infecté(résolu)

[xbob]

encore quelques problemes!a chaque ouverture de mon ordi il y a un bouclier rouge dans le bas de l ecran a droit qui dit que mes mise a jour automatique de mon ordi ne sont pas activé.meme si je vais changer le mode de mise a jour dans panneau de configuration ca ne change rien,a chaque ouverture il y a toujours le bouclier qui apparait.j ai aussi un probleme de pop pup,a chaque jour mon scan ewido en trouve au moin 10.

[angelique]

encore quelques problemes!a chaque ouverture de mon ordi il y a un bouclier rouge dans le bas de l ecran a droit qui dit que mes mise a jour automatique de mon ordi ne sont pas activé.meme si je vais changer le mode de mise a jour dans panneau de configuration ca ne change rien

 

le bouclier rouge c'est le centre de securité qui sert à rien , donc tu vas via executer---- services.msc

double cliquer sur chacune des lignes de service ci dessous, choisir "type de demarrage" désactiver pour le centre de securité et automatique pour mise à jour... et appliquer:

 

Centre de sécurité << type de demarrage desactivé\appliquer

Mises à jour automatiques << type de démarrage automatique\appliquer

 

• désactive temporairement antivir via le parapluie à coté de l'horloge, clic droit et decoche "antivir guard enable"

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.Ne touche à rien pendant le scan jusqu'à l'apparition du rapport

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

[xbob]

Merci le bouclier a disparue!mais j ai un brobleme j avais downloadé combofix a partir de ton lien sur mon bureau,je l es demaré plusieur foix mais il restais figé sur son ecran bleu de départ,rien n apparaissais.je l ai suprimé et ensuite downloadé apartir directement de bleeping computer.com mais toujours rien ne veut démaré.

[angelique]

• tu as bien desactivé antivir comme je t'ai dis??

 

• tu le retelecharges et quand il te demande de l'enregistrer sur ton bureau!! , tu le renommes par Combo-Fix

 

• Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

 

effectue le scan de Combo-Fix en mode sans echec dans ce cas

[xbob]

ComboFix 08-05-20.4 - Propriétaire 2008-05-20 22:05:03.2 - FAT32x86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.361 [GMT -4:00]

Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\Propriétaire\Application Data\inst.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\bfbljbfc.ini

C:\WINDOWS\system32\eimyfpei.ini

C:\WINDOWS\system32\geBuSkHW.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mlJAsRHX.dll

C:\WINDOWS\system32\ourmppqb.ini

C:\WINDOWS\system32\rqRKcyAT.dll

C:\WINDOWS\system32\shlqcyih.ini

C:\WINDOWS\system32\WHkSuBeg.ini

C:\WINDOWS\system32\WHkSuBeg.ini2

C:\WINDOWS\system32\ykiqtccr.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-20 21:22 . 2008-05-20 21:22 294 ---hs---- C:\WINDOWS\system32\bfbljbfc.ini

2008-05-20 19:54 . 2008-05-20 19:54 0 --a------ C:\WINDOWS\Irremote.ini

2008-05-20 19:36 . 2008-05-20 19:36 <REP> d-------- C:\Documents and Settings\propriã©taire

2008-05-20 19:35 . 2008-05-20 19:35 <REP> d-------- C:\Documents and Settings\propri??taire

2008-05-20 17:22 . 2008-05-20 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-05-20 16:46 . 2008-05-20 16:46 91,328 --a------ C:\WINDOWS\system32\cfbjlbfb.dll

2008-05-19 23:01 . 2008-05-19 23:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Nero

2008-05-19 22:49 . 2008-05-19 22:49 <REP> d-------- C:\Program Files\Fichiers communs\Nero

2008-05-18 09:59 . 2008-05-18 09:59 <REP> d-------- C:\Program Files\Atlantis3D

2008-05-18 00:48 . 2008-05-18 00:48 <REP> d-------- C:\Program Files\DVDFab 5

2008-05-16 16:52 . 2008-05-16 17:34 2,496 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-16 16:51 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-05-16 16:51 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-16 16:51 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-05-16 16:51 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-16 16:51 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-05-16 16:51 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-16 16:51 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-16 12:23 . 2008-05-16 12:24 <REP> d-------- C:\VundoFix Backups

