Aller au contenu

Désespérée

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Désespérée's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Désespérée
    Merci beaucoup pour ton aide précieuse.
  2. Désespérée
    Fichier V0350Mon.exe reçu le 2009.03.26 17:35:54 (CET)Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.26 - AhnLab-V3 5.0.0.2 2009.03.26 - AntiVir 7.9.0.129 2009.03.26 - Antiy-AVL 2.0.3.1 2009.03.26 - Authentium 5.1.2.4 2009.03.26 - Avast 4.8.1335.0 2009.03.25 - AVG 8.5.0.283 2009.03.26 - BitDefender 7.2 2009.03.26 - CAT-QuickHeal 10.00 2009.03.26 - ClamAV 0.94.1 2009.03.26 - Comodo 1085 2009.03.26 - DrWeb 4.44.0.09170 2009.03.26 - eSafe 7.0.17.0 2009.03.26 - eTrust-Vet 31.6.6418 2009.03.26 - F-Prot 4.4.4.56 2009.03.26 - F-Secure 8.0.14470.0 2009.03.26 - Fortinet 3.117.0.0 2009.03.26 - GData 19 2009.03.26 - Ikarus T3.1.1.48.0 2009.03.26 - K7AntiVirus 7.10.682 2009.03.26 - Kaspersky 7.0.0.125 2009.03.26 - McAfee 5564 2009.03.25 - McAfee+Artemis 5564 2009.03.25 - McAfee-GW-Edition 6.7.6 2009.03.26 - Microsoft 1.4502 2009.03.26 - NOD32 3966 2009.03.26 - Norman 6.00.06 2009.03.26 - nProtect 2009.1.8.0 2009.03.26 - Panda 10.0.0.10 2009.03.26 - PCTools 4.4.2.0 2009.03.26 - Prevx1 V2 2009.03.26 - Rising 21.22.32.00 2009.03.26 - Sophos 4.40.0 2009.03.26 - Sunbelt 3.2.1858.2 2009.03.26 - Symantec 1.4.4.12 2009.03.26 - TheHacker 6.3.3.7.292 2009.03.26 - TrendMicro 8.700.0.1004 2009.03.26 - VBA32 3.12.10.1 2009.03.26 - ViRobot 2009.3.26.1664 2009.03.26 - VirusBuster 4.6.5.0 2009.03.26 - Information additionnelle File size: 32768 bytes MD5...: 6ddeb7da0b74f9212f54ade82d836268 SHA1..: 1e4910725b33e608401ac6252644423c9facd455 SHA256: 03e3cebd4ddc69aef5823328c0accab1aaa76f52be75045a2fabf681665a8dba SHA512: 367967ff168f94359a5b26c589d56ecc4e3390916248fd1a408f3eb18f03675d<BR>6ae5563b8bdeeab6f46c31a91a9787570f57109f6cea111f8632927542128a7e ssdeep: 384:iAh1o0W95jUEGHPVYqGaC10XNglOd6f1/S/:P1LW95jUEGyqGa/NHd69/S/<BR> PEiD..: Armadillo v1.71 TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x31ce<BR>timedatestamp.....: 0x46653ef9 (Tue Jun 05 10:46:17 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x235c 0x3000 5.00 1e14ee375ba3ea757c3cc8c71d692215<BR>.rdata 0x4000 0x902 0x1000 3.35 c2c75c5c46e51e14a2b9ecf5d9695cf8<BR>.data 0x5000 0x260 0x1000 1.18 4af53ce6cf0c53fb8ae662b233681bb5<BR>PAGECONS 0x6000 0x10 0x1000 0.05 b108dd9efebe4d7ac76987fad2d0aa36<BR>.rsrc 0x7000 0x3b0 0x1000 0.94 61dee679f97c98797caddc1fa2406856<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: HeapFree, CreateFileA, lstrcatA, Sleep, WaitForSingleObject, HeapAlloc, GetTickCount, lstrcmpiA, lstrcpyA, lstrlenA, GetProcessHeap, OpenProcess, IsBadReadPtr, ResetEvent, CreateToolhelp32Snapshot, WaitForMultipleObjects, CreateMutexA, GetWindowsDirectoryA, GetFullPathNameA, GetModuleFileNameA, SetEvent, GetExitCodeProcess, CreateProcessA, CreateEventA, GetLastError, Process32First, Process32Next, GetVersionExA, GetStartupInfoA, CloseHandle, GetModuleHandleA<BR>> MSVCRT.dll: _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p__fmode, _except_handler3, _acmdln, __set_app_type, _controlfp, exit, _XcptFilter, _exit, _beginthread, _endthread, __p__commode<BR>> SHLWAPI.dll: StrStrIA<BR>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInstanceIdA, SetupDiGetDeviceInterfaceDetailA, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiGetClassDevsExA, SetupDiGetDeviceRegistryPropertyA<BR>> USER32.dll: IsDialogMessageA, GetMessageA, DispatchMessageA, BroadcastSystemMessageA, wsprintfA, TranslateMessage, GetWindowLongA, PostQuitMessage, SetWindowLongA, RegisterWindowMessageA, DestroyWindow, PostMessageA, IsWindow, CreateDialogParamA<BR>> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegSetValueExA, RegCloseKey<BR>> ksproxy.ax: KsSynchronousDeviceControl<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6ddeb7da0b74f9212f54ade82d836268''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6ddeb7da0b74f9212f54ade82d836268' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6ddeb7da0b74f9212f54ade82d836268</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6ddeb7da0b74f9212f54ade82d836268</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.26 - AhnLab-V3 5.0.0.2 2009.03.26 - AntiVir 7.9.0.129 2009.03.26 - Antiy-AVL 2.0.3.1 2009.03.26 - Authentium 5.1.2.4 2009.03.26 - Avast 4.8.1335.0 2009.03.25 - AVG 8.5.0.283 2009.03.26 - BitDefender 7.2 2009.03.26 - CAT-QuickHeal 10.00 2009.03.26 - ClamAV 0.94.1 2009.03.26 - Comodo 1085 2009.03.26 - DrWeb 4.44.0.09170 2009.03.26 - eSafe 7.0.17.0 2009.03.26 - eTrust-Vet 31.6.6418 2009.03.26 - F-Prot 4.4.4.56 2009.03.26 - F-Secure 8.0.14470.0 2009.03.26 - Fortinet 3.117.0.0 2009.03.26 - GData 19 2009.03.26 - Ikarus T3.1.1.48.0 2009.03.26 - K7AntiVirus 7.10.682 2009.03.26 - Kaspersky 7.0.0.125 2009.03.26 - McAfee 5564 2009.03.25 - McAfee+Artemis 5564 2009.03.25 - McAfee-GW-Edition 6.7.6 2009.03.26 - Microsoft 1.4502 2009.03.26 - NOD32 3966 2009.03.26 - Norman 6.00.06 2009.03.26 - nProtect 2009.1.8.0 2009.03.26 - Panda 10.0.0.10 2009.03.26 - PCTools 4.4.2.0 2009.03.26 - Prevx1 V2 2009.03.26 - Rising 21.22.32.00 2009.03.26 - Sophos 4.40.0 2009.03.26 - Sunbelt 3.2.1858.2 2009.03.26 - Symantec 1.4.4.12 2009.03.26 - TheHacker 6.3.3.7.292 2009.03.26 - TrendMicro 8.700.0.1004 2009.03.26 - VBA32 3.12.10.1 2009.03.26 - ViRobot 2009.3.26.1664 2009.03.26 - VirusBuster 4.6.5.0 2009.03.26 - Information additionnelle File size: 32768 bytes MD5...: 6ddeb7da0b74f9212f54ade82d836268 SHA1..: 1e4910725b33e608401ac6252644423c9facd455 SHA256: 03e3cebd4ddc69aef5823328c0accab1aaa76f52be75045a2fabf681665a8dba SHA512: 367967ff168f94359a5b26c589d56ecc4e3390916248fd1a408f3eb18f03675d<BR>6ae5563b8bdeeab6f46c31a91a9787570f57109f6cea111f8632927542128a7e ssdeep: 384:iAh1o0W95jUEGHPVYqGaC10XNglOd6f1/S/:P1LW95jUEGyqGa/NHd69/S/<BR> PEiD..: Armadillo v1.71 TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x31ce<BR>timedatestamp.....: 0x46653ef9 (Tue Jun 05 10:46:17 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x235c 0x3000 5.00 1e14ee375ba3ea757c3cc8c71d692215<BR>.rdata 0x4000 0x902 0x1000 3.35 c2c75c5c46e51e14a2b9ecf5d9695cf8<BR>.data 0x5000 0x260 0x1000 1.18 4af53ce6cf0c53fb8ae662b233681bb5<BR>PAGECONS 0x6000 0x10 0x1000 0.05 b108dd9efebe4d7ac76987fad2d0aa36<BR>.rsrc 0x7000 0x3b0 0x1000 0.94 61dee679f97c98797caddc1fa2406856<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: HeapFree, CreateFileA, lstrcatA, Sleep, WaitForSingleObject, HeapAlloc, GetTickCount, lstrcmpiA, lstrcpyA, lstrlenA, GetProcessHeap, OpenProcess, IsBadReadPtr, ResetEvent, CreateToolhelp32Snapshot, WaitForMultipleObjects, CreateMutexA, GetWindowsDirectoryA, GetFullPathNameA, GetModuleFileNameA, SetEvent, GetExitCodeProcess, CreateProcessA, CreateEventA, GetLastError, Process32First, Process32Next, GetVersionExA, GetStartupInfoA, CloseHandle, GetModuleHandleA<BR>> MSVCRT.dll: _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p__fmode, _except_handler3, _acmdln, __set_app_type, _controlfp, exit, _XcptFilter, _exit, _beginthread, _endthread, __p__commode<BR>> SHLWAPI.dll: StrStrIA<BR>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInstanceIdA, SetupDiGetDeviceInterfaceDetailA, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiGetClassDevsExA, SetupDiGetDeviceRegistryPropertyA<BR>> USER32.dll: IsDialogMessageA, GetMessageA, DispatchMessageA, BroadcastSystemMessageA, wsprintfA, TranslateMessage, GetWindowLongA, PostQuitMessage, SetWindowLongA, RegisterWindowMessageA, DestroyWindow, PostMessageA, IsWindow, CreateDialogParamA<BR>> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegSetValueExA, RegCloseKey<BR>> ksproxy.ax: KsSynchronousDeviceControl<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6ddeb7da0b74f9212f54ade82d836268' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6ddeb7da0b74f9212f54ade82d836268</a> Ceci ? =x
  3. Désespérée
    =), Etant donné que je ne me sers pas de cette machine, je ne peux pas vraiment dire.. mais elle a déjà meilleure mine qu'il y a quelques jours ^^'. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:19, on 26/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Shareaza\Shareaza.exe C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\Session 1\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.170:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - S-1-5-18 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9968 bytes
  4. Désespérée
