Aller au contenu

xbob

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    54

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

Tout ce qui a été posté par xbob

  1. xbob
    non,rien a faire meme si il a ete renommé.
  2. xbob
    je peu seulemen faire marcher mon ordinateur normalemen et aller sur internet avec ce mode(je fai f8 au demarage et je selectionne,mode restauration active directory(controleurs de domaine windows xp)). et combofix fais la meme chose qu avan.je l ai retelecharger avec le lien de ta nouvel reponce mais quand je clic dessue une petite fenetre grise aparai marqué a linterieure combofix.le telechargemen de la petite fenetre grise va jusqu a la fin mais apres plus rien,elle disparais et plus rien ne ce passe.j ai esseiller aussi en mode sans echec et c est la meme chose merci!
  3. xbob
    desolé mon pc etais figé sur le bureau meme a toute les redemarage mais la j ai reussi a le faire marché.j ai redemarrer en mode sans echec et j ai selectionner (restauration.....)la j ai un ordi qui fonctionne mais mon interface est a l ancienne pis j ai encore les meme probleme. pour ce que tu m a demander de faire avec hijak...,les place que tu ma demander de cocher son legeremen diferante de ce que tu m a demander de cocher,donc je n ai pas pris de chance.je te reposte un nouveau scan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:12:57, on 2008-12-26 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\ewido_micro.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatwashomepage.com/?q=http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49113cdd-8e21-43c1-9285-6399d3f77e5a} - C:\WINDOWS\system32\fizelugo.dll O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\palmOne\FireConverterBrowserHelperObject.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [services] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\services.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [liyolopaho] Rundll32.exe "C:\WINDOWS\system32\sawubiyi.dll",s O4 - HKLM\..\Run: [4353f526] rundll32.exe "C:\WINDOWS\system32\bogerijo.dll",b O4 - HKLM\..\Run: [CPM4060c6ba] Rundll32.exe "c:\windows\system32\nehozipa.dll",a O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe O4 - HKCU\..\Run: [Horloge Parlante 3000] C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms O4 - HKCU\..\Run: [services] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\services.exe O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.147.17.64/activex/AMC.cab O20 - AppInit_DLLs: c:\windows\system32\rolihema.dll C:\WINDOWS\system32\labesina.dll c:\windows\system32\nehozipa.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nehozipa.dll O22 - SharedTaskScheduler: bussebuschke - {2ecca339-c274-40e3-a582-ef4c0e917639} - C:\WINDOWS\system32\ijofmsu.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nehozipa.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) -- End of file - 10378 bytes merci et desolé pour le delais!
  4. xbob
    rien a faire,meme en mode sans echec il refuse de demarer.
  5. xbob
    au redemarage,j ai ce message d erreur RUNDLL erreu de chagementde c:\windows\system 32\yoguyutu.dll le module specifié est introuvable
  6. xbob
    je telecharge combofix a partir du lien,il s instale sur le bureau. quand je clic dessue une petite fenetre grise aparai marqué a linterieure combofix.le telechargemen de la petite fenetre grise va jusqu a la fin mais apres plus rien,elle disparais et plus rien ne ce passe. et j avais tout fermé!
