Manue2004

Membres

Afficher le profil Afficher son activité

Compteur de contenus
19
Inscription
le 12 septembre 2008
Dernière visite
le 22 janvier 2009

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Manue2004

SPOOL32 a causé une défaillance de page

Manue2004 a répondu à un(e) sujet de Manue2004 dans Software

MERCI MAINTENANT LE PC DEMARRE MAIS IL REBOOT APRES AVOIR CHARGE QULEQUES PROG SUR LE BUREAU. DONC JE PEUX UNIQUEMENT TRAVAILLER POUR L INSTANT EN MODE SANS ECHEC SANS CONNECTION INTERNET.
- le 21 janvier 2009
- 5 réponses
SPOOL32 a causé une défaillance de page

Manue2004 a répondu à un(e) sujet de Manue2004 dans Software

Bonjour, j'étais en train de solutionner un pb avec spool32 qui n'est tjs pas solutionné, mais ce matin , impossibmle d'entrer sur le bureau car le pc ne démarre plus , il ne fait qu'émettre de longs bips ????? Help svp !!!! sniff
- le 21 janvier 2009
- 5 réponses
SPOOL32 a causé une défaillance de page

Manue2004 a répondu à un(e) sujet de Manue2004 dans Software

Bonjour, je ne peux plus rien faire car mon pc ne démarre plus il emet des bips longs c'est tout. De plus je n'ai pas de cd ou de disquette de démarrage. ????? Merci de m'aider
- le 21 janvier 2009
- 5 réponses
SPOOL32 a causé une défaillance de page

Manue2004 a posté un sujet dans Software

Je suis sur vieux pc win98 2ème édition ver 4.10.2222A AVEC 128MO DE RAM Voici le message complet d'erreur: SPOOL32 a causé une défaillance de page dans le module <inconnu> à 0000:10001180. Registres : EAX=8173dabc CS=0177 EIP=10001180 EFLGS=00010246 EBX=8173da5c SS=017f ESP=0164ff9c EBP=0164ffcc ECX=c16e5730 DS=017f ESI=00000008 FS=232f EDX=8173dabc ES=017f EDI=81747d20 GS=0000 Octets à CS : EIP : État de la pile : bff88f20 10000000 81747d20 00000008 8173da5c 00000007 0164ffa4 0164fdcc ffffffff bffc05b4 bff79050 00000000 0164ffec bff869ef 10001180 10000000
- le 20 janvier 2009
- 5 réponses
Manue2004

Falkra
Mille merci pour tes conseils efficaces et ta patience et ta réactivité. Bonne continuation
- le 13 septembre 2008
- Signaler
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Merci beaucoup, vraiment c'est super, tu as été très eficace. Bonne continuation à toi Peut-être à une prochaine.
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Serait-ce la fin ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:02, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Podmailing\Podmailing.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9067 bytes Serait-ce la fin ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:02, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Podmailing\Podmailing.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9067 bytes
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1145 Windows 5.1.2600 Service Pack 2 13/09/2008 22:01:21 mbam-log-2008-09-13 (22-01-21).txt Type de recherche: Examen rapide Eléments examinés: 57134 Temps écoulé: 6 minute(s), 34 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 10 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcprosd.dll (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcprosd.dll (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Pro (Rogue.PCCleanPro) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Casino (Adware.Casino) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntiVirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Formation\Bureau\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\Formation\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\Formation\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\Formation\Bureau\Repair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Ecoute je ne constate effectivement plus de message d'alerte, juste peut-être un peu de lenteur tjs (mais c'est sensible). Ah si lorsque j'ai redemarré le pc, j'ai eu une "Fin de programme ne répond pas" pour le fichier systrayapp.exe . De plus , est-ce que je dois engager un nettoyage ?
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Voici le rapport hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:24, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Podmailing\Podmailing.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {7392D73A-3C8A-8C5A-2C56-32193AFFD192} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9213 bytes
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Verdicte ????? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:08:42, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Podmailing\Podmailing.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {7392D73A-3C8A-8C5A-2C56-32193AFFD192} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9562 bytes
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