2008-05-16 12:10 . 2008-05-16 12:10 <REP> d--hs---- C:\FOUND.003

2008-05-14 23:05 . 2008-05-14 23:05 <REP> d-------- C:\Program Files\Navilog1

2008-05-14 17:04 . 2008-05-14 17:04 <REP> d--hs---- C:\FOUND.002

2008-05-14 02:25 . 2008-05-14 02:25 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons

2008-05-11 23:39 . 2008-05-11 23:39 244 --ah----- C:\sqmnoopt12.sqm

2008-05-11 23:39 . 2008-05-11 23:39 232 --ah----- C:\sqmdata12.sqm

2008-05-11 20:26 . 2008-05-11 20:26 244 --ah----- C:\sqmnoopt11.sqm

2008-05-11 20:26 . 2008-05-11 20:26 232 --ah----- C:\sqmdata11.sqm

2008-05-11 09:53 . 2008-05-11 09:53 244 --ah----- C:\sqmnoopt10.sqm

2008-05-11 09:53 . 2008-05-11 09:53 232 --ah----- C:\sqmdata10.sqm

2008-05-11 09:40 . 2008-05-11 09:40 244 --ah----- C:\sqmnoopt09.sqm

2008-05-11 09:40 . 2008-05-11 09:40 232 --ah----- C:\sqmdata09.sqm

2008-05-10 23:46 . 2008-05-10 23:46 244 --ah----- C:\sqmnoopt08.sqm

2008-05-10 23:46 . 2008-05-10 23:46 232 --ah----- C:\sqmdata08.sqm

2008-05-10 19:18 . 2008-05-10 19:18 244 --ah----- C:\sqmnoopt07.sqm

2008-05-10 19:18 . 2008-05-10 19:18 232 --ah----- C:\sqmdata07.sqm

2008-05-10 14:44 . 2008-05-10 14:44 244 --ah----- C:\sqmnoopt06.sqm

2008-05-10 14:44 . 2008-05-10 14:44 232 --ah----- C:\sqmdata06.sqm

2008-05-10 02:48 . 2008-05-10 02:48 244 --ah----- C:\sqmnoopt05.sqm

2008-05-10 02:48 . 2008-05-10 02:48 232 --ah----- C:\sqmdata05.sqm

2008-05-09 18:10 . 2008-05-09 18:10 244 --ah----- C:\sqmnoopt04.sqm

2008-05-09 18:10 . 2008-05-09 18:10 232 --ah----- C:\sqmdata04.sqm

2008-05-04 23:41 . 2005-09-21 18:08 290,816 --a------ C:\WINDOWS\system32\ATWTUSB.EXE

2008-05-04 12:56 . 2008-05-04 12:56 <REP> d-------- C:\Program Files\Toon Boom Animation

2008-05-04 10:29 . 2008-05-04 10:29 <REP> d-------- C:\Program Files\VSO

2008-05-04 10:29 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-05-04 10:29 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-05-04 10:29 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-05-04 10:29 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-05-04 01:02 . 2008-05-04 01:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0

2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails

2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails

2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4

2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4

2008-05-04 00:42 . 2008-05-04 00:42 16,865,248 --a------ C:\Program Files\gimp-2.4.4-i686-setup.exe

2008-05-01 20:31 . 2008-05-01 20:31 <REP> d--hs---- C:\FOUND.001

2008-04-29 18:16 . 2008-04-29 18:16 <REP> d--h----- C:\WINDOWS\PIF

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 04:49 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys

2008-05-18 04:49 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys

2008-04-09 23:55 --------- d-----w C:\Program Files\Bonjour

2008-04-09 23:54 --------- d-----w C:\Program Files\QuickTime

2008-04-08 01:36 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-08 01:35 --------- d-----w C:\Program Files\Windows Live

