Aller au contenu

yoda93

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    64

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par yoda93

  1. yoda93
    Oui comme tu dis. Mais là franchement t'es un CHEF car la commande éxécuter fonctionne à merveille et tout est redevenu normal, enfin sauf les raccourcis clavier lol. Ca me marque : "Aucun programme n'est associé pour éxécuter cette action. Créez une association en utilisant l'application Option des dossiers dans le Panneau de Configuration" Merci Falkra. Que souhaites tu que je fasse à nouveau ?
  2. yoda93
    Concernant la suppression de SVchost.exe, franchement je ne peux te dire et en plus suis passé sous Antivir maintenant. Je viens de faire une recherche et il m'est trouvé cela : Svchost C:\Windows\System32 14ko svchost C:\Windows\ServicePackFiles\i386 14ko SMSvcHost C:\Windows\Microsoft.net\Framework\v3.0\Windows Communication Foundation 120ko SMSvcHost.exe.config C:\même chemin que ci-dessus 2ko A l'écran effectivement tout est normal, les icones, la résolution, la tailles des icones, la barre de tache... Je viens de télécharger le fichier .reg Effectivement, le double clic sur les dossiers remarche, mais... au lieu de m'ouvrir le dossier sur lequel je viens de cliquer, il m'ouvre la commande de recherche de fichiers.
  3. yoda93
    Oui toujours pas de raccourcis clavier comme avant de type Win+E, impossibilité d'accéder à mes dossiers sur le bureau par double clic et impossible également d'accéder au bureau en faisant démarrer, panneau de config. Je passe, pour toutes ces choses, par la commande éxécuter pour y accéder. La restauration système est revenue à compter du 12/06, ça c'est déjà une bonne chose. Pour le démarrage en mode sans échec je n'ai pas regardé car tu m'as dit que l'on verrai cela plus tard.
  4. yoda93
    Voici le rapport Malware : Malwarebytes' Anti-Malware 1.17 Version de la base de données: 850 00:03:51 13/06/2008 mbam-log-6-13-2008 (00-03-51).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 132440 Temps écoulé: 47 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully. Concernant les MAJ d'ANTIVIR, aucun soucis de ce côté là.
  5. yoda93
    Voilà c'est fait pour cette ligne 023. HijackThis m'a demandé de redémarrer le PC, j'ai ensuite refait un scan pour voir si les 2 lignes que tu m'avais demandé d'éffacer n'étaient plus là et c'est ok. Que fait-on maintenant ou que souhaites tu savoir sur le fonctionnement de mon tracteur ?
  6. yoda93
    Ce dossier n'est pas vide. Et apres recherche, je ne trouve pas le fichier ...\lpt9.exe bien que les fichiers et dossiers cachés soient ouverts. Voilà ce que j'ai dans le dossier C:\Program Files\Fichiers communs\System\ : Dossier System : Sous dossiers Ado ; Msadc ; MSMAPI ; Ole DB puis fichiers directdb.dll ; wab32.dll et wab32res.dll Dossier Ado : 1.48 Mo de données Dossier Msdac : 1.15 Mo de données Sous dossier MSMAPI continent sous dossier 1036 avec fichiers CNFNOT32 ; SCANOST ; SCANPST en autre et 6.42 MO de données Sous dossier Ole DB contient sous dossier Ressources qui lui-même contient Ces 2 dossiers 1033 et 1036 ce qui fait 9.37 Mo de données. Je ne sais pas si cela est très clair mais je n'ai pas osé virer O23 - Service: SrvQxa - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing) sans un nouvel accord de ta part. Au fait si je le vire c'est avec HijackThis ? Par contre, je pensais à une chose là. Tous les rapports que je t'ai fait jusqu'à présents n'ont pas été faits avec l'ouverture des fichiers et dossiers cachés. Il aurait peut-être fallu que je le fasse ? Si oui, je te reposterai les rapports HijackThis, ANTIVIR,Combofix et Gmer.
  7. yoda93
    Voilà, rapport Gmer effectué GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-06-12 17:51:51 Windows 5.1.2600 Service Pack 3 ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 10: copy of MBR ---- EOF - GMER 1.0.14 ---- T'ai refais un rapport HijackThis pour confirmer le retrait du fichier que tu m'avais demandé. Si jamais tu vois d'autres trucs de ce genre, n'hésites pas à me les faire virer Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:00, on 12/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\a square\a-squared free\a2service.exe C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\NSLIHWYN\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [fenaffiche] "C:\Program Files\FenAffiche\Fenpowernet.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quick time\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205858377087 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer = 194.117.200.10,194.117.200.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer = 194.117.200.10,194.117.200.15 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a square\a-squared free\a2service.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SrvQxa - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing) -- End of file - 9620 bytes J'attends donc de nouvelles instructions de ta part
  8. yoda93
    Oki pour tout et merci. Tu veux que je vire smitfraud fix ou pas de mon pc ou tout autre prog qui te parait inutile ? Voici le rapport HijackThis demandé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:38:24, on 12/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\a square\a-squared free\a2service.exe C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\NSLIHWYN\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [fenaffiche] "C:\Program Files\FenAffiche\Fenpowernet.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quick time\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205858377087 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1120132856000.kit.sexequalite.com/1...bertix_Sexe.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer = 194.117.200.10,194.117.200.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer = 194.117.200.10,194.117.200.15 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a square\a-squared free\a2service.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SrvQxa - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing) -- End of file - 9746 bytes Voili voilou. Euuuuuuh en regardant le rapport j'ai vue cette chose là en particulier : O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1120132856000.kit.sexequalite.com/1...bertix_Sexe.exe Qu'est ce que c'est donc ? Merci pour la suite que tu donneras à ce nouveau rapport.