J'espère que tu dis vrai ... et pour moi et pour toi ! Juste une remarque, je n'ai pas trouvé le fichier azudaffqz.exe dans la liste donc j'ai poursuivi la procèdure sans. (Ouvre le gestionnaire de tâches (CTRL+ALT+SUPPR), puis va dans l'onglet "processus". Dans la liste, clique sur azudafqz.exe pour sélectionner sa ligne, puis clique sur le bouton "terminer le processus" en bas à gauche. Confirme quand demandé.) C:\WINDOWS\system32\azudafqz.exe moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09132008_174846
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:33:04, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Podmailing\Podmailing.exe C:\WINDOWS\system32\azudafqz.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKCU\..\Run: [strDb] C:\WINDOWS\system32\azudafqz.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {7392D73A-3C8A-8C5A-2C56-32193AFFD192} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9613 bytes
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

La suite ... File/Folder C:\WINDOWS\system32\fglyrwha.exe not found. File/Folder C:\WINDOWS\system32\msxml71.dll not found. File/Folder C:\WINDOWS\system32\gxelmron.exe not found. File/Folder C:\Documents and Settings\Formation\Application Data\PC-Antispy not found. File/Folder C:\Program Files\SecureExpertCleaner not found. File/Folder C:\Program Files\PC Clean Pro not found. File/Folder C:\Program Files\PC-Antispy not found. File/Folder C:\Documents and Settings\All Users\Application Data\dubmlabe not found. File/Folder C:\Program Files\SAV not found. File/Folder C:\Documents and Settings\All Users\Application Data\erreurchasseur not found. File/Folder C:\Program Files\Fichiers communs\ErreurChasseur not found. File/Folder C:\Program Files\ErreurChasseur not found. File/Folder C:\Documents and Settings\All Users\Application Data\SalesMon not found. File/Folder C:\Program Files\BitTorrent Fastest Tool not found. < EmptyTemp > File delete failed. C:\DOCUME~1\FORMAT~1\LOCALS~1\Temp\Perflib_Perfdata_ea0.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1ac.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09132008_171709 Files moved on Reboot... File C:\DOCUME~1\FORMAT~1\LOCALS~1\Temp\Perflib_Perfdata_ea0.dat not found! File move failed. C:\WINDOWS\temp\Perflib_Perfdata_1ac.dat scheduled to be moved on reboot.
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Le pc est très lent c'est une horreur mais voila enfin le rapport. J'espère que tu ne t' arracheras pas trop les cheveux. Et merci encore pour le temps que tu y passes. ComboFix 08-09-11.02 - Formation 2008-09-13 16:45:59.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.234 [GMT 2:00] Endroit: C:\Documents and Settings\Formation\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Formation\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))))))) . 2008-09-13 13:03 . 2008-09-13 13:03 94,208 --a------ C:\WINDOWS\system32\azudafqz.exe 2008-09-12 23:10 . 2008-09-12 23:10 <REP> d-------- C:\Documents and Settings\InvitÚ 2008-09-12 22:45 . 2008-09-12 22:45 102,400 --a------ C:\WINDOWS\system32\fglyrwha.exe 2008-09-12 22:45 . 2008-09-13 16:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-12 22:45 . 2008-09-13 16:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-12 11:42 . 2008-09-12 11:42 <REP> d-------- C:\Program Files\Trend Micro 2008-09-12 09:54 . 2008-09-12 09:54 114,692 --a------ C:\WINDOWS\system32\msxml71.dll 2008-09-11 22:28 . 2008-09-11 22:30 <REP> d-------- C:\Program Files\SPYWAREfighter 2008-09-11 22:28 . 2008-09-11 22:28 <REP> d-------- C:\Program Files\Fichiers communs\Application 2008-09-11 16:08 . 2008-09-11 16:08 <REP> d-------- C:\Program Files\Lavasoft 2008-09-11 16:08 . 2008-09-11 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-11 16:07 . 2008-09-11 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-11 13:46 . 2008-09-11 13:46 <REP> d-------- C:\Documents and Settings\Formation\Download 2008-09-11 13:02 . 2008-09-11 13:22 <REP> d-------- C:\Documents and Settings\Formation\Application Data\PC-Antispy 2008-09-11 12:33 . 2008-09-11 12:33 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Logs 2008-09-11 12:23 . 2008-09-11 14:14 <REP> d-------- C:\Program Files\SecureExpertCleaner 2008-09-11 12:23 . 2008-09-11 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SEC 2008-09-11 12:12 . 2008-09-11 14:13 <REP> d-------- C:\Program Files\PC Clean Pro 2008-09-11 09:39 . 2008-09-11 14:53 <REP> d-------- C:\Program Files\PC-Antispy 2008-09-11 09:16 . 2008-09-11 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dubmlabe 2008-09-11 09:16 . 2008-09-05 19:12 165,888 --a------ C:\WINDOWS\system32\sav.cpl 2008-09-11 09:16 . 2008-09-11 09:16 86,016 --a------ C:\WINDOWS\system32\gxelmron.exe 2008-09-11 09:15 . 2008-09-12 00:49 <REP> d-------- C:\Program Files\SAV 2008-09-09 12:35 . 2008-09-11 10:23 <REP> d-------- C:\Program Files\VideoLAN 2008-09-01 20:38 . 2008-09-01 20:38 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Diino 2008-09-01 14:11 . 2008-09-01 14:16 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Podmailing 2008-09-01 14:10 . 2008-09-01 14:10 <REP> d-------- C:\Program Files\Podmailing 2008-08-27 23:13 . 