    ComboFix 09-03-23.01 - Session 1 2009-03-25 19:25:28.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.703.377 [GMT 1:00] Lancé depuis: c:\documents and settings\Session 1\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Session 1\Bureau\CFscript.txt * Un nouveau point de restauration a été créé FILE :: C:\ARK2B.tmp C:\bla.exe C:\br.exe C:\cla.exe C:\gb.exe C:\nal.exe C:\pht.exe C:\rph.exe C:\sds.exe C:\settup.exe C:\tmp073.exe C:\tmp125.exe C:\tmp212.exe C:\tmp262.exe C:\tmp276.exe C:\tmp279.exe C:\tmp282.exe C:\tmp516.exe C:\tmp522.exe C:\tmp587.exe C:\tmp592.exe C:\tmp642.exe C:\tmp700.exe C:\tmp823.exe C:\tmp830.exe C:\tmp855.exe C:\tmp871.exe C:\tmp962.exe c:\windows\system32\config\systemprofile\Application Data\psvrr.exe c:\windows\system32\ovfsthaaxaksgdusckprseidvqaxemayoircfy.dat c:\windows\system32\ovfsthhowrhcwqxqtcwmbxfqkynlsdqxopjajk.dat c:\windows\system32\ovfsthtxjjybpnnsswffbyokxhwsyumijpdirx.dat c:\windows\system32\ovfsthwwklhxutqaoyosxldoptdyhlpmxbrvft.dat c:\windows\system32\sogebeja.dll c:\windows\system32\wosetehu.dll c:\windows\system32\yemuhiya.dll c:\windows\system32\zokemohi.dll C:\x3.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ARK2B.tmp C:\bla.exe C:\br.exe C:\cla.exe C:\gb.exe C:\nal.exe C:\pht.exe C:\rph.exe C:\sds.exe C:\settup.exe C:\tmp073.exe C:\tmp125.exe C:\tmp212.exe C:\tmp262.exe C:\tmp276.exe C:\tmp279.exe C:\tmp282.exe C:\tmp516.exe C:\tmp522.exe C:\tmp587.exe C:\tmp592.exe C:\tmp642.exe C:\tmp700.exe C:\tmp823.exe C:\tmp830.exe C:\tmp855.exe C:\tmp871.exe C:\tmp962.exe c:\windows\system32\config\systemprofile\Application Data\psvrr.exe c:\windows\system32\ovfsthaaxaksgdusckprseidvqaxemayoircfy.dat c:\windows\system32\ovfsthhowrhcwqxqtcwmbxfqkynlsdqxopjajk.dat c:\windows\system32\ovfsthtxjjybpnnsswffbyokxhwsyumijpdirx.dat c:\windows\system32\ovfsthwwklhxutqaoyosxldoptdyhlpmxbrvft.dat c:\windows\system32\sogebeja.dll c:\windows\system32\wosetehu.dll c:\windows\system32\yemuhiya.dll c:\windows\system32\zokemohi.dll C:\x3.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-25 au 2009-03-25 )))))))))))))))))))))))))))))))))))) . 2009-03-24 23:55 . 2009-03-24 23:55 <REP> d----c--- c:\program files\Malwarebytes' Anti-Malware 2009-03-24 23:55 . 2009-03-24 23:55 <REP> d----c--- c:\documents and settings\Session 1\Application Data\Malwarebytes 2009-03-24 23:55 . 2009-03-24 23:55 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-24 23:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-24 23:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-24 17:35 . 2009-03-24 17:35 83,968 --a------ c:\windows\system32\drivers\ovfsth.sys 2009-03-23 23:10 . 2009-03-24 23:14 <REP> d----c--- C:\Lop SD 2009-03-23 22:48 . 2009-03-24 23:09 <REP> d----c--- c:\program files\Navilog1 2009-03-22 18:55 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys 2009-03-22 18:55 . 2009-03-06 16:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys 2009-03-22 18:55 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys 2009-03-22 18:54 . 2009-03-23 21:59 <REP> d----c--- c:\program files\Spyware Doctor 2009-03-22 18:54 . 2009-03-22 18:57 <REP> d-------- c:\program files\Fichiers communs\PC Tools 2009-03-22 18:54 . 2009-03-22 18:54 <REP> d----c--- c:\documents and settings\Session 1\Application Data\PC Tools 2009-03-22 18:54 . 2009-03-22 18:54 <REP> d----c--- c:\documents and settings\All Users\Application Data\PC Tools 2009-03-22 18:54 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys 2009-03-22 10:27 . 2009-03-22 18:14 <REP> d----c--- c:\documents and settings\Session 1\Application Data\OFFICE One v7 2009-03-22 10:27 . 2009-03-22 10:30 <REP> d----c--- c:\documents and settings\All Users\Application Data\OFFICE One v7 2009-03-22 10:27 . 2009-03-22 10:27 16,384 --a------ c:\windows\system32\DsrSleep.dll 2009-03-22 10:23 . 2009-03-22 10:23 <REP> d----c--- c:\program files\MSBuild 2009-03-22 10:18 . 2009-03-22 10:18 <REP> d-------- c:\windows\system32\XPSViewer 2009-03-22 10:16 . 2009-03-22 10:16 <REP> d----c--- c:\program files\Reference Assemblies 2009-03-22 10:15 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-03-22 10:14 . 2009-03-22 10:30 <REP> d----c--- c:\program files\OFFICE One v7 2009-03-22 10:11 . 2009-03-22 10:11 <REP> d----c--- c:\program files\OFFICE One 7.0 2009-03-21 19:14 . 2009-03-21 19:14 <REP> dr---c--- c:\program files\Norton Internet Security 2009-03-21 18:37 . 2009-03-21 18:37 <REP> d----c--- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-03-20 22:55 . 2009-03-20 22:55 477,266 --a------ c:\windows\system32\vfhr.exe 2009-03-20 22:55 . 2009-03-20 22:55 45,056 --a------ c:\windows\system32\dLer.exe 2009-03-20 17:10 . 2009-03-20 17:10 <REP> d----c--- c:\program files\AxBx 2009-03-20 08:02 . 2009-03-20 08:02 <REP> d----c--- c:\program files\Avira 2009-03-20 08:02 . 2009-03-20 08:02 <REP> d----c--- c:\documents and settings\All Users\Application Data\Avira 2009-03-19 13:13 . 2009-03-19 13:13 40,960 --a------ c:\windows\system32\kuzDeccode.exe 2009-03-19 01:28 . 2009-03-19 01:28 40,448 --a------ c:\windows\system32\KuzSmall.exe 2009-03-19 01:04 . 2009-03-21 02:45 43 --a------ c:\windows\system32\ovfsthcmidkvcgolyrhvkgpkpquycfyrhebjyc.dat 2009-03-19 00:58 . 2009-03-21 02:45 21,166 --a------ c:\windows\system32\ovfsthkuibqnusuqpfecfygxrnnktnarojjdbp.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 17:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-03-25 17:00 --------- dc----w c:\program files\Norton Security Scan 2009-03-25 16:41 --------- dc----w c:\documents and settings\Session 1\Application Data\skypePM 2009-03-25 16:41 --------- dc----w c:\documents and settings\Session 1\Application Data\Skype 2009-03-23 22:13 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-22 09:32 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-03-22 09:13 --------- dc----w c:\program files\Java 2009-03-19 00:28 --------- dc----w c:\program files\Google 2009-03-18 21:13 --------- dc----w c:\program files\Dofus 2009-03-18 16:45 --------- dc----w c:\program files\Wakfu 2009-03-11 20:00 --------- dc----w c:\documents and settings\Session 1\Application Data\Creative 2009-03-11 14:58 --------- dc----w c:\program files\Microsoft Silverlight 2009-02-21 09:43 --------- dc----w c:\program files\Windows Live 2009-02-21 09:36 --------- dc----w c:\program files\Microsoft Sync Framework 2009-02-21 09:35 --------- dc----w c:\program files\Microsoft SQL Server Compact Edition 2009-02-13 16:25 --------- dc----w c:\documents and settings\Session 1\Application Data\LimeWire 2009-02-10 10:51 --------- dc----w c:\documents and settings\All Users\Application Data\Skype 2009-02-10 10:51 --------- dc----r c:\program files\Skype 2009-02-10 10:51 --------- d-----w c:\program files\Fichiers communs\Skype 2009-02-09 14:39 --------- dc----w c:\program files\SFR 2009-02-09 10:59 --------- dc----w c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-02-08 08:36 --------- dc----w c:\program files\Messenger Plus! Live 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys 2008-04-07 08:02 67,696 -c--a-w c:\program files\mozilla firefox\components\jar50.dll 2008-04-07 08:02 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-04-07 08:02 34,952 -c--a-w c:\program files\mozilla firefox\components\myspell.dll 2008-04-07 08:02 46,720 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-04-07 08:02 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-25_17.44.01.07 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-25 18:29:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_ec.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Configuration de la C-BOX"="c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 68856] "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-01-01 4739072] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600] "V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-03 64000] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] c:\documents and settings\Session 1\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-03-18 143360] c:\documents and settings\Session 1\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-03-18 143360] c:\documents and settings\Session 1\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-03-18 143360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-03-12 737800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\BSmaxScripT[7.0]\\mirc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\BSmaxScripT[7.0]\\backups\\mirc.exe"= "c:\\TeamScripT4\\mirc.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Ufasoft\\SocksChain\\SocksChain.exe"= "c:\\Program Files\\aMSN\\bin\\wish.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-22 130424] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-22 348752] S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-07-07 142656] S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-07-07 7424] S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-07-07 170368] . Contenu du dossier 'Tâches planifiées' 2009-03-25 c:\windows\Tasks\Norton Security Scan for Session 1.job - c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.msn.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 63.149.98.170:80 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Session 1\Application Data\Mozilla\Firefox\Profiles\a6324f46.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-25 19:30:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\ArcSoft\Magic-i 3\uMgiSvr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2009-03-25 19:34:12 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-25 18:34:08 ComboFix2.txt 2009-03-25 16:44:59 Avant-CF: 9 002 758 144 octets libres Après-CF: 9,115,729,920 octets libres 291 --- E O F --- 2009-03-12 02:01:01