2008-04-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-24 06:10 1,800,920 ----a-w C:\Program Files\Paint.NET.3.20.SkyOrb.exe

2007-12-24 05:54 9,439,584 ----a-w C:\Program Files\tuxpaint-0.9.18-win32-installer.exe

2007-11-13 05:10 927,779 ----a-w C:\Program Files\SetupXnBeep.exe

2007-10-16 17:35 87,608 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe

2007-09-09 21:09 1,959,112 ----a-w C:\Program Files\FLVPlayerSetup.exe

2007-09-09 20:45 883,808 ----a-w C:\Program Files\Google_Updater.exe

2007-09-08 22:50 43,423,968 ----a-w C:\Program Files\PalmDesktopWin414e.zip

2007-09-07 00:18 6,801,128 ----a-w C:\Program Files\wmcsetup.exe

2007-09-06 23:22 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe

2007-09-04 14:28 26,730,808 ----a-w C:\Program Files\musicmatch-jukebox_musicmatch_jukebox_10.0.4033_anglais_10317.exe

2007-09-02 17:31 17,733,474 ----a-w C:\Program Files\RCALyraTrayAppInstall_v1035a.exe

2007-08-22 13:53 2,624,373 ----a-w C:\Program Files\XnView-win-fr.exe

2007-08-22 13:36 7,494 ----a-w C:\Program Files\Image_Converter_Plus_[demo]_v4.00_by_TNT.zip

2007-08-22 13:21 5,053,286 ----a-w C:\Program Files\converter.exe

2007-05-13 19:22 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe

2007-04-10 00:22 696,814 ----a-w C:\Program Files\uTorrent-1.6.1-install.exe

2007-03-20 00:44 10,420,936 ----a-w C:\Program Files\xlviewer.exe

2007-03-05 05:15 1,367,553 ----a-w C:\Program Files\mirc621.exe

2007-02-25 01:23 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

2007-02-22 08:17 7,564,315 ----a-w C:\Program Files\ezcddax10.exe

2007-02-22 08:03 6,710,040 ----a-w C:\Program Files\smart-audio-converter-pro-setup.exe

2007-01-25 21:58 17,741,094 ----a-w C:\Program Files\VideoConvertMaster_Fr.exe

2007-01-20 15:17 27,100,264 ----a-w C:\Program Files\PowerPointViewer.exe

2007-01-19 19:44 5,646,848 ----a-w C:\Program Files\PC Camer@.msi

2007-01-19 19:44 31,232 ----a-w C:\Program Files\1036.MST

2007-01-19 19:43 5,481 ----a-w C:\Program Files\0x040c.ini

2007-03-30 01:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-03-30 01:40 56 --sh--r C:\WINDOWS\system32\D270FADD90.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-24 18:27 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-24 18:27 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-24 18:27 114688]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-24 18:44 1404928]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 15:13 262401]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 22:00 98304]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184]

"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE]

"4353f526"="C:\WINDOWS\system32\cfbjlbfb.dll" [2008-05-20 16:46 91328]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:54 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk

backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk

backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk]

path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk

backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 04:54 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 10:54 262210 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

C:\Program Files\Logitech\Video\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

C:\Program Files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Program Files\Logitech\Video\InstallHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]

--a------ 2004-03-31 10:01 286720 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR]

C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]

C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

R1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]

S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]

S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11]

S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4822d6f1-3f41-11da-aa43-806d6172696f}]

\Shell\AutoRun\command - E:\UIU.EXE

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-21 01:58:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-05-21 01:13:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-05-19 21:42:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-20 22:07:05

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-05-20 22:07:29

ComboFix-quarantined-files.txt 2008-05-21 02:07:28

 

Pre-Run: 36,255,137,792 octets libres

Post-Run: 36,243,931,136 octets libres

 

252 --- E O F --- 2008-05-21 01:25:38

[angelique]

effectivement une petite merde à trainer!!