  9. yoda93
    Merci pour les manip Falkra. Concernant la cause je m'en doutais . Mais le comble c'est que j'ai chopé beagle en téléchargeant une fiche cuisine pour madame. J'aurais peut-être mieux fait de suivre les conseils publicitaires et télécharger 5 fruits et légumes pour que mon PC soit en bonne santé. En ce qui concerne smitfraudfix, je l'avais téléchargé un jour car j'avais eu un dérangement de bureau avec des fenetres intempestives relatives à des demandes d'achat ou scan d'antivirus suite à une pseudo infection virale. Après le passage de ce logiciel plus aucun soucis. Faut-il d'ailleurs que je le supprime de mon DD tout comme Navilog1 d'ailleurs ? Pour ce qui est de la première installation de l'OS, il me semble effectivement que le PC a été acheté neuf en 2004. J'ai regardé si les icones bureau étaient redevenues actives au cas où. Eh bien non. Et en ce qui concerne les raccourcis clavier de type WIN+E, toujours inactifs tout comme comme pour aller directement au panneau de config via démarrer, panneau de config. Maintenant revenons à nos moutons J'ai suivies tes instructions et voici le rapport Combofix : ComboFix 08-06-10.5 - Yoda 2008-06-12 11:05:33.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.412 [GMT 2:00] Endroit: C:\Documents and Settings\Yoda\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Yoda\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\amstreams.dll C:\WINDOWS\system32\drivers\zithxzoi.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dfrguih.dll C:\WINDOWS\system32\drivers\zithxzoi.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ZITHXZOI -------\Service_zithxzoi ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))))))) . 2008-06-11 22:07 . 2008-06-11 22:07 <REP> d-------- C:\Program Files\Avira 2008-06-11 22:05 . 2008-06-11 22:06 <REP> d-------- C:\Program Files\ANTIVIR antivirus setup 2008-06-11 09:30 . 2008-04-14 17:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 09:30 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-10 16:12 . 2008-06-10 16:12 <REP> d-------- C:\WINDOWS\AU_Temp 2008-06-10 16:12 . 2008-06-10 16:12 34,649,137 --a------ C:\WINDOWS\VPTNFILE.335 2008-06-10 16:12 . 2008-06-10 16:12 34,649,137 --a------ C:\WINDOWS\LPT$VPN.335 2008-06-06 16:58 . 2008-06-06 16:58 11,453,333 --a------ C:\upload_moi_SY4PPNP19.tar.gz 2008-06-06 16:54 . 2008-06-12 08:02 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2008-06-06 15:20 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp 2008-06-05 22:26 . 2008-04-14 04:34 1,037,824 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe 2008-06-05 22:26 . 2008-04-14 04:34 1,037,824 --a------ C:\WINDOWS\explorer.exe 2008-06-05 20:00 . 2008-06-06 13:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-05 20:00 . 2008-06-05 20:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm 2008-05-30 21:55 . 2008-05-30 21:55 <REP> d-------- C:\fsaua.data 2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-13 17:05 . 2008-05-13 17:21 <REP> d-------- C:\pilotes VIA 2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\system32\fr 2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\system32\bits 2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\l2schemas 2008-05-13 16:39 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-05-13 16:22 . 2008-06-06 15:12 <REP> d-------- C:\WINDOWS\EHome 2008-05-13 15:56 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-11 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-06-10 19:46 --------- d-----w C:\Program Files\DEFENSE PC 2008-06-10 19:33 --------- d-----w C:\Program Files\Navilog1 2008-06-10 19:03 --------- d-----w C:\Program Files\EASY CLEANER 2008-06-10 14:12 91,744 ----a-w C:\WINDOWS\BPMNT.dll 2008-06-10 14:12 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll 2008-06-09 17:27 --------- d-----w C:\Program Files\Ahead 2008-06-09 16:12 --------- d-----w C:\Program Files\DivX 2008-06-05 22:05 71,749 ----a-w C:\WINDOWS\hcextoutput.dll 2008-06-05 22:05 333,576 ----a-w C:\WINDOWS\tsc.exe 2008-06-05 22:02 --------- d-----w C:\Program Files\Winamp 2008-05-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania 2008-05-20 06:02 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-13 15:20 --------- d-----w C:\Documents and Settings\yoda\Application Data\ma-config.com 2008-05-13 15:18 --------- d-----w C:\Program Files\VIA 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-03 12:03 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\netucgxr 2008-04-23 11:51 --------- d-----w C:\Documents and Settings\yoda\Application Data\dvdcss 2008-04-22 17:23 20,608 ----a-w C:\WINDOWS\system32\drivers\reppbkyd.dat 2008-04-20 07:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-19 09:09 --------- d-----w C:\Program Files\Radio Fr Solo 2008-04-19 08:56 --------- d-----w C:\Program Files\quick time 2008-04-18 16:40 --------- d-----w C:\Program Files\Fichiers communs\Mozilla Shared 2008-04-18 16:40 --------- d-----w C:\Documents and Settings\yoda\Application Data\netucgxr 2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2007-12-30 12:09 8 --sha-r C:\WINDOWS\system32\567574EF83.sys 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-12-30 12:09 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\documents and settings\yoda\application data\M ---- C:\documents and settings\yoda\application data\M\ ((((((((((((((((((((((((((((( snapshot@2008-06-12_ 8.02.20.89 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-12 05:48:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-12 09:10:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-21 17:39 114688] "fenaffiche"="C:\Program Files\FenAffiche\Fenpowernet.exe" [2004-07-23 10:43 49152] "VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe] "QuickTime Task"="C:\program files\quick time\qttask.exe" [2008-02-01 00:13 385024] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "VIDC.MJPG"= pvmjpg21.dll "VIDC.PVW2"= pvwv220.dll "VIDC.PIMJ"= pvljpg20.dll "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "vidc.VP40"= vp4vfw.dll "VIDC.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2005-11-15 21:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-03 10:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\program files\quick time\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Temp\\CI_HITACHI\\MAJ_Hitachi.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\bitcomet\\BitComet.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\JEU\\SteamApps\\xxx8575\\counter-strike source\\hl2.exe"= "E:\\JEU\\SteamApps\\xxx8575\\day of defeat\\hl.exe"= "E:\\JEU\\SteamApps\\xxx8575\\counter-strike\\hl.exe"= "E:\\JEU\\SteamApps\\xxx8575\\condition zero\\hl.exe"= "E:\\JEU\\SteamApps\\xxx8575\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\HLSW\\hlsw.exe"= "C:\\Program Files\\e-mule\\eMule\\emule.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "E:\\Jeu Trackmania\\trackmania nation\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "E:\\trackmania forever\\TmNationsForever\\TmForever.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4672:UDP"= 4672:UDP:kad_reseau "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5900:TCP"= 5900:TCP:assistance msn "3389:UDP"= 3389:UDP:assistance à distance "6346:TCP"= 6346:TCP:shareaza "6346:UDP"= 6346:UDP:shareaza "4662:TCP"= 4662:TCP:lphant "21:UDP"= 21:UDP:club "4672:TCP"= 4672:TCP:mulot "23430:TCP"= 23430:TCP:BitComet 23430 TCP "23430:UDP"= 23430:UDP:BitComet 23430 UDP "3728:TCP"= 3728:TCP:tribalweb "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "24192:TCP"= 24192:TCP:BitComet 24192 TCP "24192:UDP"= 24192:UDP:BitComet 24192 UDP "13941:TCP"= 13941:TCP:BitComet 13941 TCP "13941:UDP"= 13941:UDP:BitComet 13941 UDP "26228:TCP"= 26228:TCP:@xpsp2res.dll,-22009 "25204:TCP"= 25204:TCP:@xpsp2res.dll,-22009 R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 17:39] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49] R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 17:39] R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 12:44] S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [] S2 SrvQxa;SrvQxa;"\\?\C:\Program Files\Fichiers communs\System\lpt9.exe" [] S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys [2004-04-28 11:30] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12] S3 SPAInfoDrv;SPAInfoDrv;C:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys [] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 20:56] S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 13:28] S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys [] S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys [] *Newly Created Service* - ZITHXZOI . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-06 13:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-06 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\tune up utilities\SystemOptimizer.exe "2005-11-19 07:02:28 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (SY4PPNP19-yoda).job" - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 11:12:30 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-12 11:20:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-12 09:19:59 ComboFix2.txt 2008-06-12 06:03:28 Pre-Run: 52,864,040,960 octets libres Post-Run: 52,848,988,160 octets libres 317 --- E O F --- 2008-06-11 07:55:12 Par contre au re-démarrage de mon PC, ANTIVIR m'a detecté cela : Virus or unwanted program 'TR/Trash.Gen [trojan]' detected in file 'C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP15\A0000219.dll. Action performed: Move file to quarantine L'ai placé en quarantaine. J'espere que la manip que tu m'as soumis a bien fonctionné. J'attend donc tes nouvelles instructions.