  5. Désespérée
    ComboFix 09-03-23.01 - Session 1 2009-03-25 17:36:29.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.703.415 [GMT 1:00] Lancé depuis: c:\documents and settings\Session 1\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\file.exe c:\windows\system32\1000.exe c:\windows\system32\303369.exe c:\windows\system32\apikohaf.ini c:\windows\system32\bevajijo.dll c:\windows\system32\desoyahi.dll c:\windows\system32\eneluvil.ini c:\windows\system32\fozehiza.dll c:\windows\system32\gekujedo.dll c:\windows\system32\jegulufo.dll c:\windows\system32\kigebele.dll c:\windows\system32\leguzy.dll c:\windows\system32\nuhasugo.dll c:\windows\system32\oazzys.dll c:\windows\system32\osanuvin.ini c:\windows\system32\rhzuen.dll c:\windows\system32\rlybux.dll c:\windows\system32\sutuyeju.dll c:\windows\system32\suwefosa.dll c:\windows\system32\tabunibe.dll c:\windows\system32\tuzeyopu.dll c:\windows\system32\uniq.tll c:\windows\system32\vasidifu.dll c:\windows\system32\weyahuhu.dll c:\windows\system32\xlcqfe.dll c:\windows\system32\xmzisv.dll C:\xcrashdump.dat G:\autorun.inf g:\recycler\Desktop.ini ----- BITS: Il y a peut-être des sites infectés ----- hxxp://82.98.235.205 . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-25 au 2009-03-25 )))))))))))))))))))))))))))))))))))) . 2009-03-24 23:55 . 2009-03-24 23:55 <REP> d----c--- c:\program files\Malwarebytes' Anti-Malware 2009-03-24 23:55 . 2009-03-24 23:55 <REP> d----c--- c:\documents and settings\Session 1\Application Data\Malwarebytes 2009-03-24 23:55 . 2009-03-24 23:55 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-24 23:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-24 23:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-24 23:27 . 2009-03-25 00:07 132,608 --a--c--- C:\gb.exe 2009-03-24 17:37 . 2009-03-24 23:08 43 --a------ c:\windows\system32\ovfsthaaxaksgdusckprseidvqaxemayoircfy.dat 2009-03-24 17:35 . 2009-03-24 17:35 83,968 --a------ c:\windows\system32\drivers\ovfsth.sys 2009-03-24 17:30 . 2009-03-24 23:08 27,103 --a------ c:\windows\system32\ovfsthhowrhcwqxqtcwmbxfqkynlsdqxopjajk.dat 2009-03-24 15:21 . 2009-03-24 15:21 2,724 ---hs---- c:\windows\system32\yemuhiya.dll 2009-03-24 15:21 . 2009-03-24 15:21 2,724 ---hs---- c:\windows\system32\sogebeja.dll 2009-03-23 23:10 . 2009-03-24 23:14 <REP> d----c--- C:\Lop SD 2009-03-23 22:48 . 2009-03-24 23:09 <REP> d----c--- c:\program files\Navilog1 2009-03-23 18:47 . 2009-03-23 18:48 5,081 --a--c--- C:\sds.exe 2009-03-23 05:49 . 2009-03-23 05:49 45,568 --ahsc--- C:\tmp279.exe 2009-03-22 20:37 . 2009-03-22 20:37 45,568 --ahsc--- C:\tmp212.exe 2009-03-22 20:07 . 2009-03-22 20:07 44,544 --ahsc--- C:\tmp592.exe 2009-03-22 19:24 . 2009-03-22 19:24 44,544 --ahsc--- C:\tmp587.exe 2009-03-22 18:55 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys 2009-03-22 18:55 . 2009-03-06 16:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys 2009-03-22 18:55 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys 2009-03-22 18:54 . 2009-03-23 21:59 <REP> d----c--- c:\program files\Spyware Doctor 2009-03-22 18:54 . 2009-03-22 18:57 <REP> d-------- c:\program files\Fichiers communs\PC Tools 2009-03-22 18:54 . 2009-03-22 18:54 <REP> d----c--- c:\documents and settings\Session 1\Application Data\PC Tools 2009-03-22 18:54 . 2009-03-22 18:54 <REP> d----c--- c:\documents and settings\All Users\Application Data\PC Tools 2009-03-22 18:54 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys 2009-03-22 18:52 . 2009-03-22 18:52 44,544 --ahsc--- C:\tmp276.exe 2009-03-22 18:16 . 2009-03-22 18:16 44,544 --ahsc--- C:\tmp262.exe 2009-03-22 15:02 . 2009-03-22 15:02 44,544 --ahsc--- C:\tmp823.exe 2009-03-22 14:32 . 2009-03-22 14:32 44,544 --ahsc--- C:\tmp522.exe 2009-03-22 14:02 . 2009-03-22 14:02 44,544 --ahsc--- C:\tmp516.exe 2009-03-22 13:32 . 2009-03-22 13:32 44,544 --ahsc--- C:\tmp700.exe 2009-03-22 13:02 . 2009-03-22 13:02 44,544 --ahsc--- C:\tmp871.exe 2009-03-22 12:32 . 2009-03-22 12:32 44,544 --ahsc--- C:\tmp282.exe 2009-03-22 12:02 . 2009-03-22 12:02 44,544 --ahsc--- C:\tmp855.exe 2009-03-22 11:32 . 2009-03-22 11:32 44,544 --ahsc--- C:\tmp073.exe 2009-03-22 11:02 . 2009-03-22 11:02 44,544 --ahsc--- C:\tmp125.exe 2009-03-22 10:32 . 2009-03-22 10:32 44,544 --ahsc--- C:\tmp830.exe 2009-03-22 10:27 . 2009-03-22 18:14 <REP> d----c--- c:\documents and settings\Session 1\Application Data\OFFICE One v7 2009-03-22 10:27 . 2009-03-22 10:30 <REP> d----c--- c:\documents and settings\All Users\Application Data\OFFICE One v7 2009-03-22 10:27 . 2009-03-22 10:27 16,384 --a------ c:\windows\system32\DsrSleep.dll 2009-03-22 10:23 . 2009-03-22 10:23 <REP> d----c--- c:\program files\MSBuild 2009-03-22 10:18 . 2009-03-22 10:18 <REP> d-------- c:\windows\system32\XPSViewer 2009-03-22 10:16 . 2009-03-22 10:16 <REP> d----c--- c:\program files\Reference Assemblies 2009-03-22 10:15 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-03-22 10:14 . 2009-03-22 10:30 <REP> d----c--- c:\program files\OFFICE One v7 2009-03-22 10:11 . 2009-03-22 10:11 <REP> d----c--- c:\program files\OFFICE One 7.0 2009-03-22 10:02 . 2009-03-22 10:02 44,544 --ahsc--- C:\tmp962.exe 2009-03-22 03:14 . 2009-03-22 03:14 44,544 --ahsc--- C:\tmp642.exe 2009-03-21 19:14 . 2009-03-21 19:14 <REP> dr---c--- c:\program files\Norton Internet Security 2009-03-21 18:37 . 2009-03-21 18:37 <REP> d----c--- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-03-21 14:00 . 2009-03-23 02:24 43 --a------ c:\windows\system32\ovfsthwwklhxutqaoyosxldoptdyhlpmxbrvft.dat 2009-03-21 13:55 . 2009-03-23 06:24 17,250 --a------ c:\windows\system32\ovfsthtxjjybpnnsswffbyokxhwsyumijpdirx.dat 2009-03-20 22:55 . 2009-03-20 22:55 477,266 --a------ c:\windows\system32\vfhr.exe 2009-03-20 22:55 . 2009-03-20 22:55 45,056 --a------ c:\windows\system32\dLer.exe 2009-03-20 17:56 . 2009-03-20 17:56 5,465 --a--c--- C:\x3.exe 2009-03-20 17:22 . 2009-03-20 17:53 104,960 --a------ C:\ARK2B.tmp 2009-03-20 17:10 . 2009-03-20 17:10 <REP> d----c--- c:\program files\AxBx 2009-03-20 16:53 . 2009-03-20 16:59 262,196 --a--c--- C:\nal.exe 2009-03-20 15:31 . 2009-03-20 15:49 44,544 --a--c--- C:\pht.exe 2009-03-20 14:46 . 2009-03-20 18:41 110,592 --a--c--- C:\cla.exe 2009-03-20 14:32 . 2009-03-20 14:32 5,497 --a--c--- C:\rph.exe 2009-03-20 08:02 . 2009-03-20 08:02 <REP> d----c--- c:\program files\Avira 2009-03-20 08:02 . 2009-03-20 08:02 <REP> d----c--- c:\documents and settings\All Users\Application Data\Avira 2009-03-19 15:17 . 2009-03-19 15:17 2,724 ---hs---- c:\windows\system32\zokemohi.dll 2009-03-19 15:17 . 2009-03-19 15:17 2,724 ---hs---- c:\windows\system32\wosetehu.dll 2009-03-19 15:11 . 2009-03-21 14:21 110,592 --a--c--- C:\bla.exe 2009-03-19 13:13 . 2009-03-19 13:13 40,960 --a------ c:\windows\system32\kuzDeccode.exe 2009-03-19 01:28 . 2009-03-19 01:28 40,448 --a------ c:\windows\system32\KuzSmall.exe 2009-03-19 01:04 . 2009-03-21 02:45 43 --a------ c:\windows\system32\ovfsthcmidkvcgolyrhvkgpkpquycfyrhebjyc.dat 2009-03-19 00:58 . 2009-03-21 02:45 21,166 --a------ c:\windows\system32\ovfsthkuibqnusuqpfecfygxrnnktnarojjdbp.dat 2009-03-18 23:32 . 2009-03-18 23:32 5,425 --a--c--- C:\settup.exe 2009-03-18 15:27 . 2009-03-18 15:27 91 --a--c--- C:\br.