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\bfbljbfc.ini
C:\WINDOWS\system32\cfbjlbfb.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4353f526"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4822d6f1-3f41-11da-aa43-806d6172696f}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant: CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[xbob]

ComboFix 08-05-20.4 - Propriétaire 2008-05-22 10:31:31.3 - FAT32x86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.360 [GMT -4:00]

Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\bfbljbfc.ini

C:\WINDOWS\system32\cfbjlbfb.dll

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\VundoFix Backups

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\bfbljbfc.ini

C:\WINDOWS\system32\cfbjlbfb.dll

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-20 23:25 . 2008-05-20 23:25 <REP> d--hs---- C:\FOUND.004

2008-05-20 19:54 . 2008-05-20 19:54 0 --a------ C:\WINDOWS\Irremote.ini

2008-05-20 19:36 . 2008-05-20 19:36 <REP> d-------- C:\Documents and Settings\propriã©taire

2008-05-20 19:35 . 2008-05-20 19:35 <REP> d-------- C:\Documents and Settings\propri??taire

2008-05-20 17:22 . 2008-05-20 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-05-19 23:01 . 2008-05-19 23:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Nero

2008-05-19 22:49 . 2008-05-19 22:49 <REP> d-------- C:\Program Files\Fichiers communs\Nero

2008-05-18 09:59 . 2008-05-18 09:59 <REP> d-------- C:\Program Files\Atlantis3D

2008-05-18 00:48 . 2008-05-18 00:48 <REP> d-------- C:\Program Files\DVDFab 5

2008-05-16 16:52 . 2008-05-16 17:34 2,496 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-16 12:10 . 2008-05-16 12:10 <REP> d--hs---- C:\FOUND.003

2008-05-14 23:05 . 2008-05-14 23:05 <REP> d-------- C:\Program Files\Navilog1

2008-05-14 17:04 . 2008-05-14 17:04 <REP> d--hs---- C:\FOUND.002

2008-05-14 02:25 . 2008-05-14 02:25 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons

2008-05-11 23:39 . 2008-05-11 23:39 244 --ah----- C:\sqmnoopt12.sqm

2008-05-11 23:39 . 2008-05-11 23:39 232 --ah----- C:\sqmdata12.sqm

2008-05-11 20:26 . 2008-05-11 20:26 244 --ah----- C:\sqmnoopt11.sqm

2008-05-11 20:26 . 2008-05-11 20:26 232 --ah----- C:\sqmdata11.sqm

2008-05-11 09:53 . 2008-05-11 09:53 244 --ah----- C:\sqmnoopt10.sqm

2008-05-11 09:53 . 2008-05-11 09:53 232 --ah----- C:\sqmdata10.sqm

2008-05-11 09:40 . 2008-05-11 09:40 244 --ah----- C:\sqmnoopt09.sqm

2008-05-11 09:40 . 2008-05-11 09:40 232 --ah----- C:\sqmdata09.sqm

2008-05-10 23:46 . 2008-05-10 23:46 244 --ah----- C:\sqmnoopt08.sqm

2008-05-10 23:46 . 2008-05-10 23:46 232 --ah----- C:\sqmdata08.sqm

2008-05-10 19:18 . 2008-05-10 19:18 244 --ah----- C:\sqmnoopt07.sqm

2008-05-10 19:18 . 2008-05-10 19:18 232 --ah----- C:\sqmdata07.sqm

2008-05-10 14:44 . 2008-05-10 14:44 244 --ah----- C:\sqmnoopt06.sqm

2008-05-10 14:44 . 2008-05-10 14:44 232 --ah----- C:\sqmdata06.sqm

2008-05-10 02:48 . 2008-05-10 02:48 244 --ah----- C:\sqmnoopt05.sqm

2008-05-10 02:48 . 2008-05-10 02:48 232 --ah----- C:\sqmdata05.sqm

2008-05-09 18:10 . 2008-05-09 18:10 244 --ah----- C:\sqmnoopt04.sqm

2008-05-09 18:10 . 2008-05-09 18:10 232 --ah----- C:\sqmdata04.sqm

2008-05-04 23:41 . 2005-09-21 18:08 290,816 --a------ C:\WINDOWS\system32\ATWTUSB.EXE

