Aller au contenu

alexandre 69

Membres
  • Compteur de contenus

    32
  • Inscription

  • Dernière visite

Tout ce qui a été posté par alexandre 69

  1. Bonjour! Je ne sais pas si je suis sur le bon sujet de forum... mais je vous soumets mon problème: WINDOWS VISTA, PC portable HP, mise à jour windows update pack 2 ok. - A l'ouverture de ma cession, une petite fenêtre s'affiche avec le message suivant: "Host application a cessé de fonctionner... windows va fermer ce programme, etc..." mais cela ne perturbe pas énormément la navigation. Je souhaite tout de même résoudre ce problème. - De plus, j'ai également un pb de script: une fenêtre avec un message m'avertissant qu'un script sur une page internet n'a pas pu fonctionner, voulez vous poursuivre le script "oui" ou "non" - Enfin, sans savoir comment, mes hauts parleur diffusent les sons d'un film sans qu'aucun programme ne semble démarrer, ou qu'aucune image n'apparaisse. J'ai téléchargé ZHPDiag de Nicolas Coolman sur mon bureau, et voici le rapport que j'obtiens: © CJoint.com, 2010 Merci de votre aide
  2. Personne d'autre n'a de solution?
  3. Merci pour ces conseils Après vérification, je suis allé sur le site: www.touslesdrivers.com où j'ai téléchargé les dernières mises à jour de ma carte graphique: Ati Radeon Mobility HD 2000/3000/4000/5000/6000 (drivers 11.3 WHQL) MAIS Après redémarrage, j'ai tjrs le même problème avec le même message: "Host application a cessé de fonctionner... etc..." ...
  4. Bonjour! Je ne sais pas si je suis sur le bon sujet de forum... mais je vous soumets mon problème: WINDOWS VISTA, PC portable HP, mise à jour winows update pack 2 fait hier. Une petite fenêtre s'affiche avec le message suivant: "Host application a cessé de fonctionner... windows va fermer ce programme, etc..." mais cela ne perturbe pas énormément la navigation. Je souhaite tout de même résoudre ce problème. S'agit il d'un pb de mise a jour de carte graphique "ATI" comme j'ai pu le lire un peut partout sur des forums? Si c'est le cas... comment connaitre mon type de carte graphique pour la mettre a jour? BREF comment régler ce pb de "Host application a cessé de fonctionner"? Merci
  5. Ok, c'est fait... Merci NARDINO ! Message clôturé
  6. Ca y est j'ai tout recommencé. J'ai redémarré mon PC et pendant plus de 2 heures il a effectué des modifications du type remplacement de "clusters" (???) Et quand il a eu traité 100% des fichiers mon PC a redémarré normalement. Et la tout fonctionne bien, ca ne rame plus, tout refonctionne comme avant. Je suppose que les réparations faites avant le démarrage et les fichiers remplacés ont eu raison du problème. Est ce que je peux savoir ce qui a pu se passer pour que mon PC ait connu ce problème? Vu le nombre de fichiers remplacés et réparés, j'imagine que les problèmes se sont accumulés dans le temps sans que je m'en rende compte... L'antivirus AVIRA est il efficace? Merci
  7. OK, j'ai lancé le "chkdsk /r" sur le DOS. J'obtiens les messages suivants: ------------------------------------------------------------ Le type de fichiers est NTFS. Impossible de verrouiller le lecteur en cours. CHKDSK ne peut s'exécuter parce que le volume est utilisé par un autre processus. Voulez vous que ce volume soit vérifié au prochain redémarrage du système? O/N ----> ce à quoi je tape O Ce volume sera vérifié au prochain redémarrage du système. C:\Windows\systeme32>_ --------------------------------------------------------------- Voila et ca s'arrête là... Alors moi j'attends un moment... la deuxième question??? (parce qu'apparemment tu as dit qu'il y avait deux questions auxquels il fallait répondre "O"...) Rien ne se passe. Je ferme tout, Je reboot ma machine, et pendant le redémarrage, il se passe effectivement une sorte de scan avant que mon bureau ne s'ouvre normalement... Alors je retente le coup du CHKDSK... Mais, même message... :-? Je note cependant une légère amélioration: Après qq minutes de laguage en bonne et due forme, mon PC ne rame plus. CAD que ça rame au début de l'allumage, pendant les 1ere min de connexion sur le net, et puis après ce laps de temps, je surf normalement, j'ouvre mes fenêtres normalement, etc... Mais je ne comprends pas pourquoi je n'arrive pas a aller au bout de ta procédure.
  8. Bonsoir après le lancement de sfc /scannow dans l'invite de commandes, au bout de 63 % le processus s'arrête avec le message suivant: "La protection des ressources windows n'a pas réussi à effectuer l'opération demandée" J'ai tenté par deux fois de lancer sfc / scannow et à chaque tentative il ne va pas au delà de 63 % et s'arrête avec le message ci dessus...