  10. yoda93
    Bonjour Falkra et merci de m'aider. Comme tu me l'as demandé voici le rapport d'analyse de combofix : ComboFix 08-06-10.5 - Yoda 2008-06-12 7:42:23.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.415 [GMT 2:00] Endroit: C:\Documents and Settings\yoda\Bureau\Combo-Fix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\yoda\Application Data\inst.exe C:\WINDOWS\system32\appcert C:\WINDOWS\system32\bebeeffde_r.dll C:\WINDOWS\system32\beffffb_z.dll C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\11550265.exe C:\WINDOWS\system32\drivers\downld\14799671.exe C:\WINDOWS\system32\drivers\downld\14825984.exe C:\WINDOWS\system32\drivers\downld\14853046.exe C:\WINDOWS\system32\drivers\downld\14895953.exe C:\WINDOWS\system32\drivers\downld\14911703.exe C:\WINDOWS\system32\drivers\downld\14916406.exe C:\WINDOWS\system32\drivers\downld\180828.exe C:\WINDOWS\system32\drivers\downld\209687.exe C:\WINDOWS\system32\drivers\downld\217890.exe C:\WINDOWS\system32\drivers\downld\240468.exe C:\WINDOWS\system32\drivers\downld\249781.exe C:\WINDOWS\system32\drivers\downld\250218.exe C:\WINDOWS\system32\drivers\downld\268187.exe C:\WINDOWS\system32\drivers\downld\283593.exe C:\WINDOWS\system32\drivers\downld\286203.exe C:\WINDOWS\system32\drivers\downld\291593.exe C:\WINDOWS\system32\drivers\downld\291859.exe C:\WINDOWS\system32\drivers\downld\29321796.exe C:\WINDOWS\system32\drivers\downld\29342593.exe C:\WINDOWS\system32\drivers\downld\29365359.exe C:\WINDOWS\system32\drivers\downld\29382734.exe C:\WINDOWS\system32\drivers\downld\29395718.exe C:\WINDOWS\system32\drivers\downld\29400453.exe C:\WINDOWS\system32\drivers\downld\314703.exe C:\WINDOWS\system32\drivers\downld\332828.exe C:\WINDOWS\system32\drivers\downld\341296.exe C:\WINDOWS\system32\drivers\downld\352718.exe C:\WINDOWS\system32\drivers\downld\373359.exe C:\WINDOWS\system32\drivers\downld\387562.exe C:\WINDOWS\system32\drivers\downld\392171.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\dfrguih.dll . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWSAPAGENT -------\Legacy_RCVUHLRN -------\Legacy_SROSA -------\Legacy_WINDOWS_LOG -------\Service_NwSapAgent -------\Service_rcvuhlrn ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))))))) . 2008-06-11 22:07 . 2008-06-11 22:07 <REP> d-------- C:\Program Files\Avira 2008-06-11 22:05 . 2008-06-11 22:06 <REP> d-------- C:\Program Files\ANTIVIR antivirus setup 2008-06-11 09:30 . 2008-04-14 17:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 09:30 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-10 16:12 . 2008-06-10 16:12 <REP> d-------- C:\WINDOWS\AU_Temp 2008-06-10 16:12 . 2008-06-10 16:12 34,649,137 --a------ C:\WINDOWS\VPTNFILE.335 2008-06-10 16:12 . 2008-06-10 16:12 34,649,137 --a------ C:\WINDOWS\LPT$VPN.335 2008-06-06 16:58 . 2008-06-06 16:58 11,453,333 --a------ C:\upload_moi_SY4PPNP19.tar.gz 2008-06-06 16:54 . 2008-06-11 09:31 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2008-06-06 15:20 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp 2008-06-05 22:26 . 2008-04-14 04:34 1,037,824 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe 2008-06-05 22:26 . 2008-04-14 04:34 1,037,824 --a------ C:\WINDOWS\explorer.exe 2008-06-05 20:00 . 2008-06-06 13:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-05 20:00 . 2008-06-05 20:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm 2008-05-30 21:55 . 2008-05-30 21:55 <REP> d-------- C:\fsaua.data 2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-13 17:05 . 2008-05-13 17:21 <REP> d-------- C:\pilotes VIA 2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\system32\fr 2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\system32\bits 2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\l2schemas 2008-05-13 16:39 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-05-13 16:22 . 2008-06-06 15:12 <REP> d-------- C:\WINDOWS\EHome 2008-05-13 15:56 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-11 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-06-10 19:46 --------- d-----w C:\Program Files\DEFENSE PC 2008-06-10 19:33 --------- d-----w C:\Program Files\Navilog1 2008-06-10 19:03 --------- d-----w C:\Program Files\EASY CLEANER 2008-06-10 14:12 91,744 ----a-w C:\WINDOWS\BPMNT.dll 2008-06-10 14:12 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll 2008-06-09 17:27 --------- d-----w C:\Program Files\Ahead 2008-06-09 16:12 --------- d-----w C:\Program Files\DivX 2008-06-05 22:05 71,749 ----a-w C:\WINDOWS\hcextoutput.dll 2008-06-05 22:05 333,576 ----a-w C:\WINDOWS\tsc.exe 2008-06-05 22:02 --------- d-----w C:\Program Files\Winamp 2008-05-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania 2008-05-20 06:02 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-13 15:20 --------- d-----w C:\Documents and Settings\yoda\Application Data\ma-config.com 2008-05-13 15:18 --------- d-----w C:\Program Files\VIA 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-03 12:03 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\netucgxr 2008-04-23 11:51 --------- d-----w C:\Documents and Settings\yoda\Application Data\dvdcss 2008-04-22 17:23 20,608 ----a-w C:\WINDOWS\system32\drivers\reppbkyd.dat 2008-04-20 07:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-19 09:09 --------- d-----w C:\Program Files\Radio Fr Solo 2008-04-19 08:56 --------- d-----w C:\Program Files\quick time 2008-04-18 16:40 --------- d-----w C:\Program Files\Fichiers communs\Mozilla Shared 2008-04-18 16:40 --------- d-----w C:\Documents and Settings\yoda\Application Data\netucgxr 2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2007-12-30 12:09 8 --sha-r C:\WINDOWS\system32\567574EF83.sys 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-12-30 12:09 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4805A96E-4492-4650-8CE1-7049ABF14535}] C:\WINDOWS\system32\amstreams.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D77E7A40-7534-420A-B6B3-0B3956C11474}] 2004-08-05 14:00 84480 --a------ c:\windows\system32\dfrguih.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-21 17:39 114688] "fenaffiche"="C:\Program Files\FenAffiche\Fenpowernet.exe" [2004-07-23 10:43 49152] "VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe] "QuickTime Task"="C:\program files\quick time\qttask.exe" [2008-02-01 00:13 385024] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "VIDC.MJPG"= pvmjpg21.dll "VIDC.PVW2"= pvwv220.dll "VIDC.PIMJ"= pvljpg20.dll "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "vidc.VP40"= vp4vfw.dll "VIDC.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2005-11-15 21:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-03 10:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\program files\quick time\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Temp\\CI_HITACHI\\MAJ_Hitachi.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\bitcomet\\BitComet.