Aller au contenu

asiancream

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

asiancream's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. asiancream
    tous marche maintenant!, t vraiment un chef fakra encore un pb résolu grâce a tes connaissance en info. jvais vais mettre fierement résolu sur le titre du topic
  2. asiancream
    alors voila le rapport de combofix: ComboFix 08-07-26.1 - stephane 2008-07-27 14:18:30.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.626 [GMT 2:00] Endroit: C:\Downloads\Software\ComboFix.exe Command switches used :: C:\Downloads\Software\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\0xf9.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))))))) . 2008-07-25 22:38 . 2008-07-25 22:38 <REP> d-------- C:\Deckard 2008-07-25 21:44 . 2008-07-25 21:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-25 21:44 . 2008-07-25 21:44 <REP> d-------- C:\Documents and Settings\stephane\Application Data\Malwarebytes 2008-07-25 21:44 . 2008-07-25 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-25 21:44 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-25 21:44 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-25 21:10 . 2008-07-25 21:10 <REP> d-------- C:\Program Files\Lavasoft 2008-07-25 14:41 . 2008-07-25 16:05 <REP> d-------- C:\Documents and Settings\stephane\.housecall6.6 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-07-25 12:38 . 2008-03-29 07:45 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-07-25 12:38 . 2008-03-29 08:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-07-25 12:38 . 2008-07-25 12:38 <REP> d-------- C:\Documents and Settings\Administrateur 2008-07-25 12:30 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe 2008-07-25 12:30 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys 2008-07-25 12:30 . 2008-07-25 12:30 3,120 --a------ C:\WINDOWS\system32\118290.54 2008-07-25 12:30 . 2008-07-25 12:30 3,120 --a------ C:\WINDOWS\118294.78 2008-07-25 12:30 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys 2008-07-17 13:49 . 2008-07-17 13:50 38 --a------ C:\WINDOWS\avisplitter.INI 2008-07-10 19:52 . 2008-07-10 19:52 <REP> d-------- C:\Program Files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-27 12:17 --------- d-----w C:\Documents and Settings\stephane\Application Data\Free Download Manager 2008-07-27 11:44 --------- d-----w C:\Program Files\adslTV 2008-07-25 19:36 --------- d-----w C:\Program Files\Miranda IM 2008-07-25 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-25 10:40 --------- d-----w C:\Program Files\Glary Utilities 2008-07-10 19:56 --------- d-----w C:\Documents and Settings\stephane\Application Data\LimeWire 2008-07-10 19:53 --------- d-----w C:\Program Files\LimeWire 2008-06-07 17:25 --------- d-----w C:\Documents and Settings\stephane\Application Data\TaoUSign . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Program Files\AdVantage ---- C:\Program Files\AdVantage\ ((((((((((((((((((((((((((((( snapshot@2008-07-27_12.53.09.20 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-04 04:54:22 66,560 ----a-w C:\WINDOWS\LastGood.Tmp\system32\cdm.dll + 2004-08-04 04:54:48 432,640 ----a-w C:\WINDOWS\LastGood.Tmp\system32\wuapi.dll + 2004-08-04 04:55:04 112,640 ----a-w C:\WINDOWS\LastGood.Tmp\system32\wuauclt.exe + 2004-08-04 04:54:48 1,134,592 ----a-w C:\WINDOWS\LastGood.Tmp\system32\wuaueng.dll + 2004-08-04 04:54:48 114,176 ----a-w C:\WINDOWS\LastGood.Tmp\system32\wucltui.dll + 2004-08-04 04:54:48 36,864 ----a-w C:\WINDOWS\LastGood.Tmp\system32\wups.dll + 2004-08-04 04:54:48 120,320 ----a-w C:\WINDOWS\LastGood.Tmp\system32\wuweb.dll - 2004-08-04 04:54:22 66,560 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2004-08-04 04:54:22 66,560 -c----w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2004-08-04 04:54:48 432,640 -c----w C:\WINDOWS\system32\dllcache\wuapi.dll + 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2004-08-04 04:55:04 112,640 -c----w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2004-08-04 04:54:48 1,134,592 -c----w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2004-08-04 04:54:48 114,176 -c----w C:\WINDOWS\system32\dllcache\wucltui.dll + 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2004-08-04 04:54:48 120,320 -c----w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll - 2004-08-04 04:54:48 432,640 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2004-08-04 04:55:04 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2004-08-04 04:54:48 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2004-08-04 04:54:48 114,176 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2004-08-04 04:54:48 36,864 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll - 2004-08-04 04:54:48 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-27 12:32:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a8.dat + 2008-07-27 12:32:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_790.