  9. Merci, Le problème persiste toujours. Voici le rapport Combofix : ---------------------------------------------------------------------------------------------------------- ComboFix 11-01-19.04 - ysa 21/01/2011 0:57.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3038.1949 [GMT 1:00] Lancé depuis: c:\users\ysa\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-21 au 2011-01-21 )))))))))))))))))))))))))))))))))))) . 2011-01-21 00:14 . 2011-01-21 00:16 -------- d-----w- c:\users\ysa\AppData\Local\temp 2011-01-21 00:14 . 2011-01-21 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-19 21:05 . 2011-01-19 21:05 -------- d-----w- c:\program files\Ad-Remover 2011-01-19 19:16 . 2011-01-19 19:49 -------- d-----w- c:\program files\ZHPDiag 2011-01-18 12:37 . 2011-01-18 12:40 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-18 07:19 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B01569C9-202B-4BC1-BCA2-25D1E98F5618}\mpengine.dll 2011-01-16 12:09 . 2011-01-16 12:10 -------- d-----w- c:\program files\iTunes 2011-01-16 01:02 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll 2011-01-16 01:02 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll 2011-01-16 01:02 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll 2011-01-16 01:02 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-01-16 01:02 . 2006-10-18 19:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm 2011-01-16 01:02 . 2010-12-27 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-01-16 01:02 . 2011-01-16 01:02 -------- d-----w- c:\program files\K-Lite Codec Pack 2011-01-15 22:02 . 2011-01-15 22:02 -------- d-----w- c:\users\ysa\AppData\Roaming\Media Player Classic 2011-01-12 19:42 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll 2011-01-12 19:42 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-12 19:42 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-01-12 19:42 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-12 19:42 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-12 19:42 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-12 19:42 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2011-01-03 23:44 . 2011-01-11 23:24 -------- d-----w- c:\users\ysa\AppData\Roaming\Moyea 2011-01-01 23:09 . 2011-01-20 22:33 -------- d-----w- c:\program files\HTC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-12 17:53 . 2010-11-21 12:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-06 11:10 . 2010-12-15 23:25 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-06 11:10 . 2010-12-15 23:25 357376 ----a-w- c:\windows\system32\taskschd.dll 2010-11-06 11:10 . 2010-12-15 23:25 270336 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-06 11:09 . 2010-12-15 23:25 603648 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-05 00:53 . 2010-12-15 23:25 171520 ----a-w- c:\windows\system32\taskeng.exe 2010-10-28 15:02 . 2010-12-15 23:25 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-28 13:03 . 2010-12-15 23:25 292352 ----a-w- c:\windows\system32\atmfd.dll 2010-10-28 12:56 . 2010-12-15 23:25 2048 ----a-w- c:\windows\system32\tzres.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904] "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200] "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120] "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/09 17:04];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 17:04 87536] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' 2009-11-16 c:\windows\Tasks\HPCeeScheduleForAdministrator.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-23 10:34] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\ysa\AppData\Roaming\Mozilla\Firefox\Profiles\v5w5d0rl.Utilisateur par défaut\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-21 01:15 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2011-01-21 01:34:23 ComboFix-quarantined-files.txt 2011-01-21 00:33 Avant-CF: 433 679 106 048 octets libres Après-CF: 433 650 597 888 octets libres - - End Of File - - 1F86787EC9E24C465A2C1BC045DC3CAF
  10. Je crois que j'ai parlé un peu vite. Lorsque je me connecte sur le net pendant les 2 premières minutes tout fonctionne bien, puis ca rame à nouveau, avant de fonctionner correctement pour se bloquer encore. On dirait qu'un programme se déclenche, et que quand il fonctionne, la connexion net "ne répond pas"... bref tout se bloque pendant qques secondes, et ça, tout le temps, par intermitence...
  11. ben écoute, faut croire que oui... Avec une nuance: Tout a l'air de bien fonctionner, ca rame beaucoup moins. Je n'ai plus le message "ne répond pas" quand je suis sur mozilla. Sauf si je vais sur panneau de configuration pour essayer de désinstaller un programme, la fenêtre du panneau de configuration se bloque avec en haut le message "ne répond pas". Je tente de fermer,... et après un long moment le panneau de configuration se ferme enfin, mais mozilla se bloque à nouveau. Comme si le fait d'être aller sur le panneau de configuration créer à nouveau le problème. Si je redémarre le PC Tout fonctionne, sauf l'accès au panneau de configuration qui provoque de nouveau le blocage.
  12. OUps desolé! je me suis trompé dans la procédure, mais ca y est c'est fait: Quelle info je dois fournir?
  13. Bonsoir, excuse moi, mais quand je je tape firefox.exe -p dans la barre de recherche je tombe sur ce site: firefox.exe
  14. Quand je suis sur mozilla, j'ai un message qui apparait parfois: Script : https://secure.shared.live.com/_D/F$Live.SiteContent.Messenger/4.2.57152/release/Microsoft.Live.Core.LocalStorage.FF.js:39 le message dit que le script est en cours et me demande de continuer ou d'arrêter. J'ai l'impression que le problème vient de là...
  15. PC redémarré J'ai fais une mise à jour via windows update Mais j'ai toujours le problème de mozilla qui se bloque (ne répond pas) Meme le lancement du panneau de configuration rame...
  16. Je vois bien que AD-R a supprimé des fichiers, mais ca rame toujours. En plus je suis en train de télécharger le pack SP2 de Vista sur le site "telecharger.com" Mais ca va aetre long et difficile car à chaque fois le téléchargement s'arrête, et ne va pas jusqu'au bout. Voici le rapport AD Report: ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 19/01/11 à 17:30 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:05:03 le 19/01/2011, Mode normal Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 (X86) ysa@PC-DE-YSA (Hewlett-Packard HP Pavilion dv6 Notebook PC) ============== ACTION(S) ============== Fichier supprimé: C:\Users\ysa\AppData\Roaming\Mozilla\FireFox\Profiles\2aplqt2d.default\searchplugins\askcom.xml Dossier supprimé: C:\Program Files\Ask.com (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Users\ysa\AppData\Roaming\Mozilla\FireFox\Profiles\2aplqt2d.default\Prefs.js -- Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne supprimée: user_pref("browser.search.order.1", "Ask.com"); -- Fichier Fermé -- Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebsjafv Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.13 (fr)] ** -- C:\Users\ysa\AppData\Roaming\Mozilla\FireFox\Profiles\2aplqt2d.default\Prefs.js -- browser.download.dir, C:\\Users\\ysa\\Downloads browser.search.selectedEngine, Google browser.startup.homepage, www.google.fr browser.startup.homepage_override.mstone, rv:1.9.2.13 keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= privacy.popups.showBrowserMessage, false ======================================== ** Internet Explorer Version [7.0.6001.18000] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 3 Fichier(s) C:\Program Files\Ad-Remover\Backup: 16 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 19/01/2011 (3115 Octet(s)) Fin à: 22:06:37, 19/01/2011 ============== E.O.F ==============
  17. Merci, Je constate que mon PC rame surtout lorsque j'ouvre plusieurs fenêtres mozilla entre autre. Mais en tout cas le message "ne répond pas" apparait toujours à chaque répertoire que j'ouvre. Après avoir suivi à la lettre vos instructions,Voici le lien: © CJoint.com, 2010 Merci pour la suite
  18. Bonjour, Je vous remercie de bien vouloir m'aider à savoir ce qui cloche avec mon PC. Je suis sous windows vista J'ai AVIRA AntiVir Personal comme anti-virus Lorsque j'ouvre certains programme comme "le panneau de configuration", voir aussi mon navigateur "mozilla", le PC plante avec le message suivant: "ne répond pas". Même en lançant l'anti-virus AVIRA, celui ce bloque pendant de longue minute à divers stade de l'analyse. Voici le résultat log de "HIJACKTHIS". Si qqu'un remarque ce qui peut ralentir mon PC, merci d'avance. ---------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:20, on 18/01/2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18542) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\system32\wuauclt.exe C:\Users\ysa\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Pucuy.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 10601 bytes
  19. Effectivement depuis hier, je n'ai plus de fenetres intempestives qui s'ouvrent, alors que j'en avais systematiquement au moment du 1er clic sur internet explorer. Y a juste que à ses tout debuts lorsque j'allumais mon PC, il ne lui fallait pas plus de 10 scde pour avoir la connection reseau. Et depuis qq temps il faut que j'attende 1 mn au moins pour avoir la connection sans fil... . J'avais mis ce delais tardif sur le compte du declenchement de certains programmes au moment du demarrage. Mais je suppose que c'est un autre PB, et ca n'est pas plus perturbant finalement En tout cas Merci, j'ai mis NORTON Internet security en par feu dorenavant, et j'imagine que je devrais faire de frequents nettoyages... Si on en a enfin terminé, je te remercie d'avoir pris le temps de m'aider.