2008-08-27 23:13 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur 2008-08-27 23:07 . 2008-09-12 18:10 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur 2008-08-27 23:07 . 2008-08-27 23:13 <REP> d-------- C:\Program Files\ErreurChasseur 2008-08-27 23:07 . 2008-08-27 23:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-08-27 16:46 . 2008-08-27 16:46 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-27 16:30 . 2008-08-27 16:30 <REP> d-------- C:\Program Files\Sony 2008-08-27 16:30 . 2008-08-27 16:30 <REP> d-------- C:\Program Files\Common Files 2008-08-27 09:43 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-27 00:40 . 2008-08-27 00:40 <REP> d-------- C:\Program Files\Free Audio Pack 2008-08-26 23:52 . 2008-08-26 23:52 <REP> d-------- C:\Documents and Settings\Formation\Application Data\AVS4YOU 2008-08-26 23:52 . 2008-08-26 23:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-08-26 23:47 . 2008-08-27 00:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-08-26 23:47 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll 2008-08-26 23:47 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 23:02 --------- d-----w C:\Documents and Settings\Formation\Application Data\Skype 2008-09-11 19:26 --------- d-----w C:\Program Files\BitTorrent Fastest Tool 2008-09-11 14:01 --------- d-----w C:\Program Files\Securitoo 2008-09-11 10:34 --------- d-----w C:\Program Files\PiloteContactV2 2008-09-11 10:34 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-09-11 10:00 --------- d-----w C:\Program Files\Google 2008-09-11 08:21 --------- d-----w C:\Program Files\eMule 2008-09-09 11:28 --------- d-----w C:\Program Files\Everest Poker 2008-08-27 21:29 --------- d-----w C:\Program Files\WinamaxPoker 2008-07-20 11:50 --------- d-----w C:\Documents and Settings\Formation\Application Data\PC Suite 2008-07-20 09:20 --------- d-----w C:\Documents and Settings\Formation\Application Data\Nokia Multimedia Player 2008-07-20 09:18 --------- d-----w C:\Documents and Settings\Formation\Application Data\Nokia 2008-07-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-07-20 09:16 --------- d-----w C:\Program Files\Nokia 2008-07-20 09:16 --------- d-----w C:\Program Files\Fichiers communs\PCSuite 2008-07-20 09:16 --------- d-----w C:\Program Files\Fichiers communs\Nokia 2008-07-20 09:16 --------- d-----w C:\Program Files\DIFX 2008-07-20 09:15 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-07-20 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2007-07-27 11:16 11,641,493 ----a-w C:\Program Files\Panasonic.zip 2001-08-08 14:58 21,866 -c--a-w C:\Program Files\Fichiers communs\tppupd2k.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-12_23.08.57.54 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-12 20:43:31 224,388 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-09-13 14:08:15 224,386 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-09-13 14:07:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Podmailing"="C:\Program Files\Podmailing\Podmailing start-minimized" [X] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 20053032] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "chkstr"="C:\WINDOWS\system32\gxelmron.exe" [2008-09-11 86016] "ApiUiProc"="C:\WINDOWS\system32\fglyrwha.exe" [2008-09-12 102400] "StrDb"="C:\WINDOWS\system32\azudafqz.exe" [2008-09-13 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-22 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-06 77824] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "PC-Antispy"="C:\Program Files\PC-Antispy\PC-Antispy.exe" [2008-09-11 11124736] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 115344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "M1bEYxMmAk"="C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe" [2008-09-11 69632] C:\Documents and Settings\Formation\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2005-12-24 251392] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-01-14 483328] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIXL"= pclepixl.dll "VIDC.NTN1"= NUVision.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Podmailing\\podmailing.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1206:UDP"= 1206:UDP:Windows Media Format SDK (iexplore.exe) "1207:UDP"= 1207:UDP:Windows Media Format SDK (iexplore.exe) R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 8336] R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program Files\SPYWAREfighter\spfprc.exe [2008-02-21 406160] S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272] S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248] S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys [2000-07-16 136352] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432] S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ] S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536] S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [2002-06-24 36096] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-13 16:50:03 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-13 16:52:00 ComboFix-quarantined-files.txt 2008-09-13 14:51:41 ComboFix2.txt 2008-09-12 22:13:46 ComboFix3.txt 2008-09-12 21:09:56 Pre-Run: 8,569,536,512 octets libres Post-Run: 8,568,774,656 octets libres 197 --- E O F --- 2008-09-13 14:00:07