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 16:41 --------- dc----w c:\documents and settings\Session 1\Application Data\skypePM 2009-03-25 16:41 --------- dc----w c:\documents and settings\Session 1\Application Data\Skype 2009-03-23 22:13 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-22 09:32 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-03-22 09:13 --------- dc----w c:\program files\Java 2009-03-20 17:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-03-20 17:00 --------- dc----w c:\program files\Norton Security Scan 2009-03-19 00:28 --------- dc----w c:\program files\Google 2009-03-18 21:13 --------- dc----w c:\program files\Dofus 2009-03-18 16:45 --------- dc----w c:\program files\Wakfu 2009-03-11 20:00 --------- dc----w c:\documents and settings\Session 1\Application Data\Creative 2009-03-11 14:58 --------- dc----w c:\program files\Microsoft Silverlight 2009-02-21 09:43 --------- dc----w c:\program files\Windows Live 2009-02-21 09:36 --------- dc----w c:\program files\Microsoft Sync Framework 2009-02-21 09:35 --------- dc----w c:\program files\Microsoft SQL Server Compact Edition 2009-02-13 16:25 --------- dc----w c:\documents and settings\Session 1\Application Data\LimeWire 2009-02-10 10:51 --------- dc----w c:\documents and settings\All Users\Application Data\Skype 2009-02-10 10:51 --------- dc----r c:\program files\Skype 2009-02-10 10:51 --------- d-----w c:\program files\Fichiers communs\Skype 2009-02-09 14:39 --------- dc----w c:\program files\SFR 2009-02-09 10:59 --------- dc----w c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-02-08 08:36 --------- dc----w c:\program files\Messenger Plus! Live 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys 2008-04-07 08:02 67,696 -c--a-w c:\program files\mozilla firefox\components\jar50.dll 2008-04-07 08:02 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-04-07 08:02 34,952 -c--a-w c:\program files\mozilla firefox\components\myspell.dll 2008-04-07 08:02 46,720 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-04-07 08:02 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Configuration de la C-BOX"="c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 68856] "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-01-01 4739072] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600] "V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-03 64000] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "Application Layer Gateway Services"="c:\windows\system32\wuauclt.exe" [2008-10-16 51224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "WinProx32_1"="c:\windows\system32\config\systemprofile\Application Data\psvrr.exe" [2009-03-21 465874] c:\documents and settings\Session 1\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-03-18 143360] c:\documents and settings\Session 1\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-03-18 143360] c:\documents and settings\Session 1\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-03-18 143360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-03-12 737800] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= quhlja.dll , [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\BSmaxScripT[7.0]\\mirc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\BSmaxScripT[7.0]\\backups\\mirc.exe"= "c:\\TeamScripT4\\mirc.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Ufasoft\\SocksChain\\SocksChain.exe"= "c:\\Program Files\\aMSN\\bin\\wish.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\pht.exe"= "c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\psvr32.exe"= "c:\\tmp642.exe"= "c:\\tmp962.exe"= "c:\\tmp262.exe"= "c:\\tmp276.exe"= "c:\\tmp592.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-22 130424] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-22 348752] S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-07-07 142656] S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-07-07 7424] S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-07-07 170368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\oosetupv7.exe . Contenu du dossier 'Tâches planifiées' 2009-03-22 c:\windows\Tasks\Norton Security Scan for Session 1.job - c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe HKLM-Run-Windows Upgrate Utility - c:\windows\system32\winulty.exe HKU-Default-Run-Java Syncro - c:\windows\TEMP\zchMiB.exe HKU-Default-Run-A00F11FD1A.exe - c:\windows\TEMP\_A00F11FD1A.exe Notify-WgaLogon - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.msn.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 63.149.98.170:80 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Session 1\Application Data\Mozilla\Firefox\Profiles\a6324f46.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-25 17:40:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\ArcSoft\Magic-i 3\uMgiSvr.exe c:\documents and settings\Session 1\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-03-25 17:44:58 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-25 16:44:53 Avant-CF: 9 135 124 480 octets libres Après-CF: 9,156,173,824 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 307 --- E O F --- 2009-03-12 02:01:01 C'est bon ? =x
  6. Désespérée
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:58:42, on 25/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Shareaza\Shareaza.exe C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\Session 1\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.170:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [Java Load] C:\WINDOWS\Temp\minisvr4.exe O4 - HKLM\..\Run: [Application Layer Gateway Services] C:\WINDOWS\system32\wuauclt.exe O4 - HKLM\..\Run: [Windows Upgrate Utility] C:\WINDOWS\system32\winulty.exe O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [hitutajula] Rundll32.exe "C:\WINDOWS\system32\babopeni.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [hitutajula] Rundll32.exe "C:\WINDOWS\system32\babopeni.dll",s (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Java Syncro] C:\WINDOWS\TEMP\zchMiB.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Java Syncro] C:\WINDOWS\TEMP\zchMiB.exe (User 'Default user') O4 - S-1-5-18 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: quhlja.dll , O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 10905 bytes
  7. Désespérée
    Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1893 Windows 5.1.2600 Service Pack 3 25/03/2009 00:09:32 mbam-log-2009-03-25 (00-09-32).txt Type de recherche: Examen rapide Eléments examinés: 66263 Temps écoulé: 4 minute(s), 8 second(s) Processus mémoire infecté(s): 3 Module(s) mémoire infecté(s): 6 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 12 Elément(s) de données du Registre infecté(s): 13 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 77 Processus mémoire infecté(s): C:\WINDOWS\fxsteller.exe (Backdoor.Bot) -> Unloaded process successfully. C:\WINDOWS\system32\svchosts.exe (Backdoor.Bot) -> Unloaded process successfully. C:\WINDOWS\system\servicers.exe (Backdoor.Bot) -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\WINDOWS\system32\ravebavi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fodedozu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vujikuro.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\babopeni.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\Ntofi.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\quhlja.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ebea29-b286-4a50-87f5-d157063be791} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b1ebea29-b286-4a50-87f5-d157063be791} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{590d0ec0-9213-49e8-8901-9dd65b58adea} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{590d0ec0-9213-49e8-8901-9dd65b58adea} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{590d0ec0-9213-49e8-8901-9dd65b58adea} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1ebea29-b286-4a50-87f5-d157063be791} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003303a (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hitutajula (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4f04e930 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c37daac (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oserefed (Trojan.Downloader) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\server (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinProx32_1 (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinProx32_1 (Trojan.Proxy) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ravebavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ravebavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fodedozu.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fodedozu.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fodedozu.dll -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\kazaabackupfiles (Worm.Archive) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\quhlja.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dunegudo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\odugenud.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fejahawo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\owahajef.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gereviba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\abivereg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gudiyibe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ebiyidug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hibonuli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ilunobih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\babopeni.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\ravebavi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vujikuro.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fodedozu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\Ntofi.