  7. xbob
    A toute les foix que je ferme mon ordi j ai un ecran bleu de la mort encore et j ai encore des popup.1 message d erreur mais je l ai pas pris en note desolé,la prochaine foix sans faute. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:07, on 2008-12-19 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49113cdd-8e21-43c1-9285-6399d3f77e5a} - C:\WINDOWS\system32\fihasine.dll (file missing) O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\palmOne\FireConverterBrowserHelperObject.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [liyolopaho] Rundll32.exe "C:\WINDOWS\system32\yoguyutu.dll",s O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe O4 - HKCU\..\Run: [Horloge Parlante 3000] C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [liyolopaho] Rundll32.exe "C:\WINDOWS\system32\yoguyutu.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.147.17.64/activex/AMC.cab O20 - AppInit_DLLs: c:\windows\system32\rolihema.dll ,C:\WINDOWS\system32\wiwisoho.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) -- End of file - 9917 bytes
  8. xbob
    Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1519 Windows 5.1.2600 Service Pack 3 2008-12-18 23:13:41 mbam-log-2008-12-18 (23-13-41).txt Type de recherche: Examen rapide Eléments examinés: 62625 Temps écoulé: 16 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 6 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 9 Elément(s) de données du Registre infecté(s): 7 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 20 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\linanotu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ravebavi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\liluyazo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yoguyutu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fihasine.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\pipuduse.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49113cdd-8e21-43c1-9285-6399d3f77e5a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{49113cdd-8e21-43c1-9285-6399d3f77e5a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49113cdd-8e21-43c1-9285-6399d3f77e5a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4353f526 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4060c6ba (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\liyolopaho (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Lsass Service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ravebavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ravebavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ravebavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\liluyazo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\liluyazo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\pipuduse.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\pipuduse.dll -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\Propriétaire\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\vomurosu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\usorumov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\linanotu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\utonanil.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wemupovi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ivopumew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\liluyazo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yoguyutu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fihasine.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ravebavi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\pipuduse.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\dawuyoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fusigoka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nidawila.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rabomivo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rosovoti.dll.tmp (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\Propriétaire\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Propriétaire\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. y en avais d la bebitte!desolé hier j ai esseillé de faire un scan avec malwarebytes mais il crachais et une fenetre d erreur s affichais.quand j ai fermé mon ordi hier j ai eu l ecran bleu de la mort.je sais pas si vraiment c est comme ca qu on appel ca . merci
  9. xbob
    j ai fais 2 scans,antivir et hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:19:02, on 2008-12-17 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\WINDOWS\system32\TBLMOUSE.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\WINDOWS\system32\rundll32.exe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49113cdd-8e21-43c1-9285-6399d3f77e5a} - C:\WINDOWS\system32\rabomivo.dll O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\palmOne\FireConverterBrowserHelperObject.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe" O4 - HKLM\..\Run: [NI.GSCNS] "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [liyolopaho] Rundll32.exe "C:\WINDOWS\system32\nidawila.dll",s O4 - HKLM\..\Run: [4353f526] rundll32.exe "C:\WINDOWS\system32\powanere.dll",b O4 - HKLM\..\Run: [CPM4060c6ba] Rundll32.exe "C:\WINDOWS\system32\dawuyoha.dll",a O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe" O4 - HKCU\..\Run: [Horloge Parlante 3000] C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\lsass.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [liyolopaho] Rundll32.exe "C:\WINDOWS\system32\nidawila.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.147.17.64/activex/AMC.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\rosovoti.dll c:\windows\system32\rolihema.dll c:\windows\system32\dawuyoha.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dawuyoha.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dawuyoha.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) -- End of file - 10642 bytes Avira AntiVir Personal Report file date: 16 décembre 2008 01:41 Scanning for 1088623 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: CLIENT-A3C075D7 Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-26 03:44:32 AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-07-19 23:11:30 LUKE.DLL : 8.1.4.5 164097 Bytes 2008-07-19 23:11:30 LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-07-19 23:11:30 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 22:33:56 ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 2008-12-07 20:00:28 ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 2008-12-14 20:00:26 ANTIVIR3.VDF : 7.1.0.237 32768 Bytes 2008-12-15 20:00:52 Engineversion : 8.2.0.45 AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-15 20:00:52 AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008-12-11 20:00:40 AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-08 00:54:50 AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-06 20:02:34 AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-11 20:01:12 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008-12-11 20:00:40 AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008-12-11 20:00:38 AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-18 20:01:26 AEGEN.DLL : 8.1.1.8 323956 Bytes 2008-12-11 20:00:36 AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-15 20:00:48 AECORE.DLL : 8.1.5.2 172405 Bytes 2008-11-28 20:01:24 AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-15 20:00:46 AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-19 23:11:30 AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-07-19 23:11:30 AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 20:00:26 AVREG.DLL : 8.0.0.1 33537 Bytes 2008-07-19 23:11:30 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-15 20:13:50 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-07-19 23:11:30 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-15 20:13:50 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-07-19 23:11:30 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-15 20:13:50 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-07-19 23:11:28 RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-07-19 23:11:28 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 16 décembre 2008 01:41 Starting search for hidden objects. '53208' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'uTorrent.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Rundll32.exe' - '1' Module(s) have been scanned Scan process 'Rundll32.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'WMPNETWK.EXE' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'TBLMOUSE.EXE' - '1' Module(s) have been scanned Scan process 'PSIService.exe' - '1' Module(s) have been scanned Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'ATWTUSB.EXE' - '1' Module(s) have been scanned Scan process 'vVX3000.exe' - '1' Module(s) have been scanned Scan process 'E_FATIACA.EXE' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'SMAX4PNP.EXE' - '1' Module(s) have been scanned Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 51 processes with 51 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '70' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DONNEES> End of the scan: 16 décembre 2008 03:07 Used time: 1:26:43 Hour(s) The scan has been done completely. 11711 Scanning directories 286866 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 286865 Files not concerned 6911 Archives were scanned 1 Warnings 0 Notes 53208 Objects were scanned with rootkit scan 0 Hidden objects were found MERCI!!!!