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Oui j'ai suivi les manip mais je peux recommencer si tu veux ? Mince alors, tu m 'inquiètes.
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Bonjour Falkra, voici les rapports: Merci. ComboFix 08-09-11.02 - Formation 2008-09-13 0:06:39.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.181 [GMT 2:00] Endroit: C:\Documents and Settings\Formation\Bureau\Nouveau dossier\ComboFix.exe Command switches used :: C:\Documents and Settings\Formation\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))))))) . 2008-09-12 23:10 . 2008-09-12 23:10 <REP> d-------- C:\Documents and Settings\InvitÚ 2008-09-12 22:45 . 2008-09-12 22:45 102,400 --a------ C:\WINDOWS\system32\fglyrwha.exe 2008-09-12 22:45 . 2008-09-12 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-12 22:45 . 2008-09-12 23:10 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-12 12:44 . 2008-09-12 12:44 <REP> d-------- C:\Program Files\Avira 2008-09-12 12:44 . 2008-09-12 12:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-12 11:42 . 2008-09-12 11:42 <REP> d-------- C:\Program Files\Trend Micro 2008-09-12 09:54 . 2008-09-12 09:54 114,692 --a------ C:\WINDOWS\system32\msxml71.dll 2008-09-11 22:28 . 2008-09-11 22:30 <REP> d-------- C:\Program Files\SPYWAREfighter 2008-09-11 22:28 . 2008-09-11 22:28 <REP> d-------- C:\Program Files\Fichiers communs\Application 2008-09-11 16:08 . 2008-09-11 16:08 <REP> d-------- C:\Program Files\Lavasoft 2008-09-11 16:08 . 2008-09-11 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-11 16:07 . 2008-09-11 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-11 13:46 . 2008-09-11 13:46 <REP> d-------- C:\Documents and Settings\Formation\Download 2008-09-11 13:02 . 2008-09-11 13:22 <REP> d-------- C:\Documents and Settings\Formation\Application Data\PC-Antispy 2008-09-11 12:33 . 2008-09-11 12:33 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Logs 2008-09-11 12:23 . 2008-09-11 14:14 <REP> d-------- C:\Program Files\SecureExpertCleaner 2008-09-11 12:23 . 2008-09-11 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SEC 2008-09-11 12:12 . 2008-09-11 14:13 <REP> d-------- C:\Program Files\PC Clean Pro 2008-09-11 09:39 . 2008-09-11 14:53 <REP> d-------- C:\Program Files\PC-Antispy 2008-09-11 09:16 . 2008-09-11 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dubmlabe 2008-09-11 09:16 . 2008-09-05 19:12 165,888 --a------ C:\WINDOWS\system32\sav.cpl 2008-09-11 09:16 . 2008-09-11 09:16 86,016 --a------ C:\WINDOWS\system32\gxelmron.exe 2008-09-11 09:15 . 2008-09-12 00:49 <REP> d-------- C:\Program Files\SAV 2008-09-09 12:35 . 2008-09-11 10:23 <REP> d-------- C:\Program Files\VideoLAN 2008-09-01 20:38 . 2008-09-01 20:38 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Diino 2008-09-01 14:11 . 2008-09-01 14:16 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Podmailing 2008-09-01 14:10 . 2008-09-01 14:10 <REP> d-------- C:\Program Files\Podmailing 2008-08-27 23:13 . 2008-08-27 23:13 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur 2008-08-27 23:07 . 2008-09-12 18:10 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur 2008-08-27 23:07 . 2008-08-27 23:13 <REP> d-------- C:\Program Files\ErreurChasseur 2008-08-27 23:07 . 2008-08-27 23:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-08-27 16:46 . 2008-08-27 16:46 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-27 16:30 . 2008-08-27 16:30 <REP> d-------- C:\Program Files\Sony 2008-08-27 16:30 . 2008-08-27 16:30 <REP> d-------- C:\Program Files\Common Files 2008-08-27 09:43 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-27 00:40 . 2008-08-27 00:40 <REP> d-------- C:\Program Files\Free Audio Pack 2008-08-26 23:52 . 2008-08-26 23:52 <REP> d-------- C:\Documents and Settings\Formation\Application Data\AVS4YOU 2008-08-26 23:52 . 2008-08-26 23:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-08-26 23:47 . 2008-08-27 00:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-08-26 23:47 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll 2008-08-26 23:47 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 23:02 --------- d-----w C:\Documents and Settings\Formation\Application Data\Skype 2008-09-11 19:26 --------- d-----w C:\Program Files\BitTorrent Fastest Tool 2008-09-11 14:01 --------- d-----w C:\Program Files\Securitoo 2008-09-11 10:34 --------- d-----w C:\Program Files\PiloteContactV2 2008-09-11 10:34 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-09-11 10:00 --------- d-----w C:\Program Files\Google 2008-09-11 08:21 --------- d-----w C:\Program Files\eMule 2008-09-09 11:28 --------- d-----w C:\Program Files\Everest Poker 2008-08-27 21:29 --------- d-----w C:\Program Files\WinamaxPoker 2008-07-20 11:50 --------- d-----w C:\Documents and Settings\Formation\Application Data\PC Suite 2008-07-20 09:20 --------- d-----w C:\Documents and Settings\Formation\Application Data\Nokia Multimedia Player 2008-07-20 09:18 --------- d-----w C:\Documents and Settings\Formation\Application Data\Nokia 2008-07-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-07-20 09:16 --------- d-----w C:\Program Files\Nokia 2008-07-20 09:16 --------- d-----w C:\Program Files\Fichiers communs\PCSuite 2008-07-20 09:16 --------- d-----w C:\Program Files\Fichiers communs\Nokia 2008-07-20 09:16 --------- d-----w C:\Program Files\DIFX 2008-07-20 09:15 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-07-20 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2007-07-27 11:16 11,641,493 ----a-w C:\Program Files\Panasonic.zip 2001-08-08 14:58 21,866 -c--a-w C:\Program Files\Fichiers communs\tppupd2k.