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-04-01 20:23 5724184] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MPlayer2_FixUp"="C:\WINDOWS\inf\unregmp2.exe" [2005-01-28 15:22 192512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 12:03 114688] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992] "PopUpKiller"="C:\Program Files\PopUp Killer\popupkiller.EXE" [2002-02-26 23:53 108032] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 06:54 101888] "WMC_RebootCheck"="C:\WINDOWS\inf\unregmp2.exe" [2005-01-28 15:22 192512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0] --a------ 2008-01-19 20:01 2245984 C:\Program Files\Norton Ghost\Agent\VProTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpKiller] --a------ 2002-02-26 23:53 108032 C:\Program Files\PopUp Killer\PopUpKiller.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -r-hs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --------- 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "epm-dm"=c:\acer\Empowering Technology\ePower\epm-dm.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\adslTV\\adsltv.exe"= "C:\\Program Files\\adslTV\\vlc.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Free Download Manager\\fdm.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-04 06:54] R3 AVerAF15;AVerMedia BDA Digital Tuner;C:\WINDOWS\system32\Drivers\AVerAF15.sys [2007-03-22 04:08] R3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 17:13] S3 EMSUSB2;EMSUSB2;C:\WINDOWS\system32\Drivers\EMSUSB2.SYS [2008-05-01 15:01] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-04-02 C:\WINDOWS\Tasks\AusLogics Disk Defrag.job - C:\PROGRA1\AUSLOG1\AUSLOG1\DISKDE1.EXE [] 2008-04-02 C:\WINDOWS\Tasks\avast! Antivirus.job - C:\PROGRA1\ALWILS1\Avast4\ashAvast.exe [] 2008-04-02 C:\WINDOWS\Tasks\CCleaner.job - C:\PROGRA1\CCleaner\CCleaner.exe [] 2008-07-17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1207241798.job - s !BC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 1200 series#1207241798"stephane [] 2008-04-02 C:\WINDOWS\Tasks\GlaryInitialize.job - s !#0C:\Program Files\Glary Utilities\initialize.exestephaneGlary Utilities Initialization0 [] 2008-04-02 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - s !8C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSEstephane0 [] . - - - - ORPHANS REMOVED - - - - Toolbar-{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - (no file) HKCU-Run-popupeclair - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-27 14:32:37 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msdtc.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-27 14:34:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-27 12:34:53 ComboFix2.txt 2008-07-27 10:53:28 Pre-Run: 3,724,558,336 octets libres Post-Run: 3,715,387,392 octets libres 197 et celui de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:38:21, on 27/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\Program Files\PopUp Killer\popupkiller.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Downloads\Software\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file) O3 - Toolbar: (no name) - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - (no file) O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\stephane\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- End of file - 6786 bytes
  3. asiancream