  20. c'est fait... Je precise que pendant le deroulement de l'opération certains messages sont apparus: Dans la fenêtre "FIND3M": "FINDSTR: impossible d'ouvrir temp01" Et puis qq secondes apres, un message d'erreur dans une autre fenetre erreur: "Impossible d'exploiter RegRuns00: erreur d'ouverture du fichier. Il pourrait y avoir une erreur de disque ou de fichier system" Sinon, le programme a continué son deroulement et voici le rapport "COMBOFIX", suivi d'un rapport "HiJackThis": COMBOFIX: ******************************************************************************** ******************************************* ComboFix 08-12-14.01 - rolle 2008-12-14 22:24:49.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.234 [GMT 1:00] Lancé depuis: c:\documents and settings\rolle\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\rolle\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\dsauth32.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\rolle\Application Data\Twain c:\program files\Everest Poker c:\program files\Everest Poker\casino.exe c:\program files\Everest Poker\cstart-tmp.exe c:\program files\Everest Poker\cstart.exe c:\program files\Everest Poker\data\fonts\kgp-en.ttf c:\program files\Everest Poker\data\mp-lobby\fr.gvt c:\program files\Everest Poker\data\mp-lobby\shared.gvt c:\program files\Everest Poker\data\mp-poker\background\black.gvt c:\program files\Everest Poker\data\mp-poker\background\china.gvt c:\program files\Everest Poker\data\mp-poker\background\default.gvt c:\program files\Everest Poker\data\mp-poker\background\garden.gvt c:\program files\Everest Poker\data\mp-poker\background\hawaii.gvt c:\program files\Everest Poker\data\mp-poker\background\japan.gvt c:\program files\Everest Poker\data\mp-poker\background\kitchen.gvt c:\program files\Everest Poker\data\mp-poker\background\med.gvt c:\program files\Everest Poker\data\mp-poker\background\woods.gvt c:\program files\Everest Poker\data\mp-poker\fr\bitmaps.gvt c:\program files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt c:\program files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt c:\program files\Everest Poker\data\mp-poker\shared.gvt c:\program files\Everest Poker\data\shared\fr\country.txt c:\program files\Everest Poker\data\shared\fr\language.txt c:\program files\Everest Poker\data\shared\fr\ordinal.txt c:\program files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt c:\program files\Everest Poker\data\shared\shared\bitmaps\check.art c:\program files\Everest Poker\data\shared\shared\bitmaps\chips.art c:\program files\Everest Poker\data\shared\shared\sounds\button.ogg c:\program files\Everest Poker\data\shared\shared\sounds\carddeal.ogg c:\program files\Everest Poker\data\shared\shared\sounds\cardflip.ogg c:\program files\Everest Poker\data\shared\shared\sounds\chipclick.ogg c:\program files\Everest Poker\data\startup\en\startup_strings.txt c:\program files\Everest Poker\data\startup\fr\cstart.txt c:\program files\Everest Poker\data\startup\fr\startup_strings.txt c:\program files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art c:\program files\Everest Poker\data\startup\shared\icons\ep.ico c:\program files\Everest Poker\data\startup\shared\sounds\alert.ogg c:\program files\Everest Poker\Everest Poker.exe c:\program files\Everest Poker\gvbase.dll c:\program files\Everest Poker\gvcrt.dll c:\program files\Everest Poker\gvgfx-dib.dll c:\program files\Everest Poker\gvgfx.dll c:\program files\Everest Poker\gvmain.dll c:\program files\Everest Poker\gvmain.exe c:\program files\Everest Poker\gvnetwork.dll c:\program files\Everest Poker\gvsound.dll c:\program files\Everest Poker\history\1381.txt c:\program files\Everest Poker\history\1382.txt c:\program files\Everest Poker\history\1383.txt c:\program files\Everest Poker\history\1386.txt c:\program files\Everest Poker\history\1387.txt c:\program files\Everest Poker\history\1388.txt c:\program files\Everest Poker\history\1389.txt c:\program files\Everest Poker\history\1390.txt c:\program files\Everest Poker\history\1391.txt c:\program files\Everest Poker\history\1392.txt c:\program files\Everest Poker\history\1393.txt c:\program files\Everest Poker\history\1394.txt c:\program files\Everest Poker\history\1395.txt c:\program files\Everest Poker\history\1396.txt c:\program files\Everest Poker\history\1397.txt c:\program files\Everest Poker\history\1398.txt c:\program files\Everest Poker\history\1402.txt c:\program files\Everest Poker\history\1403.txt c:\program files\Everest Poker\history\1404.txt c:\program files\Everest Poker\history\1405.txt c:\program files\Everest Poker\history\1406.txt c:\program files\Everest Poker\history\1407.txt c:\program files\Everest Poker\history\1408.txt c:\program files\Everest Poker\history\1409.txt c:\program files\Everest Poker\history\1411.txt c:\program files\Everest Poker\history\1412.txt c:\program files\Everest Poker\history\1414.txt c:\program files\Everest Poker\history\1416.txt c:\program files\Everest Poker\history\1417.txt c:\program files\Everest Poker\history\1418.txt c:\program files\Everest Poker\history\1420.txt c:\program files\Everest Poker\history\1422.txt c:\program files\Everest Poker\history\1424.txt c:\program files\Everest Poker\history\1425.txt c:\program files\Everest Poker\history\1426.txt c:\program files\Everest Poker\history\1427.txt c:\program files\Everest Poker\history\1429.txt c:\program files\Everest Poker\history\1430.txt c:\program files\Everest Poker\history\1431.txt c:\program files\Everest Poker\history\1439.txt c:\program files\Everest Poker\history\1441.txt c:\program files\Everest Poker\history\1443.txt c:\program files\Everest Poker\history\1444.txt c:\program files\Everest Poker\history\1445.txt c:\program files\Everest Poker\history\1446.txt c:\program files\Everest Poker\history\1447.txt c:\program files\Everest Poker\history\1449.txt c:\program files\Everest Poker\history\1450.txt c:\program files\Everest Poker\history\1451.txt c:\program files\Everest Poker\history\1452.txt c:\program files\Everest Poker\history\1453.txt c:\program files\Everest Poker\history\1454.txt c:\program files\Everest Poker\history\1455.txt c:\program files\Everest Poker\history\1456.txt c:\program files\Everest Poker\history\1458.txt c:\program files\Everest Poker\history\1459.txt c:\program files\Everest Poker\history\1460.txt c:\program files\Everest Poker\history\1461.txt c:\program files\Everest Poker\history\1462.txt c:\program files\Everest Poker\history\1463.txt c:\program files\Everest Poker\history\1464.txt c:\program files\Everest Poker\history\1465.txt c:\program files\Everest Poker\history\1467.txt c:\program files\Everest Poker\history\1468.txt c:\program files\Everest Poker\history\1469.txt c:\program files\Everest Poker\history\1470.txt c:\program files\Everest Poker\history\1471.txt c:\program files\Everest Poker\history\1472.txt c:\program files\Everest Poker\history\1473.txt c:\program files\Everest Poker\history\1474.txt c:\program files\Everest Poker\history\1475.txt c:\program files\Everest