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\JEU\\SteamApps\\xxx8575\\counter-strike source\\hl2.exe"= "E:\\JEU\\SteamApps\\xxx8575\\day of defeat\\hl.exe"= "E:\\JEU\\SteamApps\\xxx8575\\counter-strike\\hl.exe"= "E:\\JEU\\SteamApps\\xxx8575\\condition zero\\hl.exe"= "E:\\JEU\\SteamApps\\xxx8575\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\HLSW\\hlsw.exe"= "C:\\Program Files\\e-mule\\eMule\\emule.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "E:\\Jeu Trackmania\\trackmania nation\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "E:\\trackmania forever\\TmNationsForever\\TmForever.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4672:UDP"= 4672:UDP:kad_reseau "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5900:TCP"= 5900:TCP:assistance msn "3389:UDP"= 3389:UDP:assistance à distance "6346:TCP"= 6346:TCP:shareaza "6346:UDP"= 6346:UDP:shareaza "4662:TCP"= 4662:TCP:lphant "21:UDP"= 21:UDP:club "4672:TCP"= 4672:TCP:mulot "23430:TCP"= 23430:TCP:BitComet 23430 TCP "23430:UDP"= 23430:UDP:BitComet 23430 UDP "3728:TCP"= 3728:TCP:tribalweb "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "24192:TCP"= 24192:TCP:BitComet 24192 TCP "24192:UDP"= 24192:UDP:BitComet 24192 UDP "13941:TCP"= 13941:TCP:BitComet 13941 TCP "13941:UDP"= 13941:UDP:BitComet 13941 UDP "26228:TCP"= 26228:TCP:@xpsp2res.dll,-22009 "25204:TCP"= 25204:TCP:@xpsp2res.dll,-22009 R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 17:39] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49] R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 17:39] R0 zithxzoi;zithxzoi;C:\WINDOWS\system32\drivers\zithxzoi.sys [2004-08-05 14:00] R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 12:44] S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [] S2 SrvQxa;SrvQxa;"\\?\C:\Program Files\Fichiers communs\System\lpt9.exe" [] S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys [2004-04-28 11:30] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12] S3 SPAInfoDrv;SPAInfoDrv;C:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys [] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 20:56] S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 13:28] S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys [] S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-06 13:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-06 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\tune up utilities\SystemOptimizer.exe "2005-11-19 07:02:28 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (SY4PPNP19-yoda).job" - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 07:54:48 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\MICROS~3\rapimgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-12 8:03:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-12 06:03:13 Pre-Run: 52,950,028,288 octets libres Post-Run: 52,892,217,344 octets libres 346 --- E O F --- 2008-06-11 07:55:12 Et pour finir le rapport d'analyse d'ANTIVIR fait hier soir après son installation : Avira AntiVir Personal Report file date: mercredi 11 juin 2008 22:21 Scanning for 1327179 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SY4PPNP19 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 20:09:14 ANTIVIR3.VDF : 7.0.4.180 326144 Bytes 11/06/2008 20:09:15 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 11/06/2008 20:09:25 AESCN.DLL : 8.1.0.21 119156 Bytes 11/06/2008 20:09:24 AERDL.DLL : 8.1.0.20 418165 Bytes 11/06/2008 20:09:23 AEPACK.DLL : 8.1.1.5 364918 Bytes 11/06/2008 20:09:22 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/06/2008 20:09:21 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 11/06/2008 20:09:21 AEHELP.DLL : 8.1.0.15 115063 Bytes 11/06/2008 20:09:19 AEGEN.DLL : 8.1.0.28 307572 Bytes 11/06/2008 20:09:18 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/06/2008 20:09:17 AECORE.DLL : 8.1.0.31 168310 Bytes 11/06/2008 20:09:16 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 11 juin 2008 22:21 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet006\Services\zithxzoi\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet006\Services\zithxzoi\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. '66792' objects were checked, '2' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned Scan process 'VTTimer.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 28 processes with 28 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '19' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe [DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN [NOTE] The file was moved to '48b936cd.qua'! C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.41 [NOTE] The file was moved to '48b93714.qua'! C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP10\A0000168.exe [DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN [NOTE] The file was moved to '48803b68.qua'! C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP10\A0000170.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.41 [NOTE] The file was moved to '48803b74.qua'! Begin scan in 'E:\' <DISQUE 2> End of the scan: mercredi 11 juin 2008 23:21 Used time: 1:00:08 min The scan has been done completely. 8685 Scanning directories 340758 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 340754 Files not concerned 7555 Archives were scanned 2 Warnings 4 Notes 66792 Objects were scanned with rootkit scan 2 Hidden objects were found Toutes les entrées potentiellement dangereuses trouvées par ANTIVIR ont été mises en quarantaine dans l'attente d'instruction de ta part. Merci
  11. yoda93
    Merci pour tes conseils Desch. Concernant msconfig j'ai jamais mis le nez dedans (enfin concernant d'éventuelles modifs) car ça devient du chinois pour moi tant que l'on ne me donne pas la réelle marche à suivre. Voilà, AVAST supprimé et remplacé par ANTIVIR. Je vous fais un scan et vous posterai le rapport d'analyse. Ensuite j'attendrai vos instructions.
  12. yoda93
    Encore merci mon Général pour ta première intervention Sinon Mc Afee a été désinstallé comme demandé. Dois-je quand même faire les analyses que tu m'as conseillées ? En attendant vais déployer le bouclier tactique et rester attentifs aux nouvelles instructions de l'escouade.
  13. yoda93
    Bonjour Desch. Merci pour la rapidité de ta réponse. Concernant Mac Afee, il me semble pourtant l'avoir viré lorsque j'ai installé Avast. Là, lorsque je clique sur l'icone restante de Mc Afee, il m'est notfié : "Mcagent.exe n'est pas une application Win32 valide". Et si je souhaite accéder au panneau de config, comme je le signalais plus haut c'est impossible. Quel logiciel ou quel manip pour y accéder ou virer Mc Afee me conseilles tu ? J'ai trouvé lol : Démarrer, Exécuter et pour finir "control" En ce qui concerne le mode sans échec que tu me demandes de déclencher, il m'est également impossible d'y accéder. Vais donc malheureusement devoir faire les scans en mode normal. Vais attendre que tu me répondes concernant la désinstallation de Mc Affe et ensuite je posterai illico les rapports relatifs à Malwarebyte et LopS&D.