    j'ai fais tous ce que tu as dit donc voila le resultat: ComboFix 08-07-26.1 - stephane 2008-07-27 12:51:02.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.395 [GMT 2:00] Endroit: C:\Downloads\Software\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))))))) . 2008-07-25 22:38 . 2008-07-25 22:38 <REP> d-------- C:\Deckard 2008-07-25 21:44 . 2008-07-25 21:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-25 21:44 . 2008-07-25 21:44 <REP> d-------- C:\Documents and Settings\stephane\Application Data\Malwarebytes 2008-07-25 21:44 . 2008-07-25 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-25 21:44 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-25 21:44 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-25 21:10 . 2008-07-25 21:10 <REP> d-------- C:\Program Files\Lavasoft 2008-07-25 14:41 . 2008-07-25 16:05 <REP> d-------- C:\Documents and Settings\stephane\.housecall6.6 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-07-25 12:38 . 2008-03-29 07:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-07-25 12:38 . 2008-03-29 08:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-07-25 12:38 . 2008-03-29 08:38 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-07-25 12:38 . 2008-07-25 12:38 <REP> d-------- C:\Documents and Settings\Administrateur 2008-07-25 12:30 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe 2008-07-25 12:30 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys 2008-07-25 12:30 . 2008-07-25 12:30 3,120 --a------ C:\WINDOWS\system32\118290.54 2008-07-25 12:30 . 2008-07-25 12:30 3,120 --a------ C:\WINDOWS\118294.78 2008-07-25 12:30 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys 2008-07-25 09:58 . 2008-07-25 09:58 18,432 --a------ C:\0xf9.exe 2008-07-17 13:49 . 2008-07-17 13:50 38 --a------ C:\WINDOWS\avisplitter.INI 2008-07-10 19:52 . 2008-07-10 19:52 <REP> d-------- C:\Program Files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-26 23:22 --------- d-----w C:\Program Files\adslTV 2008-07-25 22:13 --------- d-----w C:\Documents and Settings\stephane\Application Data\Free Download Manager 2008-07-25 19:36 --------- d-----w C:\Program Files\Miranda IM 2008-07-25 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-25 10:40 --------- d-----w C:\Program Files\Glary Utilities 2008-07-10 19:56 --------- d-----w C:\Documents and Settings\stephane\Application Data\LimeWire 2008-07-10 19:53 --------- d-----w C:\Program Files\LimeWire 2008-06-07 17:25 --------- d-----w C:\Documents and Settings\stephane\Application Data\TaoUSign . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:07 1667584] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-01 20:23 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 12:03 114688] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0] --a------ 2008-01-19 20:01 2245984 C:\Program Files\Norton Ghost\Agent\VProTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpKiller] --a------ 2002-02-26 23:53 108032 C:\Program Files\PopUp Killer\PopUpKiller.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -r-hs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --------- 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "epm-dm"=c:\acer\Empowering Technology\ePower\epm-dm.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\adslTV\\adsltv.exe"= "C:\\Program Files\\adslTV\\vlc.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Free Download Manager\\fdm.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-04 06:54] R3 AVerAF15;AVerMedia BDA Digital Tuner;C:\WINDOWS\system32\Drivers\AVerAF15.sys [2007-03-22 04:08] R3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 17:13] S3 EMSUSB2;EMSUSB2;C:\WINDOWS\system32\Drivers\EMSUSB2.SYS [2008-05-01 15:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a95b643-00b9-11dd-b680-00166f98b2e0}] \Shell\AutoRun\command - F:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-04-02 C:\WINDOWS\Tasks\AusLogics Disk Defrag.job - C:\PROGRA1\AUSLOG1\AUSLOG1\DISKDE1.EXE [] 2008-04-02 C:\WINDOWS\Tasks\avast! Antivirus.job - C:\PROGRA1\ALWILS1\Avast4\ashAvast.exe [] 2008-04-02 C:\WINDOWS\Tasks\CCleaner.job - C:\PROGRA1\CCleaner\CCleaner.exe [] 2008-07-17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1207241798.job - s !BC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 1200 series#1207241798"stephane [] 2008-04-02 C:\WINDOWS\Tasks\GlaryInitialize.job - s !#0C:\Program Files\Glary Utilities\initialize.exestephaneGlary Utilities Initialization0 [] 2008-04-02 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - s !8C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSEstephane0 [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-kilpaklrm - c:\documents and settings\stephane\local settings\application data\kilpaklrm.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank R0 -: HKLM-Main,Window Title = Protégé par : Popup Éclair v.2 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-27 12:52:22 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-27 12:53:27 ComboFix-quarantined-files.txt 2008-07-27 10:53:22 Pre-Run: 3,769,012,224 octets libres Post-Run: 3,761,561,600 octets libres 139