Poker\history\1476.txt c:\program files\Everest Poker\history\1477.txt c:\program files\Everest Poker\history\1478.txt c:\program files\Everest Poker\history\1479.txt c:\program files\Everest Poker\history\1480.txt c:\program files\Everest Poker\history\1481.txt c:\program files\Everest Poker\history\1482.txt c:\program files\Everest Poker\history\1483.txt c:\program files\Everest Poker\history\1484.txt c:\program files\Everest Poker\history\1485.txt c:\program files\Everest Poker\history\1486.txt c:\program files\Everest Poker\history\1487.txt c:\program files\Everest Poker\history\1488.txt c:\program files\Everest Poker\history\1489.txt c:\program files\Everest Poker\history\1490.txt c:\program files\Everest Poker\history\1492.txt c:\program files\Everest Poker\history\1493.txt c:\program files\Everest Poker\history\1494.txt c:\program files\Everest Poker\history\1495.txt c:\program files\Everest Poker\history\1496.txt c:\program files\Everest Poker\history\1497.txt c:\program files\Everest Poker\history\1498.txt c:\program files\Everest Poker\history\1499.txt c:\program files\Everest Poker\history\1500.txt c:\program files\Everest Poker\history\1501.txt c:\program files\Everest Poker\history\1502.txt c:\program files\Everest Poker\history\1503.txt c:\program files\Everest Poker\history\1504.txt c:\program files\Everest Poker\history\1505.txt c:\program files\Everest Poker\history\1506.txt c:\program files\Everest Poker\history\1507.txt c:\program files\Everest Poker\history\1508.txt c:\program files\Everest Poker\history\1509.txt c:\program files\Everest Poker\history\1510.txt c:\program files\Everest Poker\history\1511.txt c:\program files\Everest Poker\history\1512.txt c:\program files\Everest Poker\history\1513.txt c:\program files\Everest Poker\history\1514.txt c:\program files\Everest Poker\history\1515.txt c:\program files\Everest Poker\history\1516.txt c:\program files\Everest Poker\history\1517.txt c:\program files\Everest Poker\history\1518.txt c:\program files\Everest Poker\history\1519.txt c:\program files\Everest Poker\history\1520.txt c:\program files\Everest Poker\history\1521.txt c:\program files\Everest Poker\history\1522.txt c:\program files\Everest Poker\history\1523.txt c:\program files\Everest Poker\history\1524.txt c:\program files\Everest Poker\history\1525.txt c:\program files\Everest Poker\history\1526.txt c:\program files\Everest Poker\history\1527.txt c:\program files\Everest Poker\history\1529.txt c:\program files\Everest Poker\history\1530.txt c:\program files\Everest Poker\history\1531.txt c:\program files\Everest Poker\history\1535.txt c:\program files\Everest Poker\history\1536.txt c:\program files\Everest Poker\history\1537.txt c:\program files\Everest Poker\init.ini c:\program files\Everest Poker\log.dat c:\program files\Everest Poker\notes\Player-ALX_Majestik\Opponent-ysa_for_ever.xpn c:\program files\Everest Poker\settings.ini c:\program files\Everest Poker\toc_fr.ini c:\program files\Everest Poker\var\content-fr.dat c:\windows\system32\dsauth32.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DCOMEX -------\Legacy_SOFTWAREDISTRIBUTION32 -------\Service_DComEx -------\Service_SoftwareDistribution32 ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 )))))))))))))))))))))))))))))))))))) . 2008-12-14 12:52 . 2008-12-14 12:52 <REP> d-------- c:\program files\Moyea 2008-12-14 10:36 . 2008-12-14 10:36 <REP> d-------- C:\_OTMoveIt 2008-12-13 17:46 . 2008-12-13 17:46 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec 2008-12-10 21:01 . 2008-12-10 21:01 <REP> d-------- c:\program files\Symantec 2008-12-10 21:01 . 2008-12-10 21:01 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-10 21:01 . 2008-12-10 21:01 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-12-10 21:01 . 2008-12-10 21:01 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-10 21:01 . 2008-12-10 21:01 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-10 21:01 . 2008-12-10 21:01 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-10 21:00 . 2008-12-13 17:39 <REP> d-------- c:\windows\system32\drivers\NIS 2008-12-10 21:00 . 2008-12-10 21:00 <REP> d-------- c:\program files\Windows Sidebar 2008-12-10 21:00 . 2008-12-10 21:00 <REP> d-------- c:\program files\Norton Internet Security 2008-12-10 20:59 . 2008-12-10 20:59 <REP> d-------- c:\program files\NortonInstaller 2008-12-10 19:59 . 2008-12-10 20:01 <REP> d-------- C:\32788R22FWJFW.0.tmp 2008-12-08 22:23 . 2008-12-08 22:23 6,144 --a------ c:\windows\GnuHashes.ini 2008-12-08 22:16 . 2008-12-08 22:16 1,718 --ahs---- c:\windows\system32\GroupPolicy000.dat 2008-12-08 22:15 . 2008-12-08 22:15 373,760 --ahs---- c:\windows\system32\36.tmp 2008-12-08 21:50 . 2008-12-14 22:03 <REP> d-------- c:\documents and settings\rolle\Application Data\LimeWire 2008-12-08 14:28 . 2008-12-08 14:28 <REP> d-------- c:\program files\LimeWire 2008-12-08 03:17 . 2008-12-14 22:29 2,100 --a------ c:\documents and settings\All Users.BAK 2008-12-08 03:14 . 2008-12-08 03:14 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2008-12-08 03:14 . 2008-12-10 21:00 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Norton 2008-12-07 23:56 . 2008-12-10 19:51 <REP> d-------- c:\program files\Navilog1 2008-12-07 23:49 . 2008-12-07 23:51 <REP> d-------- c:\program files\Yahoo! 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\documents and settings\rolle\Application Data\Malwarebytes 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-12-07 17:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-07 17:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 21:01 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 14:06 . 2008-11-24 20:16 <REP> d-------- c:\windows\system32\vp2 2008-11-24 14:06 . 2008-11-24 20:14 <REP> d-------- c:\windows\system32\NX 2008-11-24 14:06 . 2008-12-06 00:40 <REP> d-------- C:\Temp 2008-11-23 23:56 . 2008-11-23 23:56 147,456 --a------ c:\windows\system32\vbzip10.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 21:09 --------- d-----w c:\program files\bwin 2008-12-11 18:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-25 21:38 --------- d-----w c:\program files\Java 2008-11-02 13:55 --------- d-----w c:\documents and settings\rolle\Application Data\Moyea 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-09-29 05:00 75 ----a-w c:\windows\Fonts\verdanaz._ttf 2008-09-28 20:52 264 ----a-w c:\windows\Fonts\webdings._ttf 2007-02-20 19:47 41,992 -c--a-w c:\documents and settings\rolle\Application Data\GDIPFONTCACHEV1.DAT 2006-09-11 00:29 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( snapshot@2008-12-14_19.03.53,82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-14 13:45:37 155,702 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\bcicon.exe + 2008-12-14 20:17:22 155,702 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\bcicon.exe - 2008-12-14 13:45:38 2,560 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2008-12-14 20:17:22 2,560 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe - 2008-12-14 13:45:35 34,304 