  10. xbob
    je suis infecté,j ai des fenetre qui ouvre seul et je n ai plus acces a mes couriels.svp aidé moi....merci!
  11. xbob

    (resolu)clé usb

    xbob a posté un sujet dans Hardware

    bonjour,j ai une clé usb de (2 go) qui affiche (espace utilisé 1,60 go)et(espace libre 351 mo) mais quand j ouvre son contenu elle est vide donc je ne suis pas capable de rien supprimer.
  12. xbob
    désolé!je connais pas assez l univer des hakers.je pencais que c etais gros .j espere que mon ordi fais pas partis de son armée
  13. xbob
    et si c est pas des coneries?ca va en faire un de moin!
  14. xbob
    il y a un gas sur le msn a mon neveu qui dit qui c est monté une armé d ordinateurs zombie,il dit qui en a 220.j aimerai avoir un lien ou je pourrai aller le denoncer(québec). merci!
  15. xbob
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:41, on 2008-05-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\palmOne\FireConverterBrowserHelperObject.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 8324 bytes Avira AntiVir Personal Report file date: 22 mai 2008 21:43 Scanning for 1283461 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: CLIENT-A3C075D7 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-15 19:13:50 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-15 19:13:50 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-15 19:13:50 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-15 19:13:50 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:03:48 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:06:26 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 19:06:50 ANTIVIR3.VDF : 7.0.4.79 119296 Bytes 2008-05-22 19:00:40 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-15 19:13:50 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-15 21:19:44 AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-15 21:19:44 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-25 19:02:10 AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-15 21:19:44 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-18 19:06:40 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-15 21:19:42 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-18 19:06:36 AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-15 21:19:40 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-07 19:00:54 AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-15 21:19:40 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-15 19:13:50 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-15 19:13:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-22 06:56:26 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-15 19:13:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-15 19:13:50 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-15 19:13:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-15 19:13:50 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-15 19:13:50 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-15 19:13:50 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-15 19:13:48 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-15 19:13:50 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 22 mai 2008 21:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'HijackThis.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'utorrent.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'WMPNETWK.EXE' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'TBLMOUSE.EXE' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'atwtusb.exe' - '1' Module(s) have been scanned Scan process 'vVX3000.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'E_FATIACA.EXE' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'SMAX4PNP.EXE' - '1' Module(s) have been scanned Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 48 processes with 48 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '27' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DONNEES> End of the scan: 22 mai 2008 22:05 Used time: 22:15 min The scan has been done completely. 9264 Scanning directories 162757 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 162757 Files not concerned 2050 Archives were scanned 1 Warnings 0 Notes merci mon ordi va #1
  16. xbob