  14. yoda93
    Bonjour tout le monde. Merci pour ce site, son forum et les conseils que l’on peut y trouver régulièrement. En général j’essaie par moi-même et en visitant les divers forums dont le votre pour solutionner les divers problèmes que je peux rencontrer sur ma machine. Cela va des ptites attaques virales aux divers problèmes que tout un chacun peut rencontrer. Mais là franchement je sèche carrément car même en sillonnant vos pages je n’ai trouvées aucune solution efficace pour éradiquer les soucis rencontrés. Voici donc ce qu’il se passe : Un soir souhaitant allez faire une analyse en ligne de mon pc je me rend sur le site inoculer.com (bien entendu j’avais regardé ce qu’il en était dit avant de faire quoique ce soit ) et je lance un logiciel de détection en ligne. Quelle fût ma surprise lorsqu’immédiatement AVAST me trouve une infection. Je termine donc directement le programme lancé et décide de nettoyer mon pc dans la foulée mais avec mes logiciels (c-cleaner, easy clean, ad-aware, avg anti spyware et ensuite scan en ligne avec secuser). Là les soucis commencent, on me trouve et ce n’est que le début : Virus : Cryp Morphine – chemin : C :\Windows\System32\khz2kg85.exe Trojan Win32.Obfuscated.avw – Chemin : C:\Windows\System32\dfrguih.dll processus 1212 ; 1648 ; 1240 Même Trojan dans winlogon mais nommé apparemment kngirkdz Trojan-clicker.win32.Delf.ach – chemin : C:\Windows\System32\dfrguih.dll.bak Win32 : Trojan-gen{gen} Donc là je commence à me dire que la poisse est de retour car un mois avant j’avais chopé Beagle et avait réussi à éradiquer le monstre. Donc je me rends sur votre forum et regarde un peu ce que je peux faire pour tout ce que j’ai nommé plus haut. Mais franchement rien ne change malgré vos conseils. Et d’un seul coup mon écran devient bleu et je vois marqué : Stop C000021a (erreur système irrécupérable) Le processus système Winlogon Process s’est terminé de façon innatendue avec l’état 0x0000013 (0x00000000 0x00000000) Le système a été arrêté. Là ça me gave et reprend le taureau par les cornes et tente de relancer des vérif. sur mon pc en mode sans échec après avoir suivies vos conseils. Je me rend compte déjà que dans la restauration système je n’ai plus aucune date d’affichées et ensuite que le mode sans échec n’est plus disponible. En fait lorsque je presse F8 ou F5 j’accède à la page du mode sans échec, je sélectionne ce qu’il faut et malheureusement le pc redémarre en mode normal car le mode sans échec n’est pas disponible. Jusque là tt va mal mais tout va bien quand même mon pc tourne normalement et je n’ai plus d’alertes. Enfin faut pas s’emballer car la suite vient le lendemain. J’allume mon pc, rien ne rame ça tourne nickel, pas d’alerte virale de suite… Souhaitant accéder au panneau de config (je suis sous XP édition familiale au fait), je fais démarrer « panneau de config » et là on me demande si je veux créer un raccourci. Je pense à une fausse manip de ma part, donc je réitère mon action et encore pareil pour la demande de raccourci. J’utilise le raccourci clavier pour accéder au poste de travail et hop nouvel étonnement, on me marque « paramètre incorrect ». Je recommence et toujours pareil. Ensuite voyant ma poubelle pleine, je tente également de l’ouvrir pour voir ce qu’il y a dedans et là comme pour le panneau de config on me demande si j’accepte de créer un raccourci. Ensuite je redémarre mon PC (Oui oui c’est un roman je sais ) et "étonnationnement", plus de bureau, plus rien, plus rien. Je réfléchis un ptiot peu au lieu de mettre un coup de chausson à l’UC et passe par le gestionnaire de tache, la commande exécuter et accède à tous mes documents… Donc déjà pas de bobos, enfin pas trop. J’accède au net également et regarde comme faire réapparaître le bureau. Apparemment il faut tapoter la commande explorer.exe dans exécuter. Je le fais et hop tt réapparaît. Mais cela ne solutionne pas mon souci de raccourcis et je me rends également compte que mes dossiers se trouvant sur le bureau ne sont plus accessibles, sauf en passant par démarrer, exécuter et parcourir… En somme un vrai merdier si je peux me permettre d’écrire cela ici. Alors hier j’ai fait plein de ptits rapports avec divers logiciels pour vous qui vous y connaissez bien mieux que moi et allez peut-être pouvoir m’aider. Rapport Bitdefendder : RAS. Rapport Secuser : RAS Rapport AVG anti-spyware : RAS Rapport Rogue mover : RAS Rapport AVG anti Rootkit : RAS Rapport Navilog : RAS Rapport Winsos : RAS Rapport C-Cleaner : RAS Maintenant voici les rapports avec plein de trucs écrits dedans : Rapport HitJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:09:13, on 10/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST ANTIVIRUS\aswUpdSv.exe C:\Program Files\AVAST ANTIVIRUS\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\AVASTA~1\ashDisp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST ANTIVIRUS\ashWebSv.exe c:\program files\a square\a-squared free\a2service.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe c:\program files\fichiers communs\mozilla shared\firefox.exe C:\Program Files\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: (no name) - {4805A96E-4492-4650-8CE1-7049ABF14535} - C:\WINDOWS\system32\amstreams.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D77E7A40-7534-420A-B6B3-0B3956C11474} - c:\windows\system32\dfrguih.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [fenaffiche] "C:\Program Files\FenAffiche\Fenpowernet.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205858377087 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1120132856000.kit.sexequalite.com/1...bertix_Sexe.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer = 194.117.200.10,194.117.200.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer = 194.117.200.10,194.117.200.15 O20 - Winlogon Notify: knqjrkdz - C:\WINDOWS\SYSTEM32\dfrguih.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a square\a-squared free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: SrvQxa - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing) -- End of file - 10551 bytes Rapport A-Square : Version - a-squared Free 3.5 Dernière mise à jour : 10/06/2008 16:20:38 Paramètres des balayages : Éléments : Mémoire, Traces, Cookies, C:\, E:\ Balaye dans les archives : Marche Analyse heuristique : Marche Balaye dans les ADS : Marche Début du balayage : 10/06/2008 16:25:20 [1324] C:\WINDOWS\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw [1808] c:\windows\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw [576] c:\windows\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20 C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\Reboot.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\SmitfraudFix.zip/Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20 C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\SmitfraudFix.zip/Reboot.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f C:\Program Files\EXTRACTION vidéo sur site internet\vdownloader version 0.61.zip/VDownloader.exe Objets détectés : Riskware.Downloader.Win32.VDown.a C:\Program Files\Navilog1\Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20 C:\Program Files\Navilog1\reboot.