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\misc.exe + 2008-12-14 20:17:21 34,304 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\misc.exe - 2008-12-14 13:45:38 8,192 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2008-12-14 20:17:22 8,192 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2008-12-14 13:45:38 3,584 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2008-12-14 20:17:22 3,584 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2008-12-14 13:45:38 114,688 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2008-12-14 20:17:23 114,688 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\outicon.exe - 2008-12-14 13:45:36 16,384 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2008-12-14 20:17:21 16,384 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2008-12-14 13:45:36 12,800 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\pubs.exe + 2008-12-14 20:17:21 12,800 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\pubs.exe - 2008-12-14 13:45:39 22,528 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2008-12-14 20:17:23 22,528 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2008-12-14 13:45:35 45,056 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2008-12-14 20:17:20 45,056 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2008-12-14 13:45:35 90,112 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2008-12-14 20:17:20 90,112 ----a-r c:\windows\Installer\{9113040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv "msacm.g723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 06:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2006-10-31 00:03 284184 c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2006-11-15 20:58 746520 c:\program files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-11-15 21:01 244512 c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Documents and Settings\\rolle\\Bureau\\Age Of Empire II\\empires2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Documents and Settings\\rolle\\Bureau\\Age Of Empire II\\age2_x1.exe"= R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1001000.021\SYMEFA.SYS [] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-12-12 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-12-12 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081210.002\IDSxpx86.sys [2008-12-11 274808] R2 LF30FS;LF30FS;\??\c:\program files\Everstrike Software\ XP 3.6\LF30XP.sys [2004-11-19 101488] R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 [] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-11 99376] S3 Philipscam2;Caméra numérique Philips 646 ; Vidéo;c:\windows\system32\DRIVERS\philcam1.sys [2006-10-19 75776] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop uInternet Connection Wizard,ShellNext = iexplore . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 22:29:57 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?7?9?0??`???? ???B???????????????B? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe c:\windows\system32\scardsvr.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\locator.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\vssvc.exe c:\program files\HPQ\Quick Launch Buttons\eabservr.exe c:\program files\Apoint2K\Apoint.exe c:\program files\Java\jre1.6.0_07\bin\jusched.exe c:\windows\AGRSMMSG.exe c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2008-12-14 22:35:39 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-14 21:35:34 ComboFix2.txt 2008-12-14 18:05:38 Avant-CF: 26 817 404 928 octets libres Après-CF: 26,886,037,504 octets libres 369 HIJACKTHIS: ******************************************************************************** ******************************************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:36:45, on 12/14/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\Program Files\bwin\bwinPoker.exe C:\Documents and Settings\rolle\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 5753 bytes
  21. Ok, mais pour info, tu m'as deja fait utilise le combofix, et j'avais poste un rapport le mercredi 10 décembre dernier. Ce qui y a de bizzare, c'est qu'apres avoir utilisé le programme "OTMoveIt3.exe"je n'ai plus trouvé le programme "combofix" sur mon bureau ni dans aucun fichiers programme. Ca l'a fait tout bonnement disparaitre. Cela dit, je l'ai a nouveau telechargé, lancé, et voici son rapport (suivi d'un nouveau rapport HiJackThis): ******************************************************************************** ********************************************************************************* ********************************************************************************* ***** ComboFix 08-12-14.01 - rolle 2008-12-14 18:57:49.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.163 [GMT 1:00] Lancé depuis: c:\documents and settings\rolle\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\config\systemprofile\Application Data\ShoppingReport c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\persist.dbs . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 )))))))))))))))))))))))))))))))))))) . 2008-12-14 18:55 . 2008-12-14 18:57 <REP> d-------- C:\Qoobox 2008-12-14 18:55 . 2008-12-14 19:03 <REP> d-------- C:\ComboFix 2008-12-14 12:52 . 2008-12-14 12:52 <REP> d-------- c:\program files\Moyea 2008-12-14 10:36 . 2008-12-14 10:36 <REP> d-------- C:\_OTMoveIt 2008-12-14 10:36 . 2008-12-14 10:36 <REP> d-------- C:\_OTMoveIt 2008-12-13 17:46 . 2008-12-13 17:46 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec 2008-12-10 21:10 . 2008-12-10 21:10 <REP> d--hs---- C:\RECYCLER 2008-12-10 21:01 . 2008-12-10 21:01 <REP> d-------- c:\program files\Symantec 2008-12-10 21:01 . 2008-12-10 21:01 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-10 21:01 . 2008-12-10 21:01 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-12-10 21:01 . 2008-12-10 21:01 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-10 21:01 . 2008-12-10 21:01 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-10 21:01 . 2008-12-10 21:01 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-10 21:00 . 2008-12-13 17:39 <REP> d-------- c:\windows\system32\drivers\NIS 2008-12-10 21:00 . 2008-12-10 21:00 <REP> d-------- c:\program files\Windows Sidebar 2008-12-10 21:00 . 2008-12-10 21:00 <REP> d-------- c:\program files\Norton Internet Security 2008-12-10 20:59 . 2008-12-10 20:59 <REP> d-------- c:\program files\NortonInstaller 2008-12-10 20:06 . 2008-12-10 20:06 <REP> drahs---- C:\cmdcons 2008-12-10 19:59 . 2008-12-10 20:01 <REP> d-------- C:\32788R22FWJFW.0.tmp 2008-12-10 19:59 . 2008-12-10 20:01 <REP> d-------- C:\32788R22FWJFW.0.tmp 2008-12-08 22:23 . 2008-12-08 22:23 6,144 --a------ c:\windows\GnuHashes.ini 2008-12-08 22:16 . 2008-12-08 22:16 1,718 --ahs---- c:\windows\system32\GroupPolicy000.dat 2008-12-08 22:15 . 2008-12-08 22:15 373,760 --ahs---- c:\windows\system32\36.tmp 2008-12-08 22:15 . 2008-12-14 10:36 135,168 --a------ c:\windows\system32\dsauth32.dll 2008-12-08 21:50 . 2008-12-14 16:41 <REP> d-------- c:\documents and settings\rolle\Application Data\LimeWire 2008-12-08 14:28 . 