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\fxsteller.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svchosts.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system\servicers.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jrykgoia.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kbftcfht.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vqsvezuw.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\telezeva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uwbywvdq.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthcjukixsmnqlanuqgkuyftbxncjmsmllq.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthgekljxdfqfvqmocwlhpjprwjixxsfjel.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthpfawvrqsqrxynrgmmpxvbpsugrnhugqf.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gldx.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svchosts.VIR (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthxhorirrviqjpxndfddnsveweyxlkaqqq.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sgaklllo.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\lqpuciobvsieerap.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\ovfsthhucobqerfdnyeqnedhvasbrnxmdopeht.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KazaaBackupFiles\shServ.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\asde.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\bmf.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\df.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\dfss.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\dfssz.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\dtte.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\fgh.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\fresh.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\gg.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\gtb.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\kliktaro.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\sysx.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\thp.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\pepz.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\pert.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\pertx.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\pthasdj.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\pthj.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\saxy.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\say.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\says.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\sdse.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temp\ovfsthiwqwhorxnd.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temp\ovfsthjbktcriuwm.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\6D4V2FC8\tmp123[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\6FTWXQD5\gur[1].jpg (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\DM50D4MA\kliktaro[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\DM50D4MA\loqk[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\DM50D4MA\ps[1].jpg (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\DM50D4MA\p[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\ENONH9HC\loqk[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Session 1\Local Settings\Temporary Internet Files\Content.IE5\ENONH9HC\as[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-5626138465-2572054573-490773595-4631\hod.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jamamafo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nutedemu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthbbvcbaoyurdjbdrodbvhyphqsimpmqsw.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthcdytdkpwrrlqlcopnqyirfcwyqujxpoo.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ovfsthkypibmlewinetawbcxyvblooqpyltabd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthnffchubqbufrirulnblujoeavelulhib.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ovfsthtsmvmnqdmkhgcmkbxcfdmiydsjolevpy.dll (Trojan.Agent) -> Delete on reboot. J'ai redémarré.
  8. Désespérée
    Clean Navipromo version 3.7.6 commencé le 24/03/2009 à 23:05:42,93 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Session 1 ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:19 Go (Free:8 Go) D:\ (Local Disk) - NTFS - Total:52 Go (Free:51 Go) E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Session 1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Session 1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Session 1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Session 1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Session 1\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * C:\WINDOWS\prefetch\ikqceac*.pf trouvé ! Copie C:\WINDOWS\prefetch\ikqceac*.pf réalisée avec succès ! C:\WINDOWS\prefetch\ikqceac*.pf supprimé ! * Dans "C:\Documents and Settings\Session 1\locals~1\applic~1" * ikqceac.exe trouvé ! Copie ikqceac.exe réalisée avec succès ! ikqceac.exe supprimé ! ikqceac.dat trouvé ! Copie ikqceac.dat réalisée avec succès ! ikqceac.dat supprimé ! ikqceac_nav.dat trouvé ! Copie ikqceac_nav.dat réalisée avec succès ! ikqceac_nav.dat supprimé ! ikqceac_navps.dat trouvé ! Copie ikqceac_navps.dat réalisée avec succès ! ikqceac_navps.dat supprimé ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 24/03/2009 à 23:09:01,51 ***
  9. Désespérée
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Session 1 ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:19 Go (Free:8 Go) D:\ (Local Disk) - NTFS - Total:52 Go (Free:51 Go) E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 24/03/2009|23:10 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\4 second.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\4 second.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\Mp3 skip.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\bhtomhqh.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\bows option skip.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\dzxyzpue.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\fuyjmeab.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\jargcryt.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\LicenseBlueSoftFirst.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\mpznbiyi.exe Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\wcsebewi.exe Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@advertstream[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@d2.advertserve[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@ero-advertising[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@adin.bigpoint[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@bigpoint[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.darkorbit.bigpoint[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.seafight.bigpoint[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.xblaster.bigpoint[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr1.seafight.bigpoint[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@banner.cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@www.cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@adopt.euroclick[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@pacificpoker[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@partypoker[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@lasvegascasino-web[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@2xmoinscher[1].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@www.2xmoinscher[2].txt Supprime! - C:\DOCUME~1\SESSIO~1\Cookies\session_1@888[2].txt Supprime! - C:\WINDOWS\Tasks\8154C92B81777D47.