    ComboFix 08-05-20.4 - Propriétaire 2008-05-22 10:31:31.3 - FAT32x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.360 [GMT -4:00] Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\bfbljbfc.ini C:\WINDOWS\system32\cfbjlbfb.dll C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\bfbljbfc.ini C:\WINDOWS\system32\cfbjlbfb.dll C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))))))) . 2008-05-20 23:25 . 2008-05-20 23:25 <REP> d--hs---- C:\FOUND.004 2008-05-20 19:54 . 2008-05-20 19:54 0 --a------ C:\WINDOWS\Irremote.ini 2008-05-20 19:36 . 2008-05-20 19:36 <REP> d-------- C:\Documents and Settings\propriã©taire 2008-05-20 19:35 . 2008-05-20 19:35 <REP> d-------- C:\Documents and Settings\propri??taire 2008-05-20 17:22 . 2008-05-20 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-05-19 23:01 . 2008-05-19 23:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Nero 2008-05-19 22:49 . 2008-05-19 22:49 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-05-18 09:59 . 2008-05-18 09:59 <REP> d-------- C:\Program Files\Atlantis3D 2008-05-18 00:48 . 2008-05-18 00:48 <REP> d-------- C:\Program Files\DVDFab 5 2008-05-16 16:52 . 2008-05-16 17:34 2,496 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-16 12:10 . 2008-05-16 12:10 <REP> d--hs---- C:\FOUND.003 2008-05-14 23:05 . 2008-05-14 23:05 <REP> d-------- C:\Program Files\Navilog1 2008-05-14 17:04 . 2008-05-14 17:04 <REP> d--hs---- C:\FOUND.002 2008-05-14 02:25 . 2008-05-14 02:25 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons 2008-05-11 23:39 . 2008-05-11 23:39 244 --ah----- C:\sqmnoopt12.sqm 2008-05-11 23:39 . 2008-05-11 23:39 232 --ah----- C:\sqmdata12.sqm 2008-05-11 20:26 . 2008-05-11 20:26 244 --ah----- C:\sqmnoopt11.sqm 2008-05-11 20:26 . 2008-05-11 20:26 232 --ah----- C:\sqmdata11.sqm 2008-05-11 09:53 . 2008-05-11 09:53 244 --ah----- C:\sqmnoopt10.sqm 2008-05-11 09:53 . 2008-05-11 09:53 232 --ah----- C:\sqmdata10.sqm 2008-05-11 09:40 . 2008-05-11 09:40 244 --ah----- C:\sqmnoopt09.sqm 2008-05-11 09:40 . 2008-05-11 09:40 232 --ah----- C:\sqmdata09.sqm 2008-05-10 23:46 . 2008-05-10 23:46 244 --ah----- C:\sqmnoopt08.sqm 2008-05-10 23:46 . 2008-05-10 23:46 232 --ah----- C:\sqmdata08.sqm 2008-05-10 19:18 . 2008-05-10 19:18 244 --ah----- C:\sqmnoopt07.sqm 2008-05-10 19:18 . 2008-05-10 19:18 232 --ah----- C:\sqmdata07.sqm 2008-05-10 14:44 . 2008-05-10 14:44 244 --ah----- C:\sqmnoopt06.sqm 2008-05-10 14:44 . 2008-05-10 14:44 232 --ah----- C:\sqmdata06.sqm 2008-05-10 02:48 . 2008-05-10 02:48 244 --ah----- C:\sqmnoopt05.sqm 2008-05-10 02:48 . 2008-05-10 02:48 232 --ah----- C:\sqmdata05.sqm 2008-05-09 18:10 . 2008-05-09 18:10 244 --ah----- C:\sqmnoopt04.sqm 2008-05-09 18:10 . 2008-05-09 18:10 232 --ah----- C:\sqmdata04.sqm 2008-05-04 23:41 . 2005-09-21 18:08 290,816 --a------ C:\WINDOWS\system32\ATWTUSB.EXE 2008-05-04 12:56 . 2008-05-04 12:56 <REP> d-------- C:\Program Files\Toon Boom Animation 2008-05-04 10:29 . 2008-05-04 10:29 <REP> d-------- C:\Program Files\VSO 2008-05-04 10:29 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-05-04 10:29 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-05-04 10:29 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-05-04 10:29 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-05-04 01:02 . 2008-05-04 01:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0 2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails 2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails 2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4 2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4 2008-05-04 00:42 . 2008-05-04 00:42 16,865,248 --a------ C:\Program Files\gimp-2.4.4-i686-setup.exe 2008-05-01 20:31 . 2008-05-01 20:31 <REP> d--hs---- C:\FOUND.001 2008-04-29 18:16 . 2008-04-29 18:16 <REP> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 04:49 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys 2008-05-18 04:49 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys 2008-04-09 23:55 --------- d-----w C:\Program Files\Bonjour 2008-04-09 23:54 --------- d-----w C:\Program Files\QuickTime 2008-04-08 01:36 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-04-08 01:35 --------- d-----w C:\Program Files\Windows Live 2008-04-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-24 06:10 1,800,920 ----a-w C:\Program Files\Paint.NET.3.20.SkyOrb.exe 2007-12-24 05:54 9,439,584 ----a-w C:\Program Files\tuxpaint-0.9.18-win32-installer.exe 2007-11-13 05:10 927,779 ----a-w C:\Program Files\SetupXnBeep.exe 2007-10-16 17:35 87,608 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe 2007-09-09 21:09 1,959,112 ----a-w C:\Program Files\FLVPlayerSetup.exe 2007-09-09 20:45 883,808 ----a-w C:\Program Files\Google_Updater.exe 2007-09-08 22:50 43,423,968 ----a-w C:\Program Files\PalmDesktopWin414e.zip 2007-09-07 00:18 6,801,128 ----a-w C:\Program Files\wmcsetup.exe 2007-09-06 23:22 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe 2007-09-04 14:28 26,730,808 ----a-w C:\Program Files\musicmatch-jukebox_musicmatch_jukebox_10.0.4033_anglais_10317.exe 2007-09-02 17:31 17,733,474 ----a-w C:\Program Files\RCALyraTrayAppInstall_v1035a.exe 2007-08-22 13:53 2,624,373 ----a-w C:\Program Files\XnView-win-fr.exe 2007-08-22 13:36 7,494 ----a-w C:\Program Files\Image_Converter_Plus_[demo]_v4.00_by_TNT.zip 2007-08-22 13:21 5,053,286 ----a-w C:\Program Files\converter.exe 2007-05-13 19:22 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2007-04-10 00:22 696,814 ----a-w C:\Program Files\uTorrent-1.6.1-install.exe 2007-03-20 00:44 10,420,936 ----a-w C:\Program Files\xlviewer.exe 2007-03-05 05:15 1,367,553 ----a-w C:\Program Files\mirc621.exe 2007-02-25 01:23 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-02-22 08:17 7,564,315 ----a-w C:\Program Files\ezcddax10.exe 2007-02-22 08:03 6,710,040 ----a-w C:\Program Files\smart-audio-converter-pro-setup.exe 2007-01-25 21:58 17,741,094 ----a-w C:\Program Files\VideoConvertMaster_Fr.exe 2007-01-20 15:17 27,100,264 ----a-w C:\Program Files\PowerPointViewer.exe 2007-01-19 19:44 5,646,848 ----a-w C:\Program Files\PC Camer@.msi 2007-01-19 19:44 31,232 ----a-w C:\Program Files\1036.MST 2007-01-19 19:43 5,481 ----a-w C:\Program Files\0x040c.ini 2007-03-30 01:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-30 01:40 56 --sh--r C:\WINDOWS\system32\D270FADD90.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-20_22.07.19.84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-21 01:55:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-22 14:30:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-24 18:27 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-24 18:27 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-24 18:27 114688] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-24 18:44 1404928] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 15:13 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584] "EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 22:00 98304] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:54 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk] path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 04:54 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor] --------- 2004-05-05 10:54 262210 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp] --a------ 2004-03-31 10:01 286720 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02] S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01] S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11] S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-22 14:33:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-05-22 14:13:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-05-19 21:42:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 10:33:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-22 10:33:58 ComboFix-quarantined-files.txt 2008-05-22 14:33:56 ComboFix2.txt 2008-05-21 02:07:30 Pre-Run: 36,114,169,856 octets libres Post-Run: 36,104,273,920 octets libres 253 --- E O F --- 2008-05-21 06:28:52
  17. xbob
    ComboFix 08-05-20.4 - Propriétaire 2008-05-20 22:05:03.2 - FAT32x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.361 [GMT -4:00] Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Propriétaire\Application Data\inst.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\bfbljbfc.ini C:\WINDOWS\system32\eimyfpei.ini C:\WINDOWS\system32\geBuSkHW.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlJAsRHX.dll C:\WINDOWS\system32\ourmppqb.ini C:\WINDOWS\system32\rqRKcyAT.dll C:\WINDOWS\system32\shlqcyih.ini C:\WINDOWS\system32\WHkSuBeg.ini C:\WINDOWS\system32\WHkSuBeg.ini2 C:\WINDOWS\system32\ykiqtccr.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))))))) . 2008-05-20 21:22 . 2008-05-20 21:22 294 ---hs---- C:\WINDOWS\system32\bfbljbfc.ini 2008-05-20 19:54 . 2008-05-20 19:54 0 --a------ C:\WINDOWS\Irremote.ini 2008-05-20 19:36 . 2008-05-20 19:36 <REP> d-------- C:\Documents and Settings\propriã©taire 2008-05-20 19:35 . 