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Podmailing"="C:\Program Files\Podmailing\Podmailing start-minimized" [X] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 20053032] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "chkstr"="C:\WINDOWS\system32\gxelmron.exe" [2008-09-11 86016] "ApiUiProc"="C:\WINDOWS\system32\fglyrwha.exe" [2008-09-12 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-22 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-06 77824] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "ErreurChasseur"="C:\Program Files\ErreurChasseur\SysRep.exe" [2008-05-22 1761792] "PC-Antispy"="C:\Program Files\PC-Antispy\PC-Antispy.exe" [2008-09-11 11124736] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 115344] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "M1bEYxMmAk"="C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe" [2008-09-11 69632] C:\Documents and Settings\Formation\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2005-12-24 251392] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-01-14 483328] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIXL"= pclepixl.dll "VIDC.NTN1"= NUVision.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Podmailing\\podmailing.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1206:UDP"= 1206:UDP:Windows Media Format SDK (iexplore.exe) "1207:UDP"= 1207:UDP:Windows Media Format SDK (iexplore.exe) R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 8336] R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program Files\SPYWAREfighter\spfprc.exe [2008-02-21 406160] S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272] S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248] S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys [2000-07-16 136352] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432] S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ] S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536] S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [2002-06-24 36096] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-13 00:10:47 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-13 0:13:44 ComboFix-quarantined-files.txt 2008-09-12 22:13:24 ComboFix2.txt 2008-09-12 21:09:56 Pre-Run: 8,635,424,768 octets libres Post-Run: 8,623,472,640 octets libres 193 --- E O F --- 2008-09-12 10:10:57 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:36, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\ErreurChasseur\SysRep.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Podmailing\Podmailing.exe C:\WINDOWS\system32\gxelmron.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\DOCUME~1\FORMAT~1\LOCALS~1\Temp\version_up.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [ErreurChasseur] C:\Program Files\ErreurChasseur\SysRep.exe O4 - HKLM\..\Run: [PC-Antispy] "C:\Program Files\PC-Antispy\PC-Antispy.exe" hide O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKCU\..\Run: [chkstr] C:\WINDOWS\system32\gxelmron.exe O4 - HKCU\..\Run: [ApiUiProc] C:\WINDOWS\system32\fglyrwha.exe O4 - HKCU\..\Run: [strDb] C:\WINDOWS\system32\azudafqz.exe O4 - HKLM\..\Policies\Explorer\Run: [M1bEYxMmAk] C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {7392D73A-3C8A-8C5A-2C56-32193AFFD192} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11837 bytes
- le 13 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Déjà mon pc tourne plus vite et n'ai plus les alertes d'infection. Merci. Killall:: File:: C:\WINDOWS\system32\fglyrwha.exe C:\WINDOWS\system32\msxml71.dll C:\WINDOWS\system32\gxelmron.exe Folder:: C:\Documents and Settings\Formation\Application Data\PC-Antispy C:\Program Files\SecureExpertCleaner C:\Program Files\PC Clean Pro C:\Program Files\PC-Antispy C:\Documents and Settings\All Users\Application Data\dubmlabe C:\Program Files\SAV C:\Documents and Settings\All Users\Application Data\erreurchasseur C:\Program Files\Fichiers communs\ErreurChasseur C:\Program Files\ErreurChasseur C:\Documents and Settings\All Users\Application Data\SalesMon C:\Program Files\BitTorrent Fastest Tool Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60B244BE-559D-4269-B96E-CD264D828EC9}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chkstr"=- "ApiUiProc"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ErreurChasseur"=- "PC-Antispy"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "M1bEYxMmAk"=-
- le 12 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a répondu à un(e) sujet de Manue2004 dans Analyses et éradication malwares