  4. asiancream
    excuse pour hier soir, j'avais plus internet. je n'arrive pas a aller sur ton pour te envoyer le fichier
  5. asiancream
    ben malheureusement pr moi sa marche pas. ben te prend pas trop la tete si sa marche aps ben sa marche pas
  6. asiancream
    quand le clique le fichier ne s'ouvre pas il se passe rien et sa depuis le virus de l'ecran bleu
  7. asiancream
    alors g installer le logiciel et voila le resultat, mais tu a raison g deja fait un peu le nettoyage avec, cccleaner, spybot search and destroy, avast, malwearbytes, adawear. et le probleme qui me reste c'est que j'arrive pas a ouvrir les fichier jpeg, bmp (tous les images) et sur l'ecran les titres des icones sont en couleur bleu. Deckard's System Scanner v20071014.68 Run by stephane on 2008-07-25 22:38:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-07-25 20:38:35 UTC - RP99 - Deckard's System Scanner Restore Point 3: 2008-07-25 19:36:47 UTC - RP98 - Removed Pro Evolution Soccer 2008. 2: 2008-07-25 10:43:37 UTC - RP97 - Last good restore point 1: 2008-07-25 10:43:25 UTC - RP96 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as stephane.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:16, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\WINDOWS\system32\mspaint.exe C:\Downloads\Software\dss.exe C:\DOWNLO~1\Software\stephane.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file) O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- End of file - 6118 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©> R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver> R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver> R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows ® 2000 DDK driver> R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver> R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver> R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil> S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 EMSUSB2 - c:\windows\system32\drivers\emsusb2.sys S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook> R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Bluetooth PAN Network Adapter Device ID: ROOT\NET\0000 Manufacturer: IVT Corporation Name: Bluetooth PAN Network Adapter PNP Device ID: ROOT\NET\0000 Service: BT -- Scheduled Tasks ------------------------------------------------------------- 2008-07-17 18:57:10 348 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1207241798.job 2008-04-02 16:38:15 270 --a------ C:\WINDOWS\Tasks\CCleaner.job 2008-04-02 16:37:23 298 --a------ C:\WINDOWS\Tasks\avast! Antivirus.job 2008-04-02 16:35:59 306 --a------ C:\WINDOWS\Tasks\AusLogics Disk Defrag.job 2008-04-02 16:34:07 336 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job 2008-04-02 16:33:28 318 --a------ C:\WINDOWS\Tasks\GlaryInitialize.job -- Files created between 2008-06-25 and 2008-07-25 ----------------------------- 2008-07-25 21:44:18 0 d-------- C:\Documents and Settings\stephane\Application Data\Malwarebytes 2008-07-25 21:44:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-25 21:44:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-25 21:35:33 0 dr-h----- C:\Documents and Settings\stephane\Recent 2008-07-25 21:10:44 0 d-------- C:\Program Files\Lavasoft 2008-07-25 14:41:05 0 d-------- C:\Documents and Settings\stephane\.housecall6.6 2008-07-25 12:38:42 0 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-07-25 12:38:42 0 d---s---- C:\Documents and Settings\Administrateur\Cookies 2008-07-25 12:38:42 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-07-25 12:38:42 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2008-07-25 12:38:42 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2008-07-25 12:38:41 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-07-25 12:38:41 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-07-25 12:38:41 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2008-07-25 12:38:41 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2008-07-25 12:38:41 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-07-25 12:38:41 0 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-07-25 12:38:41 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-07-25 12:38:41 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2008-07-25 12:38:40 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT 2008-07-25 12:30:39 5632 --a------ C:\WINDOWS\system32\Machnm64.sys 