2008-05-20 19:35 <REP> d-------- C:\Documents and Settings\propri??taire 2008-05-20 17:22 . 2008-05-20 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-05-20 16:46 . 2008-05-20 16:46 91,328 --a------ C:\WINDOWS\system32\cfbjlbfb.dll 2008-05-19 23:01 . 2008-05-19 23:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Nero 2008-05-19 22:49 . 2008-05-19 22:49 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-05-18 09:59 . 2008-05-18 09:59 <REP> d-------- C:\Program Files\Atlantis3D 2008-05-18 00:48 . 2008-05-18 00:48 <REP> d-------- C:\Program Files\DVDFab 5 2008-05-16 16:52 . 2008-05-16 17:34 2,496 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-16 16:51 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-16 16:51 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-16 16:51 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-16 16:51 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-16 16:51 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-16 16:51 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-16 16:51 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-16 12:23 . 2008-05-16 12:24 <REP> d-------- C:\VundoFix Backups 2008-05-16 12:10 . 2008-05-16 12:10 <REP> d--hs---- C:\FOUND.003 2008-05-14 23:05 . 2008-05-14 23:05 <REP> d-------- C:\Program Files\Navilog1 2008-05-14 17:04 . 2008-05-14 17:04 <REP> d--hs---- C:\FOUND.002 2008-05-14 02:25 . 2008-05-14 02:25 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons 2008-05-11 23:39 . 2008-05-11 23:39 244 --ah----- C:\sqmnoopt12.sqm 2008-05-11 23:39 . 2008-05-11 23:39 232 --ah----- C:\sqmdata12.sqm 2008-05-11 20:26 . 2008-05-11 20:26 244 --ah----- C:\sqmnoopt11.sqm 2008-05-11 20:26 . 2008-05-11 20:26 232 --ah----- C:\sqmdata11.sqm 2008-05-11 09:53 . 2008-05-11 09:53 244 --ah----- C:\sqmnoopt10.sqm 2008-05-11 09:53 . 2008-05-11 09:53 232 --ah----- C:\sqmdata10.sqm 2008-05-11 09:40 . 2008-05-11 09:40 244 --ah----- C:\sqmnoopt09.sqm 2008-05-11 09:40 . 2008-05-11 09:40 232 --ah----- C:\sqmdata09.sqm 2008-05-10 23:46 . 2008-05-10 23:46 244 --ah----- C:\sqmnoopt08.sqm 2008-05-10 23:46 . 2008-05-10 23:46 232 --ah----- C:\sqmdata08.sqm 2008-05-10 19:18 . 2008-05-10 19:18 244 --ah----- C:\sqmnoopt07.sqm 2008-05-10 19:18 . 2008-05-10 19:18 232 --ah----- C:\sqmdata07.sqm 2008-05-10 14:44 . 2008-05-10 14:44 244 --ah----- C:\sqmnoopt06.sqm 2008-05-10 14:44 . 2008-05-10 14:44 232 --ah----- C:\sqmdata06.sqm 2008-05-10 02:48 . 2008-05-10 02:48 244 --ah----- C:\sqmnoopt05.sqm 2008-05-10 02:48 . 2008-05-10 02:48 232 --ah----- C:\sqmdata05.sqm 2008-05-09 18:10 . 2008-05-09 18:10 244 --ah----- C:\sqmnoopt04.sqm 2008-05-09 18:10 . 2008-05-09 18:10 232 --ah----- C:\sqmdata04.sqm 2008-05-04 23:41 . 2005-09-21 18:08 290,816 --a------ C:\WINDOWS\system32\ATWTUSB.EXE 2008-05-04 12:56 . 2008-05-04 12:56 <REP> d-------- C:\Program Files\Toon Boom Animation 2008-05-04 10:29 . 2008-05-04 10:29 <REP> d-------- C:\Program Files\VSO 2008-05-04 10:29 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-05-04 10:29 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-05-04 10:29 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-05-04 10:29 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-05-04 01:02 . 2008-05-04 01:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0 2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails 2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails 2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4 2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4 2008-05-04 00:42 . 2008-05-04 00:42 16,865,248 --a------ C:\Program Files\gimp-2.4.4-i686-setup.exe 2008-05-01 20:31 . 2008-05-01 20:31 <REP> d--hs---- C:\FOUND.001 2008-04-29 18:16 . 2008-04-29 18:16 <REP> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 04:49 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys 2008-05-18 04:49 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys 2008-04-09 23:55 --------- d-----w C:\Program Files\Bonjour 2008-04-09 23:54 --------- d-----w C:\Program Files\QuickTime 2008-04-08 01:36 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-04-08 01:35 --------- d-----w C:\Program Files\Windows Live 2008-04-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-24 06:10 1,800,920 ----a-w C:\Program Files\Paint.NET.3.20.SkyOrb.exe 2007-12-24 05:54 9,439,584 ----a-w C:\Program Files\tuxpaint-0.9.18-win32-installer.exe 