Re....bonsoir, voici la suite et le rapport de combofix. Merci et au plaisir de lire la suite. ComboFix 08-09-11.02 - Formation 2008-09-12 22:02:41.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.249 [GMT 2:00] Endroit: C:\Documents and Settings\Formation\Bureau\Nouveau dossier\ComboFix.exe (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Formation\Cookies\formation@bluestreak[2].txt C:\Documents and Settings\Formation\Cookies\formation@edt02[1].txt C:\Documents and Settings\Formation\Cookies\formation@esearchvision[2].txt C:\Documents and Settings\Formation\Cookies\formation@tracker.affistats[1].txt C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.exe C:\Program Files\AntiSpywareExpert C:\Program Files\AntiSpywareExpert\ase.exe C:\Program Files\AntiSpywareExpert\ase_fr.exe C:\Program Files\AntiSpywareExpert\BL.dat C:\Program Files\AntiSpywareExpert\WL.dat C:\Program Files\PCPrivacyCleaner C:\Program Files\VirusRemover2008 C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\Cache C:\WINDOWS\system32\dao350.dll C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3550P -------\Service_asc3550p ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))))))) . 2008-09-12 22:45 . 2008-09-12 22:45 102,400 --a------ C:\WINDOWS\system32\fglyrwha.exe 2008-09-12 22:45 . 2008-09-12 22:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-12 22:45 . 2008-09-12 22:45 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-12 12:44 . 2008-09-12 12:44 <REP> d-------- C:\Program Files\Avira 2008-09-12 12:44 . 2008-09-12 12:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-12 11:42 . 2008-09-12 11:42 <REP> d-------- C:\Program Files\Trend Micro 2008-09-12 09:54 . 2008-09-12 09:54 114,692 --a------ C:\WINDOWS\system32\msxml71.dll 2008-09-11 22:28 . 2008-09-11 22:30 <REP> d-------- C:\Program Files\SPYWAREfighter 2008-09-11 22:28 . 2008-09-11 22:28 <REP> d-------- C:\Program Files\Fichiers communs\Application 2008-09-11 16:08 . 2008-09-11 16:08 <REP> d-------- C:\Program Files\Lavasoft 2008-09-11 16:08 . 2008-09-11 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-11 16:07 . 2008-09-11 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-11 13:46 . 2008-09-11 13:46 <REP> d-------- C:\Documents and Settings\Formation\Download 2008-09-11 13:02 . 2008-09-11 13:22 <REP> d-------- C:\Documents and Settings\Formation\Application Data\PC-Antispy 2008-09-11 12:33 . 2008-09-11 12:33 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Logs 2008-09-11 12:23 . 2008-09-11 14:14 <REP> d-------- C:\Program Files\SecureExpertCleaner 2008-09-11 12:23 . 2008-09-11 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SEC 2008-09-11 12:12 . 2008-09-11 14:13 <REP> d-------- C:\Program Files\PC Clean Pro 2008-09-11 09:39 . 2008-09-11 14:53 <REP> d-------- C:\Program Files\PC-Antispy 2008-09-11 09:16 . 2008-09-11 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dubmlabe 2008-09-11 09:16 . 2008-09-05 19:12 165,888 --a------ C:\WINDOWS\system32\sav.cpl 2008-09-11 09:16 . 2008-09-11 09:16 86,016 --a------ C:\WINDOWS\system32\gxelmron.exe 2008-09-11 09:15 . 2008-09-12 00:49 <REP> d-------- C:\Program Files\SAV 2008-09-09 12:35 . 2008-09-11 10:23 <REP> d-------- C:\Program Files\VideoLAN 2008-09-01 20:38 . 2008-09-01 20:38 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Diino 2008-09-01 14:11 . 2008-09-01 14:16 <REP> d-------- C:\Documents and Settings\Formation\Application Data\Podmailing 2008-09-01 14:10 . 2008-09-01 14:10 <REP> d-------- C:\Program Files\Podmailing 2008-08-27 23:13 . 2008-08-27 23:13 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur 2008-08-27 23:07 . 2008-09-12 18:10 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur 2008-08-27 23:07 . 2008-08-27 23:13 <REP> d-------- C:\Program Files\ErreurChasseur 2008-08-27 23:07 . 2008-08-27 23:07 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-08-27 16:46 . 2008-08-27 16:46 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-27 16:30 . 2008-08-27 16:30 <REP> d-------- C:\Program Files\Sony 2008-08-27 16:30 . 2008-08-27 16:30 <REP> d-------- C:\Program Files\Common Files 2008-08-27 09:43 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-27 00:40 . 2008-08-27 00:40 <REP> d-------- C:\Program Files\Free Audio Pack 2008-08-26 23:52 . 2008-08-26 23:52 <REP> d-------- C:\Documents and Settings\Formation\Application Data\AVS4YOU 2008-08-26 23:52 . 2008-08-26 23:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-08-26 23:47 . 