2008-05-04 12:56 . 2008-05-04 12:56 <REP> d-------- C:\Program Files\Toon Boom Animation

2008-05-04 10:29 . 2008-05-04 10:29 <REP> d-------- C:\Program Files\VSO

2008-05-04 10:29 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-05-04 10:29 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-05-04 10:29 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-05-04 10:29 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-05-04 01:02 . 2008-05-04 01:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0

2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails

2008-05-04 01:00 . 2008-05-04 01:00 <REP> d-------- C:\Documents and Settings\Propriétaire\.thumbnails

2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4

2008-05-04 00:45 . 2008-05-04 00:45 <REP> d-------- C:\Documents and Settings\Propriétaire\.gimp-2.4

2008-05-04 00:42 . 2008-05-04 00:42 16,865,248 --a------ C:\Program Files\gimp-2.4.4-i686-setup.exe

2008-05-01 20:31 . 2008-05-01 20:31 <REP> d--hs---- C:\FOUND.001

2008-04-29 18:16 . 2008-04-29 18:16 <REP> d--h----- C:\WINDOWS\PIF

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 04:49 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys

2008-05-18 04:49 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys

2008-04-09 23:55 --------- d-----w C:\Program Files\Bonjour

2008-04-09 23:54 --------- d-----w C:\Program Files\QuickTime

2008-04-08 01:36 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-08 01:35 --------- d-----w C:\Program Files\Windows Live

2008-04-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-24 06:10 1,800,920 ----a-w C:\Program Files\Paint.NET.3.20.SkyOrb.exe

2007-12-24 05:54 9,439,584 ----a-w C:\Program Files\tuxpaint-0.9.18-win32-installer.exe

2007-11-13 05:10 927,779 ----a-w C:\Program Files\SetupXnBeep.exe

2007-10-16 17:35 87,608 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe

2007-09-09 21:09 1,959,112 ----a-w C:\Program Files\FLVPlayerSetup.exe

2007-09-09 20:45 883,808 ----a-w C:\Program Files\Google_Updater.exe

2007-09-08 22:50 43,423,968 ----a-w C:\Program Files\PalmDesktopWin414e.zip

2007-09-07 00:18 6,801,128 ----a-w C:\Program Files\wmcsetup.exe

2007-09-06 23:22 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe

2007-09-04 14:28 26,730,808 ----a-w C:\Program Files\musicmatch-jukebox_musicmatch_jukebox_10.0.4033_anglais_10317.exe

2007-09-02 17:31 17,733,474 ----a-w C:\Program Files\RCALyraTrayAppInstall_v1035a.exe

2007-08-22 13:53 2,624,373 ----a-w C:\Program Files\XnView-win-fr.exe

2007-08-22 13:36 7,494 ----a-w C:\Program Files\Image_Converter_Plus_[demo]_v4.00_by_TNT.zip

2007-08-22 13:21 5,053,286 ----a-w C:\Program Files\converter.exe

2007-05-13 19:22 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe

2007-04-10 00:22 696,814 ----a-w C:\Program Files\uTorrent-1.6.1-install.exe

2007-03-20 00:44 10,420,936 ----a-w C:\Program Files\xlviewer.exe

2007-03-05 05:15 1,367,553 ----a-w C:\Program Files\mirc621.exe

2007-02-25 01:23 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

2007-02-22 08:17 7,564,315 ----a-w C:\Program Files\ezcddax10.exe

2007-02-22 08:03 6,710,040 ----a-w C:\Program Files\smart-audio-converter-pro-setup.exe

2007-01-25 21:58 17,741,094 ----a-w C:\Program Files\VideoConvertMaster_Fr.exe

2007-01-20 15:17 27,100,264 ----a-w C:\Program Files\PowerPointViewer.exe

2007-01-19 19:44 5,646,848 ----a-w C:\Program Files\PC Camer@.msi

2007-01-19 19:44 31,232 ----a-w C:\Program Files\1036.MST

2007-01-19 19:43 5,481 ----a-w C:\Program Files\0x040c.ini

2007-03-30 01:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-03-30 01:40 56 --sh--r C:\WINDOWS\system32\D270FADD90.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-20_22.07.19.84 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-21 01:55:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-22 14:30:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-24 18:27 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-24 18:27 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-24 18:27 114688]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-24 18:44 1404928]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 15:13 262401]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 22:00 98304]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 13:04 221184]