2007-11-13 05:10 927,779 ----a-w C:\Program Files\SetupXnBeep.exe 2007-10-16 17:35 87,608 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe 2007-09-09 21:09 1,959,112 ----a-w C:\Program Files\FLVPlayerSetup.exe 2007-09-09 20:45 883,808 ----a-w C:\Program Files\Google_Updater.exe 2007-09-08 22:50 43,423,968 ----a-w C:\Program Files\PalmDesktopWin414e.zip 2007-09-07 00:18 6,801,128 ----a-w C:\Program Files\wmcsetup.exe 2007-09-06 23:22 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe 2007-09-04 14:28 26,730,808 ----a-w C:\Program Files\musicmatch-jukebox_musicmatch_jukebox_10.0.4033_anglais_10317.exe 2007-09-02 17:31 17,733,474 ----a-w C:\Program Files\RCALyraTrayAppInstall_v1035a.exe 2007-08-22 13:53 2,624,373 ----a-w C:\Program Files\XnView-win-fr.exe 2007-08-22 13:36 7,494 ----a-w C:\Program Files\Image_Converter_Plus_[demo]_v4.00_by_TNT.zip 2007-08-22 13:21 5,053,286 ----a-w C:\Program Files\converter.exe 2007-05-13 19:22 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2007-04-10 00:22 696,814 ----a-w C:\Program Files\uTorrent-1.6.1-install.exe 2007-03-20 00:44 10,420,936 ----a-w C:\Program Files\xlviewer.exe 2007-03-05 05:15 1,367,553 ----a-w C:\Program Files\mirc621.exe 2007-02-25 01:23 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-02-22 08:17 7,564,315 ----a-w C:\Program Files\ezcddax10.exe 2007-02-22 08:03 6,710,040 ----a-w C:\Program Files\smart-audio-converter-pro-setup.exe 2007-01-25 21:58 17,741,094 ----a-w C:\Program Files\VideoConvertMaster_Fr.exe 2007-01-20 15:17 27,100,264 ----a-w C:\Program Files\PowerPointViewer.exe 2007-01-19 19:44 5,646,848 ----a-w C:\Program Files\PC Camer@.msi 2007-01-19 19:44 31,232 ----a-w C:\Program Files\1036.MST 2007-01-19 19:43 5,481 ----a-w C:\Program Files\0x040c.ini 2007-03-30 01:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-30 01:40 56 --sh--r C:\WINDOWS\system32\D270FADD90.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-24 18:27 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-24 18:27 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-24 18:27 114688] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-24 18:44 1404928] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 15:13 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584] "EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 22:00 98304] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE] "4353f526"="C:\WINDOWS\system32\cfbjlbfb.dll" [2008-05-20 16:46 91328] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:54 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk] path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 04:54 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor] --------- 2004-05-05 10:54 262210 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp] --a------ 2004-03-31 10:01 286720 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02] S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01] S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11] S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4822d6f1-3f41-11da-aa43-806d6172696f}] \Shell\AutoRun\command - E:\UIU.EXE . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-21 01:58:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-05-21 01:13:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-05-19 21:42:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 22:07:05 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-20 22:07:29 ComboFix-quarantined-files.txt 2008-05-21 02:07:28 Pre-Run: 36,255,137,792 octets libres Post-Run: 36,243,931,136 octets libres 252 --- E O F --- 2008-05-21 01:25:38
  18. xbob
    Merci le bouclier a disparue!mais j ai un brobleme j avais downloadé combofix a partir de ton lien sur mon bureau,je l es demaré plusieur foix mais il restais figé sur son ecran bleu de départ,rien n apparaissais.je l ai suprimé et ensuite downloadé apartir directement de bleeping computer.com mais toujours rien ne veut démaré.
  19. xbob
    encore quelques problemes!a chaque ouverture de mon ordi il y a un bouclier rouge dans le bas de l ecran a droit qui dit que mes mise a jour automatique de mon ordi ne sont pas activé.meme si je vais changer le mode de mise a jour dans panneau de configuration ca ne change rien,a chaque ouverture il y a toujours le bouclier qui apparait.j ai aussi un probleme de pop pup,a chaque jour mon scan ewido en trouve au moin 10.