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP1\A0000009.dll Objets détectés : Trojan.Win32.Obfuscated.avw C:\WINDOWS\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw C:\WINDOWS\system32\dfrguih.dll.bak Objets détectés : Trojan.Win32.Obfuscated.avw Analysé Fichiers : 210416 Traces : 441010 Cookies : 59 Processus : 34 Objets trouvés Fichiers : 11 Traces : 0 Cookies : 10 Processus : 3 Clés de Registre : 0 Fin du balayage : 10/06/2008 20:18:12 Temps du balayage : 3:52:52 Rapport Smitfraudfix : SmitFraudFix v2.323 Rapport fait à 21:35:20,09, 10/06/2008 Executé à partir de C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST ANTIVIRUS\aswUpdSv.exe C:\Program Files\AVAST ANTIVIRUS\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\AVASTA~1\ashDisp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\AVAST ANTIVIRUS\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe c:\program files\a square\a-squared free\a2service.exe c:\program files\fichiers communs\mozilla shared\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoda »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoda\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\yoda~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 194.117.200.10 DNS Server Search Order: 194.117.200.15 HKLM\SYSTEM\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CS1\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CS3\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CS3\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer=194.117.200.10,194.117.200.15 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapports AVAST (liste des avertissements depuis 2007) : 27/07/2007 03:26:10 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b32ee082fc68db8fc238d826fa80054267" file. 27/07/2007 03:26:20 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\HT3YMROA\HoTMaiL[1].htm" file. 27/07/2007 03:26:42 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b362150adb05666eba8f1fd02be78dde47" file. 27/07/2007 03:26:48 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\GAAO1QZS\HoTMaiL[1].htm" file. 27/07/2007 09:38:54 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "http://by141fd.bay141.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=84674621f9252aca252e4c6f623724fb3b4ba0c93f6c24a2a0fec81aa45f8a26\unp128818099" file. 27/07/2007 09:39:18 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\D5A5955M\HoTMaiL[1].htm" file. 27/07/2007 09:41:42 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "http://by141fd.bay141.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=84674621f9252aca252e4c6f623724fb27363310af94eab74b462d73d4a84348\unp175282971" file. 27/07/2007 09:45:12 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\OQZ18WK1\HoTMaiL[1].htm" file. 27/07/2007 10:23:24 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by141fd.bay141.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=84674621f9252aca252e4c6f623724fbd454b01d6a880601e1ebbf49e4e49e07\unp225386101" file. 27/07/2007 10:22:38 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\G9ZJT5ZW\HoTMaiL[1].htm" file. 27/07/2007 10:23:22 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b32b40a27b36496d594a14c5afdd5d91ec" file. 27/07/2007 10:23:26 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\G9ZJT5ZW\HoTMaiL[1].htm" file. 27/07/2007 11:01:47 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b3cdae517b0f24d8b5c1af30575e8aeb1a" file. 27/07/2007 11:01:56 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\XSKHPC90\HoTMaiL[1].htm" file. 27/07/2007 11:03:08 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b3c23a81a80f085a62193ffaaef64fa3c1" file. 27/07/2007 11:03:16 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\XSKHPC90\HoTMaiL[1].htm" file. 27/07/2007 11:04:05 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b326b33368e61987e3a058e9fb958c512a" file. 27/07/2007 11:04:25 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b334b36d798f5cd090e71ee9ea90f32f63" file. 27/07/2007 11:04:44 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b30fca5706488af2ebf4e6a1fdb14675eb" file. 27/07/2007 11:06:35 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b3dd9e440c518afdc2e846c841baa8601d" file. 27/07/2007 11:07:08 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\PHZEC5IB\HoTMaiL[3].htm" file. 27/07/2007 11:07:26 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\XSKHPC90\HoTMaiL[3].htm" file. 27/07/2007 11:11:04 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\G9ZJT5ZW\HoTMaiL[1].htm" file. 27/07/2007 11:15:34 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\ZDL9WX8Y\HoTMaiL[1].htm" file. 27/07/2007 11:56:26 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by112fd.bay112.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=79e82640d9c372bfd8ba0a033a5a80a91ea5e966dd31d2e2e8de0511d6406b82" file. 27/07/2007 11:56:47 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\ZDL9WX8Y\HoTMaiL[1].htm" file. 01/09/2007 20:39:54 SYSTEM 1832 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002. 01/09/2007 20:39:54 SYSTEM 1832 An error has occured while attempting to update. Please check the logs. 14/09/2007 22:17:16 SYSTEM 244 Function setifaceUpdatePackages() has failed. Return code is 0x20000019, dwRes is 20000019. 14/09/2007 22:17:16 SYSTEM 244 An error has occured while attempting to update. Please check the logs. 22/09/2007 13:18:00 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 22/09/2007 13:18:01 SYSTEM 1972 An error has occured while attempting to update. Please check the logs. 13/10/2007 10:00:23 SYSTEM 496 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002. 13/10/2007 10:00:24 SYSTEM 496 An error has occured while attempting to update. Please check the logs. 14/10/2007 09:37:49 yoda 3184 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A. 14/10/2007 09:38:22 yoda 3184 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A. 05/11/2007 12:04:05 SYSTEM 380 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002. 05/11/2007 12:05:22 SYSTEM 380 An error has occured while attempting to update. Please check the logs. 02/12/2007 21:47:48 SYSTEM 548 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 02/12/2007 21:47:49 SYSTEM 548 An error has occured while attempting to update. Please check the logs. 16/02/2008 16:33:58 yoda 1308 Sign of "Win32:DelMBR [Trj]" has been found in "C:\Pilotes\PILOTES.ISO\OUTILS\RéINST~1\MBR.EXE\mbr.IMA" file. 16/02/2008 16:36:30 yoda 1308 Sign of "Win32:DelMBR [Trj]" has been found in "C:\Pilotes\PILOTES.ISO\OUTILS\RéINST~1\MBR.ISO" file. 16/02/2008 16:36:42 yoda 1308 Sign of "Win32:DelMBR [Trj]" has been found in "C:\Pilotes\PILOTES.ISO" file. 16/02/2008 16:57:47 yoda 1308 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\LPHANT\Lphant-v2.00-Beta2-Installer.exe\{tmp}\VVSNInst.exe\VVSN.exe" file. 16/02/2008 16:57:48 yoda 1308 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\LPHANT\Lphant-v2.00-Beta2-Installer.exe\{tmp}\VVSNInst.exe" file. 16/02/2008 17:40:47 yoda 1308 Sign of "Win32:BHO-KD [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll\[uPX]" file. 17/02/2008 15:17:38 SYSTEM 188 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000. 17/02/2008 15:17:39 SYSTEM 188 An error has occured while attempting to update. Please check the logs. 19/03/2008 18:28:54 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 18:29:44 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 18:30:15 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 18:31:34 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:05:09 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:19:25 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:22:42 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:24:25 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:24:34 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:46:25 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:47:36 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:52:39 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:54:34 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 19:56:31 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:25:59 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:35:44 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:37:22 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:37:27 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:37:33 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:51:14 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:54:36 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:58:15 