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default Supprime! - C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1 Supprime! - C:\Program Files\longfl~1 Supprime! - C:\Program Files\Circle Developement \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [22/03/2009|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [20/03/2009|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [02/08/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative [19/03/2009|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/03/2009|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files [22/12/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [09/02/2009|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [21/02/2009|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [07/07/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies [22/03/2009|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OFFICE One v7 [22/03/2009|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools [10/02/2009|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [23/03/2009|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [01/01/2009|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [02/01/2009|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller [02/01/2009|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [26/10/2008|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [21/06/2008|20:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [21/06/2008|20:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [21/06/2008|20:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [22/03/2009|18:14] C:\DOCUME~1\SESSIO~1\APPLIC~1\Adobe [04/11/2008|14:35] C:\DOCUME~1\SESSIO~1\APPLIC~1\ArcSoft [11/03/2009|21:00] C:\DOCUME~1\SESSIO~1\APPLIC~1\Creative [03/12/2008|19:50] C:\DOCUME~1\SESSIO~1\APPLIC~1\GetRightToGo [06/07/2008|18:50] C:\DOCUME~1\SESSIO~1\APPLIC~1\Google [24/06/2008|18:18] C:\DOCUME~1\SESSIO~1\APPLIC~1\gtk-2.0 [06/03/2009|18:30] C:\DOCUME~1\SESSIO~1\APPLIC~1\Help [21/06/2008|20:31] C:\DOCUME~1\SESSIO~1\APPLIC~1\Identities [07/07/2008|14:04] C:\DOCUME~1\SESSIO~1\APPLIC~1\InstallShield [13/02/2009|17:25] C:\DOCUME~1\SESSIO~1\APPLIC~1\LimeWire [29/12/2008|21:36] C:\DOCUME~1\SESSIO~1\APPLIC~1\Macromedia [18/03/2009|19:26] C:\DOCUME~1\SESSIO~1\APPLIC~1\Microsoft [27/07/2008|18:40] C:\DOCUME~1\SESSIO~1\APPLIC~1\mIRC [04/08/2008|22:57] C:\DOCUME~1\SESSIO~1\APPLIC~1\Mozilla [13/10/2008|18:08] C:\DOCUME~1\SESSIO~1\APPLIC~1\muvee Technologies [22/03/2009|18:14] C:\DOCUME~1\SESSIO~1\APPLIC~1\OFFICE One v7 [22/03/2009|18:54] C:\DOCUME~1\SESSIO~1\APPLIC~1\PC Tools [21/09/2008|15:47] C:\DOCUME~1\SESSIO~1\APPLIC~1\Samsung [07/08/2008|16:18] C:\DOCUME~1\SESSIO~1\APPLIC~1\Shareaza [23/03/2009|21:59] C:\DOCUME~1\SESSIO~1\APPLIC~1\Skype [24/03/2009|23:09] C:\DOCUME~1\SESSIO~1\APPLIC~1\skypePM [06/07/2008|18:49] C:\DOCUME~1\SESSIO~1\APPLIC~1\Sun [03/12/2008|19:41] C:\DOCUME~1\SESSIO~1\APPLIC~1\Ufasoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [22/03/2009 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan for Session 1.job [24/03/2009 23:07][--ah-----] C:\WINDOWS\tasks\SA.DAT [24/08/2001 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [29/11/2008|15:21] C:\Program Files\AbiSuite2 [22/03/2009|10:32] C:\Program Files\Adobe [21/06/2008|21:44] C:\Program Files\Alwil Software [02/01/2009|15:10] C:\Program Files\aMSN [03/11/2008|16:21] C:\Program Files\ArcSoft [20/03/2009|08:02] C:\Program Files\Avira [26/11/2008|14:24] C:\Program Files\AviSynth 2.5 [20/03/2009|17:10] C:\Program Files\AxBx [21/06/2008|20:33] C:\Program Files\Cegetel [21/06/2008|20:21] C:\Program Files\ComPlus Applications [02/08/2008|11:38] C:\Program Files\Creative [02/08/2008|11:38] C:\Program Files\Creative Installation Information [14/01/2009|14:30] C:\Program Files\Dictionnaire [18/03/2009|22:13] C:\Program Files\Dofus [08/01/2009|17:52] C:\Program Files\DVDVideoSoft [05/08/2008|15:20] C:\Program Files\Easy GIF Animator [05/08/2008|15:20] C:\Program Files\Easy Gif Animator Extension [26/11/2008|14:21] C:\Program Files\eRightSoft [22/03/2009|18:54] C:\Program Files\Fichiers communs [22/06/2008|12:01] C:\Program Files\GIMP-2.0 [19/03/2009|01:28] C:\Program Files\Google [22/12/2008|10:47] C:\Program Files\InstallShield Installation Information [21/02/2009|10:37] C:\Program Files\Internet Explorer [22/03/2009|10:13] C:\Program Files\Java [22/12/2008|10:34] C:\Program Files\Lavalys [17/10/2008|16:48] C:\Program Files\LimeWire [08/11/2008|19:38] C:\Program Files\Logitech [22/12/2008|10:17] C:\Program Files\ma-config.com [08/02/2009|09:36] C:\Program Files\Messenger Plus! Live [28/07/2008|21:00] C:\Program Files\Metin2_France [02/01/2009|13:42] C:\Program Files\Microsoft [21/06/2008|20:25] C:\Program Files\microsoft frontpage [11/03/2009|15:58] C:\Program Files\Microsoft Silverlight [21/02/2009|10:35] C:\Program Files\Microsoft SQL Server Compact Edition [21/02/2009|10:36] C:\Program Files\Microsoft Sync Framework [01/01/2009|22:07] C:\Program Files\Movie Maker [02/09/2008|11:20] C:\Program Files\Mozilla Firefox [22/03/2009|10:23] C:\Program Files\MSBuild [02/01/2009|14:28] C:\Program Files\MSECACHE [26/06/2008|18:10] C:\Program Files\MSN [21/06/2008|20:21] C:\Program Files\MSN Gaming Zone [04/10/2008|02:00] C:\Program Files\MSXML 4.0 [07/07/2008|14:10] C:\Program Files\muvee Technologies [24/03/2009|23:09] C:\Program Files\Navilog1 [01/01/2009|22:04] C:\Program Files\NetMeeting [21/03/2009|19:14] C:\Program Files\Norton Internet Security [20/03/2009|18:00] C:\Program Files\Norton Security Scan [22/03/2009|10:11] C:\Program Files\OFFICE One 7.0 [22/03/2009|10:30] C:\Program Files\OFFICE One v7 [21/06/2008|20:21] C:\Program Files\Online Services [01/01/2009|22:04] C:\Program Files\Outlook Express [22/06/2008|11:49] C:\Program Files\PhotoFiltre [02/09/2008|18:04] C:\Program Files\PhotoScape [22/03/2009|10:16] C:\Program Files\Reference Assemblies [21/06/2008|20:34] C:\Program Files\SAGEM [21/09/2008|15:41] C:\Program Files\Samsung [22/06/2008|12:21] C:\Program Files\Seagrand [21/06/2008|20:23] C:\Program Files\Services en ligne [09/02/2009|15:39] C:\Program Files\SFR [07/08/2008|16:18] C:\Program Files\Shareaza [07/07/2008|14:03] C:\Program Files\SightSpeed [10/02/2009|11:51] C:\Program Files\Skype [23/03/2009|21:59] C:\Program Files\Spyware Doctor [03/12/2008|19:40] C:\Program Files\Ufasoft [21/06/2008|20:31] C:\Program Files\Uninstall Information [22/12/2008|10:47] C:\Program Files\VIA [18/03/2009|17:45] C:\Program Files\Wakfu [02/01/2009|14:28] C:\Program Files\Windows Installer Clean Up [21/02/2009|10:43] C:\Program Files\Windows Live [02/01/2009|13:41] C:\Program Files\Windows Live SkyDrive [01/01/2009|22:07] C:\Program Files\Windows Media Player [01/01/2009|22:04] C:\Program Files\Windows NT [21/06/2008|20:23] C:\Program Files\WindowsUpdate [08/09/2008|19:46] C:\Program Files\World of Warcraft Trial [21/06/2008|20:25] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [22/03/2009|10:32] C:\Program Files\Fichiers communs\Adobe [03/11/2008|16:21] C:\Program Files\Fichiers communs\ArcSoft [28/07/2008|21:14] C:\Program Files\Fichiers communs\Blizzard Entertainment [02/08/2008|11:36] C:\Program Files\Fichiers communs\Creative [08/01/2009|17:52] C:\Program Files\Fichiers communs\DVDVideoSoft [22/12/2008|10:45] C:\Program Files\Fichiers communs\InstallShield [06/07/2008|18:46] C:\Program Files\Fichiers communs\Java [02/01/2009|13:42] C:\Program Files\Fichiers communs\Microsoft Shared [21/06/2008|20:22] C:\Program Files\Fichiers communs\MSSoap [07/07/2008|14:10] C:\Program Files\Fichiers communs\muvee Technologies [21/06/2008|22:16] C:\Program Files\Fichiers communs\ODBC [22/03/2009|18:57] C:\Program Files\Fichiers communs\PC Tools [21/06/2008|20:22] C:\Program Files\Fichiers communs\Services [10/02/2009|11:51] C:\Program Files\Fichiers communs\Skype [21/06/2008|22:16] C:\Program Files\Fichiers communs\SpeechEngines [20/03/2009|18:01] C:\Program Files\Fichiers communs\Symantec Shared [01/01/2009|22:04] C:\Program Files\Fichiers communs\System [02/01/2009|13:34] C:\Program Files\Fichiers communs\Windows Live [22/06/2008|11:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller --------------------\\ Process ( 48 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\SESSIO~1\Cookies\session_1@advertising[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@casinoking-net[1].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 23:12:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... disk error: C:\WINDOWS\System32\ please note that you need administrator rights to perform deep scan --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:36][D:2]-> C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp [F:2570][D:0]-> C:\DOCUME~1\SESSIO~1\Cookies [F:4540][D:81]-> C:\DOCUME~1\SESSIO~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|23:27 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 24/03/2009|23:14 - Option : [2] --------------------\\ Fin du rapport a 23:14:00 Au passage, merci infiniment de m'aider =)
  10. Désespérée