2008-07-25 12:30:39 2304 --a------ C:\WINDOWS\system32\Machnm32.sys 2008-07-25 12:30:39 15840 --a------ C:\WINDOWS\system32\Machnm1.exe 2008-07-25 09:58:27 18432 --a------ C:\0xf9.exe <Not Verified; aaaa; sadfdsfdsfds> 2008-07-10 19:52:56 0 d-------- C:\Program Files\RealVNC -- Find3M Report --------------------------------------------------------------- 2008-07-25 22:38:08 0 d-------- C:\Documents and Settings\stephane\Application Data\Free Download Manager 2008-07-25 21:36:22 0 d-------- C:\Program Files\Miranda IM 2008-07-25 21:29:42 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-25 12:40:41 0 d-------- C:\Program Files\Glary Utilities 2008-07-24 22:39:17 0 d-------- C:\Program Files\adslTV 2008-07-10 21:56:08 0 d-------- C:\Documents and Settings\stephane\Application Data\LimeWire 2008-07-10 21:53:50 0 d-------- C:\Program Files\LimeWire 2008-06-07 19:25:09 0 d-------- C:\Documents and Settings\stephane\Application Data\TaoUSign 2008-04-30 08:32:05 458886 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-04-30 08:32:05 71686 --a------ C:\WINDOWS\system32\perfc00C.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [09/11/2005 11:04] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/06/2005 12:03] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00] "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [25/11/2005 15:59] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/08/2004 02:07] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [01/04/2008 20:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kilpaklrm] c:\documents and settings\stephane\local settings\application data\kilpaklrm.exe kilpaklrm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "epm-dm"=c:\acer\Empowering Technology\ePower\epm-dm.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a95b643-00b9-11dd-b680-00166f98b2e0}] AutoRun\command- F:\ explore\Command- RECYCLED\INFO.exe open\Command- RECYCLED\INFO.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8073 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-25 22:39:55 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: Intel® Pentium® M processor 1.70GHz Percentage of Memory in Use: 59% Physical Memory (total/avail): 1014.05 MiB / 405.91 MiB Pagefile Memory (total/avail): 2440.64 MiB / 1929.57 MiB Virtual Memory (total/avail): 2047.88 MiB / 1935.64 MiB C: is Fixed (NTFS) - 19.53 GiB total, 3.59 GiB free. D: is Fixed (NTFS) - 38.62 GiB total, 2.08 GiB free. E: is CDROM (CDFS) G: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - HTS421280H9AT00 - 74.53 GiB - 5 partitions \PARTITION0 - Unknown - 3.9 GiB \PARTITION1 (bootable) - Système de fichiers installable - 19.53 GiB - C: \PARTITION2 - Étendu avec Inter. 13 étendue - 51.09 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: avast! antivirus 4.7.1098 [VPS 080725-1] v4.7.1098 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc" "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner" "C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv" "C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Disabled:VLC media player" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "D:\\MULTIMEDIA\\GAME\\PES2008\\PES2008.exe"="D:\\MULTIMEDIA\\GAME\\PES2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"="C:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe:*:Enabled:VNC server for Win32" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\stephane\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=STEPHANE-FF6A37 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\stephane LOGONSERVER=\\STEPHANE-FF6A37 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\stephane\LOCALS~1\Temp TMP=C:\DOCUME~1\stephane\LOCALS~1\Temp USERDOMAIN=STEPHANE-FF6A37 USERNAME=stephane USERPROFILE=C:\Documents and Settings\stephane windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- stephane (admin) Administrateur (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe Acer eManager for Notebook --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62} Acer ePower Management --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9 Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7646-A70000000000} adsl TV --> C:\Program Files\adslTV\Uninstal.exe Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe" avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup AVerMedia A815 USB DVB-T 1.0.0.18 --> C:\Program Files\AVerMedia\AVerMedia A815 USB DVB-T\uninst.exe AVerTV --> C:\Program Files\InstallShield Installation Information\{FC87BEA8-5582-476C-A754-41F3A9D976D4}\setup.exe -runfromtemp -l0x040c BlueSoleil --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x40c BS.Player FREE powered by AdVantage --> "C:\Program Files\Webteh\BSplayer\uninstall.exe" Burn4Free CD and DVD --> "C:\Program Files\Burn4Free\uninstall.