  20. xbob
    MERCI angelique
  21. xbob
    Avira AntiVir Personal Report file date: 17 mai 2008 10:21 Scanning for 1276115 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: CLIENT-A3C075D7 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-15 19:13:50 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-15 19:13:50 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-15 19:13:50 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-15 19:13:50 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:03:48 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:06:26 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 2008-05-05 19:03:18 ANTIVIR3.VDF : 7.0.4.52 329728 Bytes 2008-05-16 20:38:06 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-15 19:13:50 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-15 21:19:44 AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-15 21:19:44 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-25 19:02:10 AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-15 21:19:44 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-18 19:06:40 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-15 21:19:42 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-18 19:06:36 AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-15 21:19:40 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-07 19:00:54 AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-15 21:19:40 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-15 19:13:50 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-15 19:13:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-22 06:56:26 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-15 19:13:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-15 19:13:50 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-15 19:13:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-15 19:13:50 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-15 19:13:50 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-15 19:13:50 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-15 19:13:48 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-15 19:13:50 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 17 mai 2008 10:21 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'vVX3000.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'E_FATIACA.EXE' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'SMAX4PNP.EXE' - '1' Module(s) have been scanned Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'WMPNETWK.EXE' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '26' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DONNEES> End of the scan: 17 mai 2008 10:42 Used time: 21:21 min The scan has been done completely. 9243 Scanning directories 153904 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 153904 Files not concerned 1752 Archives were scanned 1 Warnings 0 Notes Merci
  22. xbob
    voici les resultats SmitFraudFix v2.320 Rapport fait à 17:34:09,73, 2008-05-16 Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri C:\WINDOWS\pvnsmfor.dll deleted. C:\WINDOWS\mpfanvqg.dll deleted. C:\WINDOWS\vbksrofa.dll deleted. »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\PROPRI~1\BUREAU\Error Cleaner.url supprimé C:\DOCUME~1\PROPRI~1\BUREAU\Privacy Protector.url supprimé C:\DOCUME~1\PROPRI~1\BUREAU\Spyware?Malware Protection.url supprimé C:\DOCUME~1\PROPRI~1\FAVORIS\Error Cleaner.url supprimé C:\DOCUME~1\PROPRI~1\FAVORIS\Privacy Protector.url supprimé C:\DOCUME~1\PROPRI~1\FAVORIS\Spyware?Malware Protection.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AB3F021-517E-435F-8C57-BEB60816C160}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AB3F021-517E-435F-8C57-BEB60816C160}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{5AB3F021-517E-435F-8C57-BEB60816C160}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin OTMoveIt2 DllUnregisterServer procedure not found in C:\WINDOWS\system32\bqppmruo.dll C:\WINDOWS\system32\bqppmruo.dll NOT unregistered. C:\WINDOWS\system32\bqppmruo.dll moved successfully. File/Folder Empty Temp not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05162008_180841 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25:11, on 2008-05-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: mpfanvqg - {0782D728-8461-4447-ABB9-3E8277587F3B} - C:\WINDOWS\mpfanvqg.dll (file missing) O21 - SSODL: vbksrofa - {2333A71E-D153-438D-A944-25AE4545FA87} - C:\WINDOWS\vbksrofa.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- End of file - 6694 bytes J AI TOUT SELECTIONÉ merci !
  23. xbob
    vundofix dit qu il n y a aucun fichier infecté,donc pas de bloc notes.voici le bloc notes hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:23, on 2008-05-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\vVX3000.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\atwtusb.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\VundoFix.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: pvnsmfor - {89175504-FC6D-43A2-BB07-E3247659C95A} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [My App] a O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [4353f526] rundll32.exe "C:\WINDOWS\system32\bqppmruo.dll",b O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: mpfanvqg - {0782D728-8461-4447-ABB9-3E8277587F3B} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {2333A71E-D153-438D-A944-25AE4545FA87} - C:\WINDOWS\vbksrofa.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 8256 bytes merci! :P
  24. xbob
    bonjours,depuis 2 jours je suis infecté.j ai tout esseillé mais sa na rien changé.j aimerai que quelqu un m aide s.v.p .voici mon rapport navilog Search Navipromo version 3.5.7 commencé le 2008-05-16 à 5:29:15,39 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Propriétaire" Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : FAT32 Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menud+~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" : quxhozr_navfx.dat trouvé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\WHkSuBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 2008-05-16 à 5:30:59,98 ***
  25. xbob
    Merci !
×
×
  • Créer...