    Search Navipromo version 3.7.6 commencé le 23/03/2009 à 22:51:39,25 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Session 1 ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:19 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:52 Go (Free:51 Go) E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go) Recherche executé en mode normal *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Session 1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Session 1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Session 1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Session 1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ikqceac"="\"c:\\documents and settings\\session 1\\local settings\\application data\\ikqceac.exe\" ikqceac" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Session 1\locals~1\applic~1" : ikqceac.exe trouvé ! ikqceac.dat trouvé ! ikqceac_nav.dat trouvé ! ikqceac_navps.dat trouvé ! 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 23/03/2009 à 23:08:15,90 *** Et --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Session 1 ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:19 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:52 Go (Free:51 Go) E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 23/03/2009|23:13 ) --------------------\\ Listing des dossiers dans APPLIC~1 [22/03/2009|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [20/03/2009|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [02/08/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative [19/03/2009|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [01/02/2009|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default [21/03/2009|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files [22/12/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [09/02/2009|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [21/02/2009|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [07/07/2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies [22/03/2009|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OFFICE One v7 [22/03/2009|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools [10/02/2009|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [23/03/2009|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [01/01/2009|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [02/01/2009|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller [02/01/2009|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [26/10/2008|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [21/06/2008|20:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [21/06/2008|20:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [21/06/2008|20:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [22/03/2009|18:14] C:\DOCUME~1\SESSIO~1\APPLIC~1\Adobe [04/11/2008|14:35] C:\DOCUME~1\SESSIO~1\APPLIC~1\ArcSoft [11/03/2009|21:00] C:\DOCUME~1\SESSIO~1\APPLIC~1\Creative [03/12/2008|19:50] C:\DOCUME~1\SESSIO~1\APPLIC~1\GetRightToGo [06/07/2008|18:50] C:\DOCUME~1\SESSIO~1\APPLIC~1\Google [24/06/2008|18:18] C:\DOCUME~1\SESSIO~1\APPLIC~1\gtk-2.0 [06/03/2009|18:30] C:\DOCUME~1\SESSIO~1\APPLIC~1\Help [21/06/2008|20:31] C:\DOCUME~1\SESSIO~1\APPLIC~1\Identities [07/07/2008|14:04] C:\DOCUME~1\SESSIO~1\APPLIC~1\InstallShield [13/02/2009|17:25] C:\DOCUME~1\SESSIO~1\APPLIC~1\LimeWire [01/02/2009|04:01] C:\DOCUME~1\SESSIO~1\APPLIC~1\longflagteam [29/12/2008|21:36] C:\DOCUME~1\SESSIO~1\APPLIC~1\Macromedia [18/03/2009|19:26] C:\DOCUME~1\SESSIO~1\APPLIC~1\Microsoft [27/07/2008|18:40] C:\DOCUME~1\SESSIO~1\APPLIC~1\mIRC [04/08/2008|22:57] C:\DOCUME~1\SESSIO~1\APPLIC~1\Mozilla [13/10/2008|18:08] C:\DOCUME~1\SESSIO~1\APPLIC~1\muvee Technologies [22/03/2009|18:14] C:\DOCUME~1\SESSIO~1\APPLIC~1\OFFICE One v7 [22/03/2009|18:54] C:\DOCUME~1\SESSIO~1\APPLIC~1\PC Tools [21/09/2008|15:47] C:\DOCUME~1\SESSIO~1\APPLIC~1\Samsung [07/08/2008|16:18] C:\DOCUME~1\SESSIO~1\APPLIC~1\Shareaza [23/03/2009|21:59] C:\DOCUME~1\SESSIO~1\APPLIC~1\Skype [23/03/2009|20:57] C:\DOCUME~1\SESSIO~1\APPLIC~1\skypePM [06/07/2008|18:49] C:\DOCUME~1\SESSIO~1\APPLIC~1\Sun [03/12/2008|19:41] C:\DOCUME~1\SESSIO~1\APPLIC~1\Ufasoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [23/03/2009 23:00][--ah-----] C:\WINDOWS\tasks\8154C92B81777D47.job [22/03/2009 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan for Session 1.job [23/03/2009 20:52][--ah-----] C:\WINDOWS\tasks\SA.DAT [24/08/2001 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( 8154C92B81777D47.job )=( c:\docume~1\sessio~1\applic~1\longfl~1\bowsoptionskip.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [29/11/2008|15:21] C:\Program Files\AbiSuite2 [22/03/2009|10:32] C:\Program Files\Adobe [21/06/2008|21:44] C:\Program Files\Alwil Software [02/01/2009|15:10] C:\Program Files\aMSN [03/11/2008|16:21] C:\Program Files\ArcSoft [20/03/2009|08:02] C:\Program Files\Avira [26/11/2008|14:24] C:\Program Files\AviSynth 2.5 [20/03/2009|17:10] C:\Program Files\AxBx [21/06/2008|20:33] C:\Program Files\Cegetel [20/03/2009|17:10] C:\Program Files\Circle Developement [21/06/2008|20:21] C:\Program Files\ComPlus Applications [02/08/2008|11:38] C:\Program Files\Creative [02/08/2008|11:38] C:\Program Files\Creative Installation Information [14/01/2009|14:30] C:\Program Files\Dictionnaire [18/03/2009|22:13] C:\Program Files\Dofus [08/01/2009|17:52] C:\Program Files\DVDVideoSoft [05/08/2008|15:20] C:\Program Files\Easy GIF Animator [05/08/2008|15:20] C:\Program Files\Easy Gif Animator Extension [26/11/2008|14:21] C:\Program Files\eRightSoft [22/03/2009|18:54] C:\Program Files\Fichiers communs [22/06/2008|12:01] C:\Program Files\GIMP-2.0 [19/03/2009|01:28] C:\Program Files\Google [22/12/2008|10:47] C:\Program Files\InstallShield Installation Information [21/02/2009|10:37] C:\Program Files\Internet Explorer [22/03/2009|10:13] C:\Program Files\Java [22/12/2008|10:34] C:\Program Files\Lavalys [17/10/2008|16:48] C:\Program Files\LimeWire [08/11/2008|19:38] C:\Program Files\Logitech [01/02/2009|04:00] C:\Program Files\longflagteam [22/12/2008|10:17] C:\Program Files\ma-config.com [08/02/2009|09:36] C:\Program Files\Messenger Plus! Live [28/07/2008|21:00] C:\Program Files\Metin2_France [02/01/2009|13:42] C:\Program Files\Microsoft [21/06/2008|20:25] C:\Program Files\microsoft frontpage [11/03/2009|15:58] C:\Program Files\Microsoft Silverlight [21/02/2009|10:35] C:\Program Files\Microsoft SQL Server Compact Edition [21/02/2009|10:36] C:\Program Files\Microsoft Sync Framework [01/01/2009|22:07] C:\Program Files\Movie Maker [02/09/2008|11:20] C:\Program Files\Mozilla Firefox [22/03/2009|10:23] C:\Program Files\MSBuild [02/01/2009|14:28] C:\Program Files\MSECACHE [26/06/2008|18:10] C:\Program Files\MSN [21/06/2008|20:21] C:\Program Files\MSN Gaming Zone [04/10/2008|02:00] C:\Program Files\MSXML 4.0 [07/07/2008|14:10] C:\Program Files\muvee Technologies [23/03/2009|23:08] C:\Program Files\Navilog1 [01/01/2009|22:04] C:\Program Files\NetMeeting [21/03/2009|19:14] C:\Program Files\Norton Internet Security [20/03/2009|18:00] C:\Program Files\Norton Security Scan [22/03/2009|10:11] C:\Program Files\OFFICE One 7.0 [22/03/2009|10:30] C:\Program Files\OFFICE One v7 [21/06/2008|20:21] C:\Program Files\Online Services [01/01/2009|22:04] C:\Program Files\Outlook Express [22/06/2008|11:49] C:\Program Files\PhotoFiltre [02/09/2008|18:04] C:\Program Files\PhotoScape [22/03/2009|10:16] C:\Program Files\Reference Assemblies [21/06/2008|20:34] C:\Program Files\SAGEM [21/09/2008|15:41] C:\Program Files\Samsung [22/06/2008|12:21] C:\Program Files\Seagrand [21/06/2008|20:23] C:\Program Files\Services en ligne [09/02/2009|15:39] C:\Program Files\SFR [07/08/2008|16:18] C:\Program Files\Shareaza [07/07/2008|14:03] C:\Program Files\SightSpeed [10/02/2009|11:51] C:\Program Files\Skype [23/03/2009|21:59] C:\Program Files\Spyware Doctor [03/12/2008|19:40] C:\Program Files\Ufasoft [21/06/2008|20:31] C:\Program Files\Uninstall Information [22/12/2008|10:47] C:\Program Files\VIA [18/03/2009|17:45] C:\Program Files\Wakfu [02/01/2009|14:28] C:\Program Files\Windows Installer Clean Up [21/02/2009|10:43] C:\Program Files\Windows Live [02/01/2009|13:41] C:\Program Files\Windows Live SkyDrive [01/01/2009|22:07] C:\Program Files\Windows Media Player [01/01/2009|22:04] C:\Program Files\Windows NT [21/06/2008|20:23] C:\Program Files\WindowsUpdate [08/09/2008|19:46] C:\Program Files\World of Warcraft Trial [21/06/2008|20:25] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [22/03/2009|10:32] C:\Program Files\Fichiers communs\Adobe [03/11/2008|16:21] C:\Program Files\Fichiers communs\ArcSoft [28/07/2008|21:14] C:\Program Files\Fichiers communs\Blizzard Entertainment [02/08/2008|11:36] C:\Program Files\Fichiers communs\Creative [08/01/2009|17:52] C:\Program Files\Fichiers communs\DVDVideoSoft [22/12/2008|10:45] C:\Program Files\Fichiers communs\InstallShield [06/07/2008|18:46] C:\Program Files\Fichiers communs\Java [02/01/2009|13:42] C:\Program Files\Fichiers communs\Microsoft Shared [21/06/2008|20:22] C:\Program Files\Fichiers communs\MSSoap [07/07/2008|14:10] C:\Program Files\Fichiers communs\muvee Technologies [21/06/2008|22:16] C:\Program Files\Fichiers communs\ODBC [22/03/2009|18:57] C:\Program Files\Fichiers communs\PC Tools [21/06/2008|20:22] C:\Program Files\Fichiers communs\Services [10/02/2009|11:51] C:\Program Files\Fichiers communs\Skype [21/06/2008|22:16] C:\Program Files\Fichiers communs\SpeechEngines [20/03/2009|18:01] C:\Program Files\Fichiers communs\Symantec Shared [01/01/2009|22:04] C:\Program Files\Fichiers communs\System [02/01/2009|13:34] C:\Program Files\Fichiers communs\Windows Live [22/06/2008|11:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller --------------------\\ Process ( 50 Processes ) iexplore.exe ~ [PID:1888] --------------------\\ Recherche avec S_Lop C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\bis20.exe --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\4 second.