"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:54 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk

backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk

backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk]

path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk

backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 04:54 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 10:54 262210 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

C:\Program Files\Logitech\Video\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

C:\Program Files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Program Files\Logitech\Video\InstallHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]

--a------ 2004-03-31 10:01 286720 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR]

C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]

C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

R1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]

S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]

S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 13:11]

S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-22 14:33:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-05-22 14:13:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-05-19 21:42:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 10:33:34

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-05-22 10:33:58

ComboFix-quarantined-files.txt 2008-05-22 14:33:56

ComboFix2.txt 2008-05-21 02:07:30

 

Pre-Run: 36,114,169,856 octets libres

Post-Run: 36,104,273,920 octets libres

 

253 --- E O F --- 2008-05-21 06:28:52

[angelique]

ce que j'adore c'est que j'ai pas de commentaire de ta part sur le fonctionnement de ton pc depuis ton 1er message!

 

• desinstalle ComboFix en copiant_collant la ligne ci dessous ds executer et valide:

 

ComboFix /u

 

supprimme si existant c:\qoobox, c:\bug ,c:\combofix

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

• reposte un nouveau rapport HJT et colle un nouveau rapport antivir que tu possedes

[xbob]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:42:41, on 2008-05-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\vVX3000.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\palmOne\FireConverterBrowserHelperObject.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

 

--

End of file - 8324 bytes

 

 

 

 

 

 

Avira AntiVir Personal

Report file date: 22 mai 2008 21:43

 

Scanning for 1283461 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: CLIENT-A3C075D7

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-15 19:13:50

AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-15 19:13:50

LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-15 19:13:50

LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-15 19:13:50

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:03:48

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:06:26

ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 19:06:50

ANTIVIR3.VDF : 7.0.4.79 119296 Bytes 2008-05-22 19:00:40

Engineversion : 8.1.0.46

AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-15 19:13:50

AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-15 21:19:44

AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-15 21:19:44

AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-25 19:02:10

AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-15 21:19:44

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-18 19:06:40

AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-15 21:19:42

AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-18 19:06:36

AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-15 21:19:40

AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-07 19:00:54

AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-15 21:19:40

AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-15 19:13:50

AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-15 19:13:50

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-22 06:56:26

AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-15 19:13:50

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-15 19:13:50

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-15 19:13:50

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-15 19:13:50

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-15 19:13:50

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-15 19:13:50

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-15 19:13:48

RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-15 19:13:50

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 22 mai 2008 21:43

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'HijackThis.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'utorrent.exe' - '1' Module(s) have been scanned

Scan process 'ALG.EXE' - '1' Module(s) have been scanned

Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned

Scan process 'WMPNETWK.EXE' - '1' Module(s) have been scanned

Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned

Scan process 'NBService.exe' - '1' Module(s) have been scanned

Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned

Scan process 'SCHED.EXE' - '1' Module(s) have been scanned

Scan process 'TBLMOUSE.EXE' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'atwtusb.exe' - '1' Module(s) have been scanned

Scan process 'vVX3000.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'E_FATIACA.EXE' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned

Scan process 'SMAX4PNP.EXE' - '1' Module(s) have been scanned

Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned

Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned

Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

48 processes with 48 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '27' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <SYSTEM>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DONNEES>

 

 

End of the scan: 22 mai 2008 22:05

Used time: 22:15 min

 

The scan has been done completely.

 

9264 Scanning directories

162757 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

162757 Files not concerned

2050 Archives were scanned

1 Warnings

0 Notes

 

merci mon ordi va #1

[angelique]

c'est ok.

 

Pense à utiliser l'onglet "editer" sous ton 1er message et rajoute [resolu] dans le titre.

 

@+