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe" Glary Utilities 2.5 --> "C:\Program Files\Glary Utilities\unins000.exe" HijackThis 2.0.2 --> "C:\Downloads\Software\HijackThis.exe" /uninstall hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5} Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} K-Lite Codec Pack 3.8.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014} Photo et imagerie HP 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} Photo et imagerie HP 2.0 - All-in-One Pilote --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} Photo et imagerie HP 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot PopUp Killer --> C:\WINDOWS\iun6002.exe "C:\Program Files\PopUp Killer\irunin.ini" Pro Evolution Soccer 2008 --> C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly Resco Guardians --> C:\WINDOWS\RSetupCEH.exe -uninstC:\Program Files\Resco\Guardians\_Install.log Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" VNC 3.3.7 --> "C:\Program Files\RealVNC\unins000.exe" Win AVI HelixSDK --> c:\unins000.exe Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} -- Application Event Log ------------------------------------------------------- Event Record #/Type2820 / Success Event Submitted/Written: 07/25/2008 10:15:29 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2789 / Success Event Submitted/Written: 07/25/2008 08:36:27 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2773 / Success Event Submitted/Written: 07/25/2008 02:38:48 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2741 / Success Event Submitted/Written: 07/25/2008 10:43:44 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2714 / Success Event Submitted/Written: 07/24/2008 07:39:40 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type12489 / Error Event Submitted/Written: 07/18/2008 11:22:45 AM Event ID/Source: 7000 / Service Control Manager Event Description: Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur : %%1053 Event Record #/Type12488 / Error Event Submitted/Written: 07/18/2008 11:22:45 AM Event ID/Source: 7009 / Service Control Manager Event Description: Délai (30000 millisecondes) d'attente pour une connexion du service avast! Antivirus. Event Record #/Type12477 / Warning Event Submitted/Written: 07/18/2008 01:22:11 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type12473 / Warning Event Submitted/Written: 07/18/2008 00:30:17 AM Event ID/Source: 2504 / Server Event Description: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{F15B1B13-18AE-4134-95AE-A844751B6879}. Event Record #/Type12472 / Warning Event Submitted/Written: 07/18/2008 00:30:11 AM Event ID/Source: 1007 / Dhcp Event Description: Votre ordinateur a automatiquement configuré l'adresse IP pour la carte avec l'adresse réseau 00166F98B2E0. L'adresse IP utilisée est 169.254.156.27. -- End of Deckard's System Scanner: finished at 2008-07-25 22:39:55 ------------
  8. asiancream
    merci falkra, le forum de zebulon est vraiment efficace. l'entraide est vraiment sympas . je fait kom tu dit et voici le rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:27:44, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Downloads\Software\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file) O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- End of file - 6057 bytes
  9. asiancream
    je suis nouveau sur le forum et j'ai lu tous vos mes à propos des ordi infecté par un spyware. J'ai le meme pb il y a sur mon ecran Warning! spyware detected on your computer et j'ai essayé le logiciel hijackthis. g fait le scan et je dois le poster sur le site.j'sper au moins ke c le bon site pour poster et j'espere ke ca marchera. Je vais redemarrer l'ordi en mode sans achec et je vous dirais la suite. aider moi pour savoir quel fichier je dois fixer car j'ai peur de faire une erreur et je voudrais eviter le pire svp Logfile of HijackThis v1.99.1 Scan saved at 21:59:42, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\DOCUME~1\stephane\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file) O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
×
×
  • Créer...