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:58:23 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 21:59:56 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 22:03:20 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 22:04:56 yoda 3532 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 22:05:52 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 19/03/2008 22:36:34 SYSTEM 1700 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 12:35:54 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 12:44:21 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 12:46:38 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 12:46:43 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 12:46:50 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 13:00:27 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 13:00:34 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 13:04:00 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 13:04:23 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 22/03/2008 13:05:41 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 28/03/2008 09:33:07 SYSTEM 756 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 03/04/2008 12:08:11 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 03/04/2008 12:18:50 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 03/04/2008 12:21:00 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 03/04/2008 12:22:17 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 03/04/2008 12:23:28 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 03/04/2008 21:09:15 SYSTEM 688 Sign of "Win32:Adware-gen [Adw]" has been found in "http://files.numerama.com/Lphant%203.02%20[Par%20Ratiatum.com].exe\{tmp}\VVSNInst.exe" file. 03/04/2008 21:19:03 SYSTEM 688 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\GACHOD~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005. 03/04/2008 21:19:03 SYSTEM 688 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005. 03/04/2008 21:25:20 SYSTEM 688 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file. 03/04/2008 21:25:48 SYSTEM 688 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file. 03/04/2008 21:28:54 yoda 916 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file. 04/04/2008 07:36:04 yoda 688 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file. 04/04/2008 09:54:31 yoda 688 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 04/04/2008 09:58:49 yoda 688 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\AppCert\prx99f.dll" file. 04/04/2008 10:35:58 yoda 340 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file. 04/04/2008 10:40:58 yoda 340 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file. 09/04/2008 14:52:11 SYSTEM 988 Sign of "JS:ADODB-V [Expl]" has been found in "http://picshunter.info/??http%3A//www.onyourlips.com/" file. 14/04/2008 15:23:30 SYSTEM 1116 Sign of "ANI:CVE-2007-0038 [Expl]" has been found in "http://polhfdn.awasr.cn/exploits/x16b.php" file. 14/04/2008 17:49:21 SYSTEM 1116 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\meta4.exe" file. 20/04/2008 22:59:29 SYSTEM 1192 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000. 20/04/2008 22:59:29 SYSTEM 1192 An error has occured while attempting to update. Please check the logs. 22/04/2008 19:23:36 SYSTEM 1084 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005. 22/04/2008 19:23:36 SYSTEM 1084 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005. 25/04/2008 14:52:15 SYSTEM 988 Sign of "Win32:Cfd [Adw]" has been found in "C:\Program Files\BroadJump\Client Foundation\CFD.exe" file. 25/04/2008 22:25:10 SYSTEM 988 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 25/04/2008 22:25:10 SYSTEM 988 An error has occured while attempting to update. Please check the logs. 16/05/2008 12:33:07 SYSTEM 228 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005. 16/05/2008 12:33:07 SYSTEM 228 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.dat (C:\WINDOWS\system32\drivers\zithxzoi.dat) returning error, 00000005. 22/05/2008 17:43:04 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005. 22/05/2008 17:43:09 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\TEMP\hhvqehke.dat (C:\WINDOWS\TEMP\hhvqehke.dat) returning error, 00000005. 22/05/2008 17:43:09 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.sys (C:\WINDOWS\system32\drivers\zithxzoi.sys) returning error, 00000005. 22/05/2008 18:34:19 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005. 22/05/2008 18:34:25 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005. 22/05/2008 18:34:25 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.sys (C:\WINDOWS\system32\drivers\zithxzoi.sys) returning error, 00000005. 28/05/2008 18:38:55 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005. 28/05/2008 18:39:00 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\TEMP\hhvqehke.dat (C:\WINDOWS\TEMP\hhvqehke.dat) returning error, 00000005. 28/05/2008 19:11:07 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005. 28/05/2008 19:11:07 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005. 05/06/2008 21:17:56 SYSTEM 500 Sign of "Win32:Kuang2" has been found in "http://pcpitstop.com/antivirus/PitPav.cab\PitPav.exe\$[14358]\Pavdll.dll" file. 06/06/2008 13:40:09 SYSTEM 240 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005. 06/06/2008 13:40:24 SYSTEM 240 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.dat (C:\WINDOWS\system32\drivers\zithxzoi.dat) returning error, 00000005. 06/06/2008 14:38:54 SYSTEM 188 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://download.microsoft.com/download/5/c...x86fre_spcd.iso (C:\WINDOWS\TEMP\_avast4_\unp11923825.tmp) returning error, 0000001E. 10/06/2008 13:05:19 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:05:35 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:06:00 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:06:10 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:06:23 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:06:32 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:06:36 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:06:43 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:07:18 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:07:21 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:07:29 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:07:32 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:07:40 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:07:47 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:07:49 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 13:08:27 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 13:09:24 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:17:20 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 15:18:26 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:19:20 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:19:29 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 15:19:33 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:19:48 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 15:21:24 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:21:32 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:21:53 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 15:22:39 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 15:22:43 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 16:06:44 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 16:08:03 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 16:10:58 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 16:11:06 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 16:11:14 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 16:11:22 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 16:12:00 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file. 10/06/2008 16:12:14 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file. 10/06/2008 19:35:45 SYSTEM 536 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005. 