2008-12-08 14:28 <REP> d-------- c:\program files\LimeWire 2008-12-08 03:17 . 2008-12-11 22:53 2,100 --a------ c:\documents and settings\All Users.BAK 2008-12-08 03:14 . 2008-12-08 03:14 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2008-12-08 03:14 . 2008-12-10 21:00 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Norton 2008-12-07 23:56 . 2008-12-10 19:51 <REP> d-------- c:\program files\Navilog1 2008-12-07 23:49 . 2008-12-07 23:51 <REP> d-------- c:\program files\Yahoo! 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\documents and settings\rolle\Application Data\Malwarebytes 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-12-07 17:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-07 17:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 21:01 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 19:05 . 2008-11-29 01:58 <REP> d-------- c:\documents and settings\rolle\Application Data\Twain 2008-11-24 14:06 . 2008-11-24 20:16 <REP> d-------- c:\windows\system32\vp2 2008-11-24 14:06 . 2008-11-24 20:14 <REP> d-------- c:\windows\system32\NX 2008-11-24 14:06 . 2008-12-06 00:40 <REP> d-------- C:\Temp 2008-11-24 14:06 . 2008-12-06 00:40 <REP> d-------- C:\Temp 2008-11-23 23:56 . 2008-11-23 23:56 147,456 --a------ c:\windows\system32\vbzip10.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 17:28 --------- d-----w c:\program files\bwin 2008-12-11 18:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-25 21:38 --------- d-----w c:\program files\Java 2008-11-05 20:41 --------- d-----w c:\program files\Everest Poker 2008-11-02 13:55 --------- d-----w c:\documents and settings\rolle\Application Data\Moyea 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-09-29 05:00 75 ----a-w c:\windows\Fonts\verdanaz._ttf 2008-09-28 20:52 264 ----a-w c:\windows\Fonts\webdings._ttf 2007-02-20 19:47 41,992 -c--a-w c:\documents and settings\rolle\Application Data\GDIPFONTCACHEV1.DAT 2006-09-11 00:29 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-08 4730880] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "AGRSMMSG"="AGRSMMSG.exe" [2004-09-04 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c37c379511] 2008-12-14 10:36 135168 c:\windows\system32\dsauth32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv "msacm.g723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SoftwareDistribution32] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 06:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2006-10-31 00:03 284184 c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2006-11-15 20:58 746520 c:\program files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-11-15 21:01 244512 c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Documents and Settings\\rolle\\Bureau\\Age Of Empire II\\empires2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Documents and Settings\\rolle\\Bureau\\Age Of Empire II\\age2_x1.exe"= R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1001000.021\SYMEFA.SYS [] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-12-12 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-12-12 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081210.002\IDSxpx86.sys [2008-12-11 274808] R2 LF30FS;LF30FS;\??\c:\program files\Everstrike Software\ XP 3.6\LF30XP.sys [2004-11-19 101488] R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 [] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-11 99376] S2 DComEx;COM+ System Executer;c:\windows\System32\SoftwareDistribution32\mmc.exe [] S2 SoftwareDistribution32;Software Distribution;c:\windows\Rootdistribution32.exe [] S3 Philipscam2;Caméra numérique Philips 646 ; Vidéo;c:\windows\system32\DRIVERS\philcam1.sys [2006-10-19 75776] *Newly Created Service* - CATCHME . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop uInternet Connection Wizard,ShellNext = iexplore . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 19:02:49 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?7?9?0??p???? ???B???????????????B? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1172) c:\windows\System32\dsauth32.dll c:\windows\system32\WININET.dll . Heure de fin: 2008-12-14 19:05:37 ComboFix-quarantined-files.txt 2008-12-14 18:04:55 Avant-CF: 27 667 947 520 octets libres Après-CF: 27,663,372,288 octets libres 164 ******************************************************************************** ********************************************************************************* ********************************************************************************* ****** Rapport HiJackThis (il semble que la methode brusque n'ait pas marché): J'ai tjrs qq pop up de "scan PC" moins virulents qu'avant... mais ils sont tjrs la. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:19, on 12/14/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\rolle\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - Winlogon Notify: 6c37c379511 - C:\WINDOWS\System32\dsauth32.dll O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 5950 bytes
  22. OK Mais les ligne pour lesquels tum'as fait faire un "Fix checked" sont toujours la... c'est normale? Rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:33, on 12/14/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\bwin\bwinPoker.exe C:\Program Files\LimeWire\LimeWire.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\Documents and Settings\rolle\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - Winlogon Notify: 6c37c379511 - C:\WINDOWS\System32\dsauth32.dll O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 6076 bytes
  23. Voici le rapport resultant e l'utilisation de "MoveIt3". Mais avant tout, je signale que j'ai encore qq pop up qui ont la vie dur, par exemple, la page : " http://scannersg.com/sg1/1/10156/?a=1&FLDFHT=OIEcTcObaYIOQOWfOEWbbIPEYePIUIeR_yPPP_yZEZKY_yYWW_yfr_y8J22_yPQ-gWT-gPR-gWTO_yY_yZEZ-tCSFL8-tFK5MK " qui se lance toute seule et me propose un scan de mon PC quand j'ouvre internet explorer... Rapport de OTMoveIt3.exe: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== DllUnregisterServer procedure not found in C:\WINDOWS\System32\dsauth32.dll C:\WINDOWS\System32\dsauth32.dll NOT unregistered. C:\WINDOWS\System32\dsauth32.dll moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c37c379511\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\rolle\LOCALS~1\Temp\~DF1AE7.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\rolle\LOCALS~1\Temp\~DF260B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\rolle\LOCALS~1\Temp\~DF262A.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\JET559D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_210.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_103625 Files moved on Reboot... C:\DOCUME~1\rolle\LOCALS~1\Temp\~DF1AE7.tmp moved successfully. File C:\DOCUME~1\rolle\LOCALS~1\Temp\~DF260B.tmp not found! File C:\DOCUME~1\rolle\LOCALS~1\Temp\~DF262A.tmp not found! File C:\WINDOWS\temp\JET559D.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_210.dat not found!
