11:07:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "NTSpool"= NTSpool.exe "System Patcher"= BTCPatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtutqn] awtutqn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-11-22 16:51] R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-11-22 17:08] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-09-24 20:35] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 08:34] S1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 SDdriver;SDdriver;C:\WINDOWS\System32\Drivers\sddriver.sys [2003-09-10 03:58] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-16 08:50:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0
-
bonjour j' ai chopé un virus vundo sur mon pc apparement j' ai suivi des instruction s pour m'en debarasser -