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\4 second.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\Mp3 skip.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1 C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\bhtomhqh.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\bows option skip.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\dzxyzpue.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\fuyjmeab.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\jargcryt.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\LicenseBlueSoftFirst.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\mpznbiyi.exe C:\DOCUME~1\SESSIO~1\APPLIC~1\longfl~1\wcsebewi.exe C:\Program Files\longfl~1 C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\msgpl_9864.exe C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nscC.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nsd34.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nse166.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nsf158.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nsh15.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nsh3E.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\nsj51.tmp C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\NSSstub.txt C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\sta1FC.exe C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\sta2.exe C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\sta21A.exe C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\staA0.exe C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\staBE.exe C:\Program Files\Circle Developement C:\DOCUME~1\SESSIO~1\Cookies\session_1@advertstream[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@d2.advertserve[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@advertising[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@ero-advertising[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@adin.bigpoint[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@bigpoint[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.darkorbit.bigpoint[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.seafight.bigpoint[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.xblaster.bigpoint[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr1.seafight.bigpoint[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@casinoking-net[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@banner.cotedazurpalace[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@cotedazurpalace[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@www.cotedazurpalace[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@adopt.euroclick[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@pacificpoker[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@partypoker[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr.seafight.bigpoint[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@fr1.seafight.bigpoint[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@lasvegascasino-web[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@2xmoinscher[1].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@www.2xmoinscher[2].txt C:\DOCUME~1\SESSIO~1\Cookies\session_1@888[2].txt C:\WINDOWS\Tasks\8154C92B81777D47.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "love bore"="C:\\DOCUME~1\\SESSIO~1\\APPLIC~1\\LONGFL~1\\FIND TWO.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Love default global mess"="C:\\Documents and Settings\\All Users\\Application Data\\great coal love default\\4 second.exe" --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 23:22:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 1 --------------------\\ Recherche d'autres infections C:\DOCUME~1\SESSIO~1\LOCALS~1\APPLIC~1\ikqceac.dat C:\DOCUME~1\SESSIO~1\LOCALS~1\APPLIC~1\ikqceac.exe C:\DOCUME~1\SESSIO~1\LOCALS~1\APPLIC~1\ikqceac_nav.dat C:\DOCUME~1\SESSIO~1\LOCALS~1\APPLIC~1\ikqceac_navps.dat ==> EGDACCESS <== [F:2143][D:168]-> C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp [F:2564][D:0]-> C:\DOCUME~1\SESSIO~1\Cookies [F:3071][D:81]-> C:\DOCUME~1\SESSIO~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|23:27 - Option : [1] --------------------\\ Fin du rapport a 23:27:53
  11. Désespérée
    Je précise que je ne me sers pas de cet ordinateur. Sinon, voila (en espérant que ce soit ce qui est demandé): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:34:26, on 23/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\fxsteller.exe C:\WINDOWS\Temp\minisvr4.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system\servicers.exe C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Skype\Phone\Skype.exe C:\documents and settings\session 1\local settings\application data\ikqceac.exe C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\Session 1\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.170:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {590d0ec0-9213-49e8-8901-9dd65b58adea} - C:\WINDOWS\system32\vujikuro.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: {52654c17-4a21-35eb-11b4-631fa235cc57} - {75cc532a-f136-4b11-be53-12a471c45625} - C:\WINDOWS\system32\oazzys.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\4 second.exe O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe O4 - HKLM\..\Run: [Oserefed] rundll32.exe "C:\WINDOWS\Ntofi.dll",e O4 - HKLM\..\Run: [hitutajula] Rundll32.exe "C:\WINDOWS\system32\babopeni.dll",s O4 - HKLM\..\Run: [Microsoft Update] SVCHOSTS.EXE O4 - HKLM\..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe O4 - HKLM\..\Run: [Java Load] C:\WINDOWS\Temp\minisvr4.exe O4 - HKLM\..\Run: [Application Layer Gateway Services] C:\WINDOWS\system32\wuauclt.exe O4 - HKLM\..\Run: [Windows Upgrate Utility] C:\WINDOWS\system32\winulty.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [services] C:\WINDOWS\system\servicers.exe O4 - HKLM\..\Run: [4c37daac] rundll32.exe "C:\WINDOWS\system32\gudiyibe.dll",b O4 - HKLM\..\Run: [CPM4f04e930] Rundll32.exe "c:\windows\system32\vasidifu.dll",a O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [love bore] C:\DOCUME~1\SESSIO~1\APPLIC~1\LONGFL~1\FIND TWO.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [server] C:\RECYCLER\S-1-5-21-5626138465-2572054573-490773595-4631\hod.exe O4 - HKCU\..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe O4 - HKCU\..\Run: [ikqceac] "c:\documents and settings\session 1\local settings\application data\ikqceac.exe" ikqceac O4 - HKUS\S-1-5-19\..\Run: [hitutajula] Rundll32.exe "C:\WINDOWS\system32\babopeni.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [hitutajula] Rundll32.exe "C:\WINDOWS\system32\babopeni.dll",s (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Java Syncro] C:\WINDOWS\TEMP\zchMiB.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Java Syncro] C:\WINDOWS\TEMP\zchMiB.exe (User 'Default user') O4 - S-1-5-18 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Session 1\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\fodedozu.dll c:\windows\system32\desoyahi.dll oazzys.dll c:\windows\system32\vasidifu.dll O20 - Winlogon Notify: __c003303A - C:\WINDOWS\system32\__c003303A.dat (file missing) O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\desoyahi.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\desoyahi.dll O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 13592 bytes
  12. Désespérée
    Bonsoir, je ne sais pas si je poste là ou il le faut mais je poste quand même. Voila, depuis quelques jours, j'ai le virus "ahah foto ? *lien*" sur mon ordinateur. J'avais Avast, que j'ai désinstallé qui ne trouvait rien, MsnFix ne trouvant rien non plus, j'ai récupéré Antivir qui a fait planté totalement l'ordinateur, trouvant des infections partout et ouvrant des fenêtres sans arrêt. Voyant le massacre, j'ai voulu désinstaller antivir, seulement, impossible de le désinstaller, je ne peux plus ouvrir mon gestionnaire de tâches, et je ne peux pas le del en passant par le panneau de configuration.. Un message d'erreur apparaît : "Impossible de supprimer mfc71u.fll : accès redusé Vérifiez que le disque n'est pas plein ou protégé en écriture, et que le fichier n'est pas utilisé actuellement" Je commence à m'arracher les cheveux ^^' Maintenant, je ne peux même plus ouvrir de fenêtre internet, et j'ai un message "d'alerte" en guise de bureau. Donc, si quelqu'un avait la gentillesse de m'apporter un peu d'aide, je la prendrais avec grand plaisir. [Au passage, je suis une vraie cruche en informatique ><"]
×
×
  • Créer...