  24. voila le resultat de l'analyse "virus total": Fichier dsauth32.dll reçu le 2008.12.13 18:48:40 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.12.2 2008.12.13 - AntiVir 7.9.0.45 2008.12.12 TR/Spy.Gen Authentium 5.1.0.4 2008.12.13 W32/Heuristic-KPP!Eldorado Avast 4.8.1281.0 2008.12.12 Win32:Spyware-gen AVG 8.0.0.199 2008.12.13 PSW.OnlineGames.BIYW BitDefender 7.2 2008.12.13 Trojan.Generic.1221950 CAT-QuickHeal 10.00 2008.12.13 - ClamAV 0.94.1 2008.12.13 - Comodo 741 2008.12.12 - DrWeb 4.44.0.09170 2008.12.13 DLOADER.Trojan eSafe 7.0.17.0 2008.12.11 - eTrust-Vet 31.6.6258 2008.12.12 - Ewido 4.0 2008.12.13 - F-Prot 4.4.4.56 2008.12.13 W32/Heuristic-KPP!Eldorado F-Secure 8.0.14332.0 2008.12.13 Trojan-Downloader.Win32.Agent.atko Fortinet 3.117.0.0 2008.12.13 W32/Agent.ATKO!tr.dldr GData 19 2008.12.13 Trojan.Generic.1221950 Ikarus T3.1.1.45.0 2008.12.13 Trojan-Dropper.Agent K7AntiVirus 7.10.553 2008.12.13 - Kaspersky 7.0.0.125 2008.12.13 Trojan-Downloader.Win32.Agent.atko McAfee 5462 2008.12.13 Generic Downloader.x McAfee+Artemis 5462 2008.12.13 Generic Downloader.x Microsoft 1.4205 2008.12.13 TrojanDownloader:Win32/Tracur.A NOD32 3688 2008.12.12 a variant of Win32/Agent.OAF Norman 5.80.02 2008.12.12 - Panda 9.0.0.4 2008.12.13 Trj/Downloader.MDW PCTools 4.4.2.0 2008.12.13 - Prevx1 V2 2008.12.13 Cloaked Malware Rising 21.07.52.00 2008.12.13 - SecureWeb-Gateway 6.7.6 2008.12.12 Trojan.Spy.Gen Sophos 4.36.0 2008.12.13 Mal/Behav-027 Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.13 - TheHacker 6.3.1.2.186 2008.12.12 - TrendMicro 8.700.0.1004 2008.12.12 - VBA32 3.12.8.10 2008.12.12 - ViRobot 2008.12.12.1515 2008.12.12 - VirusBuster 4.5.11.0 2008.12.13 - Information additionnelle File size: 135168 bytes MD5...: 746bdd7d01eff41ea203a959e22bcfcb SHA1..: 31ecd9d1e3477b0a84f40072b5257548c26b8eea SHA256: be5b20d9dcf584ff0bf048b649521bbfe62715c514ce88301e81700be0d42d02 SHA512: 387753ba7ddcc92a3f99723201f00a919f1c1a4280fa6bae9f61c1bf6c7ee775<BR>9fd1e86407b40e4bac0c2f9e0fc5b06a5e35403305e43957ccb4e24b9535a8a6<BR> ssdeep: 3072:f+UoWJchAdvNIF4ktORakv3nOY3TBfCeZeTdw/gQlVI:RKAdK4JXx3TBqHC<BR>/3rI<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10001ff0<BR>timedatestamp.....: 0x493d0c5e (Mon Dec 08 12:00:30 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x153b4 0x16000 6.46 6c1b50062c4f0eaca15c55e1d21b1665<BR>.rdata 0x17000 0x6319 0x7000 6.29 3adb86d85b3f9365d60d43abfd597307<BR>.data 0x1e000 0x16b0 0x1000 2.09 47c790c6ba3dd67dfec7cb29b8187d52<BR>.reloc 0x20000 0x1aec 0x2000 5.90 67245f74a2039610718bde9acb8b38b6<BR><BR>( 11 imports ) <BR>> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv<BR>> msvcrt.dll: strtok<BR>> WS2_32.dll: WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, -, -, WSARecv, WSACreateEvent, WSAGetOverlappedResult, -, -, -, -, -, -<BR>> WININET.dll: HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetReadFile, InternetOpenUrlA, InternetCloseHandle, InternetConnectA, InternetSetOptionA, HttpAddRequestHeadersA<BR>> OLEAUT32.dll: -, -<BR>> SHLWAPI.dll: PathFileExistsA<BR>> KERNEL32.dll: WaitForMultipleObjects, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, FreeLibrary, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedExchange, CreateEventA, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetFileSize, lstrcpyA, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, lstrlenA, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, EnterCriticalSection, CreateFileA, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess<BR>> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA<BR>> ADVAPI32.dll: OpenSCManagerA, CloseServiceHandle, OpenServiceA, ControlService, ChangeServiceConfigA, RegDeleteKeyA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA<BR>> SHELL32.dll: ShellExecuteA, SHGetFolderPathA<BR>> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance<BR><BR>( 2 exports ) <BR>DllGetClassObject, EventStartup<BR> Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=DB509D8700EDD75B102F02F36F73B700EA043218"'>http://info.prevx.com/aboutprogramtext.asp?PX5=DB509D8700EDD75B102F02F36F73B700EA043218" target=_blank>http://info.prevx.com/aboutprogramtext.asp?PX5=DB509D8700EDD75B102F02F36F73B700EA043218</A>'>http://info.prevx.com/aboutprogramtext.asp?PX5=DB509D8700EDD75B102F02F36F73B700EA043218</A> CWSandbox info: <A