2008-08-27 00:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-08-26 23:47 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll 2008-08-26 23:47 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 23:02 --------- d-----w C:\Documents and Settings\Formation\Application Data\Skype 2008-09-11 19:26 --------- d-----w C:\Program Files\BitTorrent Fastest Tool 2008-09-11 14:01 --------- d-----w C:\Program Files\Securitoo 2008-09-11 10:34 --------- d-----w C:\Program Files\PiloteContactV2 2008-09-11 10:34 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-09-11 10:00 --------- d-----w C:\Program Files\Google 2008-09-11 08:21 --------- d-----w C:\Program Files\eMule 2008-09-09 11:28 --------- d-----w C:\Program Files\Everest Poker 2008-08-27 21:29 --------- d-----w C:\Program Files\WinamaxPoker 2008-07-20 11:50 --------- d-----w C:\Documents and Settings\Formation\Application Data\PC Suite 2008-07-20 09:20 --------- d-----w C:\Documents and Settings\Formation\Application Data\Nokia Multimedia Player 2008-07-20 09:18 --------- d-----w C:\Documents and Settings\Formation\Application Data\Nokia 2008-07-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2008-07-20 09:16 --------- d-----w C:\Program Files\Nokia 2008-07-20 09:16 --------- d-----w C:\Program Files\Fichiers communs\PCSuite 2008-07-20 09:16 --------- d-----w C:\Program Files\Fichiers communs\Nokia 2008-07-20 09:16 --------- d-----w C:\Program Files\DIFX 2008-07-20 09:15 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-07-20 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2007-07-27 11:16 11,641,493 ----a-w C:\Program Files\Panasonic.zip 2001-08-08 14:58 21,866 -c--a-w C:\Program Files\Fichiers communs\tppupd2k.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60B244BE-559D-4269-B96E-CD264D828EC9}] 2008-09-11 09:40 208896 --------- C:\Program Files\PC-Antispy\ASpyStBlk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Podmailing"="C:\Program Files\Podmailing\Podmailing start-minimized" [X] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 20053032] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "chkstr"="C:\WINDOWS\system32\gxelmron.exe" [2008-09-11 86016] "ApiUiProc"="C:\WINDOWS\system32\fglyrwha.exe" [2008-09-12 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-22 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-06 77824] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "ErreurChasseur"="C:\Program Files\ErreurChasseur\SysRep.exe" [2008-05-22 1761792] "PC-Antispy"="C:\Program Files\PC-Antispy\PC-Antispy.exe" [2008-09-11 11124736] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 115344] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "M1bEYxMmAk"="C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe" [2008-09-11 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIXL"= pclepixl.dll "VIDC.NTN1"= NUVision.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Podmailing\\podmailing.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1206:UDP"= 1206:UDP:Windows Media Format SDK (iexplore.exe) "1207:UDP"= 1207:UDP:Windows Media Format SDK (iexplore.exe) R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 8336] S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272] S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248] S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys [2000-07-16 136352] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432] S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ] S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536] S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [2002-06-24 36096] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKCU-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe HKLM-Run-BMN - C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe dm=http://erreurchasseur.com ad=http://erreurchasseur.com HKLM-Run-VirusRemover2008 - C:\Program Files\VirusRemover2008\VRM2008.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Formation\Application Data\Mozilla\Firefox\Profiles\fwr8rmb0.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= user_ppú«reref("goog0û|rele.toolbapú«rer.s(ýubscribe.pú†reagg(FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-12 23:01:04 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Podmailing\podmailing.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\Bin\hyperappel.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-12 23:09:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-12 21:09:39 Pre-Run: 8,120,381,440 octets libres Post-Run: 8,660,721,664 octets libres 307 --- E O F --- 2008-09-12 10:10:57
- le 12 septembre 2008
- 29 réponses
(RESOLU) pc infecté par trojan win 32 green screen