10/06/2008 19:36:08 SYSTEM 536 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.dat (C:\WINDOWS\system32\drivers\zithxzoi.dat) returning error, 00000005. 10/06/2008 22:35:15 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll.bak" file. 11/06/2008 00:44:33 yoda 4028 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll.bak" file. 11/06/2008 02:04:02 yoda 4028 Sign of "Win32:Agent-PSI [Rtk]" has been found in "C:\WINDOWS\system32\drivers\reppbkyd.dat" file. 11/06/2008 08:52:19 yoda 4028 Sign of "Win32:Agent-PSI [Rtk]" has been found in "C:\WINDOWS\system32\drivers\zithxzoi.dat" file. Zone de quarantaine AVAST : Initialisation des fichiers de la zone de quarantaine ------------------------------------------------------------------------------------------ Le programme va essayer de charger tous les fichiers de la zone de quarantaine à partir du serveur suivant : (null) ID du fichier : 0000000001 Nom original du fichier : C:\WINDOWS\system32\kernel32.dll Catégorie du fichier : 0 ID du fichier : 0000000002 Nom original du fichier : C:\WINDOWS\system32\winsock.dll Catégorie du fichier : 0 ID du fichier : 0000000003 Nom original du fichier : C:\WINDOWS\system32\wsock32.dll Catégorie du fichier : 0 ID du fichier : 0000000004 Nom original du fichier : C:\WINDOWS\system32\kernel32.dll Catégorie du fichier : 0 ID du fichier : 0000000007 Nom original du fichier : C:\WINDOWS\system32\kernel32.dll Catégorie du fichier : 0 ID du fichier : 0000000008 Nom original du fichier : C:\WINDOWS\system32\wsock32.dll Catégorie du fichier : 0 ID du fichier : 0000000009 Nom original du fichier : C:\WINDOWS\system32\dfrguih.dll Catégorie du fichier : 1 ID du fichier : 0000000010 Nom original du fichier : C:\windows\system32\dfrguih.dll Catégorie du fichier : 1 ID du fichier : 0000000011 Nom original du fichier : C:\windows\system32\dfrguih.dll Catégorie du fichier : 1 ID du fichier : 0000000012 Nom original du fichier : C:\WINDOWS\system32\dfrguih.dll Catégorie du fichier : 1 ID du fichier : 0000000013 Nom original du fichier : C:\windows\system32\dfrguih.dll Catégorie du fichier : 1 ID du fichier : 0000000014 Nom original du fichier : C:\WINDOWS\system32\dfrguih.dll Catégorie du fichier : 1 Rapport Easy Cleaner base de registre : HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Log File Name C:\divx.log HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Log File Name C:\divx.log HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MV File Name C:\mvinfo.bin HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MV File Name C:\mvinfo.bin HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Nth Pass debug file name C:\newrc.txt HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Nth Pass debug file name C:\newrc.txt HKEY_CURRENT_USER Software\Gabest\vsfilter\DefTextPathes 09/06/2008 16:09:00 Path1 c:\subtitles HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\Gabest\vsfilter\DefTextPathes 09/06/2008 16:09:00 Path1 c:\subtitles HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MP4 File Name C:\test.divx HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MP4 File Name C:\test.divx HKEY_LOCAL_MACHINE Software\Classes\CLSID\{4805A96E-4492-4650-8CE1-7049ABF14535}\InprocServer32 14/02/2008 11:55:53 C:\WINDOWS\system32\amstreams.dll HKEY_LOCAL_MACHINE Software\Microsoft\Windows Media Device Manager 09/06/2008 16:09:10 Log.Filename C:\WINDOWS\system32\Wmdm.log HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 YUV Dir Name C:\yuv HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 YUV Dir Name C:\yuv Rapport Spybot : --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-03-19 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8. 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-02-16 unins000.exe (51.49.0.0) 2008-03-18 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-06-03 Includes\Adware.sbi 2008-06-03 Includes\AdwareC.sbi 2008-06-03 Includes\Cookies.sbi 2008-06-03 Includes\Dialer.sbi 2008-06-03 Includes\DialerC.sbi 2008-06-03 Includes\HeavyDuty.sbi 2008-06-04 Includes\Hijackers.sbi 2008-06-03 Includes\HijackersC.sbi 2008-06-03 Includes\Keyloggers.sbi 2008-06-03 Includes\KeyloggersC.sbi 2008-06-03 Includes\Malware.sbi 2008-06-03 Includes\MalwareC.sbi 2008-06-03 Includes\PUPS.sbi 2008-06-03 Includes\PUPSC.sbi 2007-11-07 Includes\Revision.sbi 2008-06-03 Includes\Security.sbi 2008-06-03 Includes\SecurityC.sbi 2008-06-03 Includes\Spybots.sbi 2008-06-03 Includes\SpybotsC.sbi 2008-06-03 Includes\Spyware.sbi 2008-06-03 Includes\SpywareC.sbi 2008-06-03 Includes\Tracks.uti 2008-06-03 Includes\Trojans.sbi 2008-06-03 Includes\TrojansC.sbi 2007-12-24 Plugins\TCPIPAddress.dll Located: HK_LM:Run, AGRSMMSG command: AGRSMMSG.exe file: C:\WINDOWS\AGRSMMSG.exe size: 88209 MD5: 230EA041666125B6812FE3FF964B2DF3 Located: HK_LM:Run, avast! command: C:\PROGRA~1\AVASTA~1\ashDisp.exe file: C:\PROGRA~1\AVASTA~1\ashDisp.exe size: 79224 MD5: 87B63FD1B5EC5CC41589CE7026DB7C5F Located: HK_LM:Run, fenaffiche command: "C:\Program Files\FenAffiche\Fenpowernet.exe" file: C:\Program Files\FenAffiche\Fenpowernet.exe size: 49152 MD5: 7D18E3CD4F3960BDEA404A280BC5B9A1 Located: HK_LM:Run, RestoreIT! command: "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart file: C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE size: 114688 MD5: 703D864C5CE2AB756D6C871CF8B1FCF1 Located: HK_LM:Run, VTTimer command: VTTimer.exe file: C:\WINDOWS\system32\VTTimer.exe size: 53248 MD5: 09F1A97848BFAB3F36EB216681465B85 Located: HK_LM:Run, QuickTime Task (DISABLED) command: "C:\program files\quick time\qttask.exe" -atboottime file: C:\program files\quick time\qttask.exe size: 385024 MD5: BAFCF6CF19CE4882039C52DFA17BE35F Located: HK_CU:Run, CTFMON.EXE (DISABLED) where: .DEFAULT... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, ctfmon.exe (DISABLED) where: PE_C_ADMINISTRATEUR... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, ctfmon.exe (DISABLED) where: PE_C_FLORIAN... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, CTFMON.EXE (DISABLED) where: S-1-5-19... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, CTFMON.EXE (DISABLED) where: S-1-5-20... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, H/PC Connection Agent where: S-1-5-21-4135148708-4229327457-639787953-1006... command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe size: 1204224 MD5: 3D3B3B4844A9D4B1B9D3E8C7BB013026 Located: HK_CU:Run, WMPNSCFG where: S-1-5-21-4135148708-4229327457-639787953-1006... command: C:\Program Files\Windows Media Player\WMPNSCFG.exe file: C:\Program Files\Windows Media Player\WMPNSCFG.exe size: 204288 MD5: 5011A24AECF4D573473BDC15EE84C178 Located: HK_CU:Run, CTFMON.EXE (DISABLED) where: S-1-5-18... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, dimsntfy command: %SystemRoot%\System32\dimsntfy.dll file: %SystemRoot%\System32\dimsntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, knqjrkdz command: dfrguih.dll file: dfrguih.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, WgaLogon command: WgaLogon.dll file: WgaLogon.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Rapport register C-Cleaner : Cette valeur revient à chaque fois. ActiveX/COM Inexistant InProcServer32\C:\WINDOWS\system32\amstreams.dll HKCR\CLSID\{4805A96E-4492-4650-8CE1-7049ABF14535} Voilà, j’espère ne pas avoir fait un post trop long, enfin quoique Mais je souhaitais que vous ayiez le maximum d’informations et rapports d’analyse (à la même date) à votre disposition et que cela vous évite de les demander. Merci d’avance pour les conseils et solutions que vous m’apporterez. Ah oui, j’ai eu beau faire une réparation avec le cd d’instal de Windows cela n’a rien donné. Bon courage à vous tous et que la force soit avec vous.
×
×
  • Créer...