href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=746bdd7d01eff41ea203a959e22bcfcb"'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=746bdd7d01eff41ea203a959e22bcfcb" target=_blank>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=746bdd7d01eff41ea203a959e22bcfcb</A>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=746bdd7d01eff41ea203a959e22bcfcb</A> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.12.2 2008.12.13 - AntiVir 7.9.0.45 2008.12.12 TR/Spy.Gen Authentium 5.1.0.4 2008.12.13 W32/Heuristic-KPP!Eldorado Avast 4.8.1281.0 2008.12.12 Win32:Spyware-gen AVG 8.0.0.199 2008.12.13 PSW.OnlineGames.BIYW BitDefender 7.2 2008.12.13 Trojan.Generic.1221950 CAT-QuickHeal 10.00 2008.12.13 - ClamAV 0.94.1 2008.12.13 - Comodo 741 2008.12.12 - DrWeb 4.44.0.09170 2008.12.13 DLOADER.Trojan eSafe 7.0.17.0 2008.12.11 - eTrust-Vet 31.6.6258 2008.12.12 - Ewido 4.0 2008.12.13 - F-Prot 4.4.4.56 2008.12.13 W32/Heuristic-KPP!Eldorado F-Secure 8.0.14332.0 2008.12.13 Trojan-Downloader.Win32.Agent.atko Fortinet 3.117.0.0 2008.12.13 W32/Agent.ATKO!tr.dldr GData 19 2008.12.13 Trojan.Generic.1221950 Ikarus T3.1.1.45.0 2008.12.13 Trojan-Dropper.Agent K7AntiVirus 7.10.553 2008.12.13 - Kaspersky 7.0.0.125 2008.12.13 Trojan-Downloader.Win32.Agent.atko McAfee 5462 2008.12.13 Generic Downloader.x McAfee+Artemis 5462 2008.12.13 Generic Downloader.x Microsoft 1.4205 2008.12.13 TrojanDownloader:Win32/Tracur.A NOD32 3688 2008.12.12 a variant of Win32/Agent.OAF Norman 5.80.02 2008.12.12 - Panda 9.0.0.4 2008.12.13 Trj/Downloader.MDW PCTools 4.4.2.0 2008.12.13 - Prevx1 V2 2008.12.13 Cloaked Malware Rising 21.07.52.00 2008.12.13 - SecureWeb-Gateway 6.7.6 2008.12.12 Trojan.Spy.Gen Sophos 4.36.0 2008.12.13 Mal/Behav-027 Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.13 - TheHacker 6.3.1.2.186 2008.12.12 - TrendMicro 8.700.0.1004 2008.12.12 - VBA32 3.12.8.10 2008.12.12 - ViRobot 2008.12.12.1515 2008.12.12 - VirusBuster 4.5.11.0 2008.12.13 - Information additionnelle File size: 135168 bytes MD5...: 746bdd7d01eff41ea203a959e22bcfcb SHA1..: 31ecd9d1e3477b0a84f40072b5257548c26b8eea SHA256: be5b20d9dcf584ff0bf048b649521bbfe62715c514ce88301e81700be0d42d02 SHA512: 387753ba7ddcc92a3f99723201f00a919f1c1a4280fa6bae9f61c1bf6c7ee775<BR>9fd1e86407b40e4bac0c2f9e0fc5b06a5e35403305e43957ccb4e24b9535a8a6<BR> ssdeep: 3072:f+UoWJchAdvNIF4ktORakv3nOY3TBfCeZeTdw/gQlVI:RKAdK4JXx3TBqHC<BR>/3rI<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10001ff0<BR>timedatestamp.....: 0x493d0c5e (Mon Dec 08 12:00:30 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x153b4 0x16000 6.46 6c1b50062c4f0eaca15c55e1d21b1665<BR>.rdata 0x17000 0x6319 0x7000 6.29 3adb86d85b3f9365d60d43abfd597307<BR>.data 0x1e000 0x16b0 0x1000 2.09 47c790c6ba3dd67dfec7cb29b8187d52<BR>.reloc 0x20000 0x1aec 0x2000 5.90 67245f74a2039610718bde9acb8b38b6<BR><BR>( 11 imports ) <BR>> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv<BR>> msvcrt.dll: strtok<BR>> WS2_32.dll: WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, -, -, WSARecv, WSACreateEvent, WSAGetOverlappedResult, -, -, -, -, -, -<BR>> WININET.dll: HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetReadFile, InternetOpenUrlA, InternetCloseHandle, InternetConnectA, InternetSetOptionA, HttpAddRequestHeadersA<BR>> OLEAUT32.dll: -, -<BR>> SHLWAPI.dll: PathFileExistsA<BR>> KERNEL32.dll: WaitForMultipleObjects, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, FreeLibrary, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedExchange, CreateEventA, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetFileSize, lstrcpyA, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, lstrlenA, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, EnterCriticalSection, CreateFileA, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess<BR>> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA<BR>> ADVAPI32.dll: OpenSCManagerA, CloseServiceHandle, OpenServiceA, ControlService, ChangeServiceConfigA, RegDeleteKeyA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA<BR>> SHELL32.dll: ShellExecuteA, SHGetFolderPathA<BR>> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance<BR><BR>( 2 exports ) <BR>DllGetClassObject, EventStartup<BR> Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=DB509D8700EDD75B102F02F36F73B700EA043218" target=_blank>http://info.prevx.com/aboutprogramtext.asp?PX5=DB509D8700EDD75B102F02F36F73B700EA043218</A> CWSandbox info: <A href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=746bdd7d01eff41ea203a959e22bcfcb" target=_blank>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=746bdd7d01eff41ea203a959e22bcfcb</A>
×
×
  • Créer...