Manue2004 a posté un sujet dans Analyses et éradication malwares

Bonsoir, mon pc est infecté par un trojan win 32 green screen. J'ai effectue la démarche préalable de Megataupe. Je vous evoie donc mon rapport HIJACK THIS: Merci pour les conseils à suivre ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:49:00, on 12/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\ErreurChasseur\SysRep.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\Program Files\Podmailing\Podmailing.exe C:\DOCUME~1\FORMAT~1\LOCALS~1\Temp\1D.tmp.exe C:\WINDOWS\system32\gxelmron.exe C:\DOCUME~1\FORMAT~1\LOCALS~1\Temp\c.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Orange\Launcher\Launcher.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Formation\Local Settings\Temporary Internet Files\Content.IE5\0VM381P6\setup_sbd_fr[1].exe O4 - HKLM\..\Run: [ErreurChasseur] C:\Program Files\ErreurChasseur\SysRep.exe O4 - HKLM\..\Run: [bMN] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com O4 - HKLM\..\Run: [PC-Antispy] "C:\Program Files\PC-Antispy\PC-Antispy.exe" hide O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized O4 - HKCU\..\Run: [somefox] C:\DOCUME~1\FORMAT~1\LOCALS~1\Temp\1D.tmp.exe O4 - HKCU\..\Run: [chkstr] C:\WINDOWS\system32\gxelmron.exe O4 - HKLM\..\Policies\Explorer\Run: [M1bEYxMmAk] C:\Documents and Settings\All Users\Application Data\dubmlabe\fghuburo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120206911925 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153851926312 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {7392D73A-3C8A-8C5A-2C56-32193AFFD192} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9C2029F1-5568-AB17-E695-3AD20C72E795} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EDD2155-D714-4C7C-B8E1-8714AFB1A758}: NameServer = 192.168.0.1 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12988 bytes
- le 12 septembre 2008
- 29 réponses

Connexion

Manue2004

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Manue2004

SPOOL32 a causé une défaillance de page

SPOOL32 a causé une défaillance de page

SPOOL32 a causé une défaillance de page

SPOOL32 a causé une défaillance de page

Manue2004

Falkra

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

(RESOLU) pc infecté par trojan win 32 green screen

Zebulon

Outils en ligne

Naviguer