Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection par TR/Crypt.XPACK.Gen

cof336

Par cof336
dans Analyses et éradication malwares

 Partager

Messages recommandés

cof336 Junior Member

cof336

Posté(e)
Posté(e)

Bonjour,

 

L'ordi de ma femme est infecté par TR/Crypt.XPACK.Gen.

Son internet est super lent avec ouverture de fenetres intempestives.

Le rapport de HiJackThis est le suivant

Quelqu'un peut il m'aider?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:17:39, on 25/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\wa6pcw.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

c:\program files\avira\antivir personaledition classic\avcenter.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\wa6pcw.exe" -c

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

O4 - HKLM\..\Run: [itsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"

O4 - HKLM\..\Run: [5a3771cf] rundll32.exe "C:\WINDOWS\system32\ekbvpqgl.dll",b

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [bM59044253] Rundll32.exe "C:\WINDOWS\system32\mflttibe.dll",s

O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Perfect Codec\isamonitor.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?68e7b08059bd46649ca4091ff81ba729

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?68e7b08059bd46649ca4091ff81ba729

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.windowsupdate.microsoft.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)

O22 - SharedTaskScheduler: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

 

--

End of file - 10390 bytes

 

Merci

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• HijackThis est mal plaçé!!!

creer un nouveau dossier en c:\ nommé HJT

telecharger HijackThis.exe dans ce nouveau dossier crée::

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

 

la lancer, Choisis l'option "Do a system scan only" , coche uniquement les lignes ci dessous et clic fixchecked:

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\wa6pcw.exe" -c

O4 - HKLM\..\Run: [5a3771cf] rundll32.exe "C:\WINDOWS\system32\ekbvpqgl.dll",b

O4 - HKLM\..\Run: [bM59044253] Rundll32.exe "C:\WINDOWS\system32\mflttibe.dll",s

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Perfect Codec\isamonitor.exe

O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

 

===> clic fixchecked.

 

• desactive temporairement antivir sinon il va gener dans la desinfection, clic droit sur le parapluie dans le systray à coté de l'horloge , decoche <antivir guard enable>

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\icpldrvx.exe
C:\WINDOWS\system32\ekbvpqgl.dll
C:\WINDOWS\system32\mflttibe.dll

Folder::
C:\Program Files\Perfect Codec
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

cof336 Junior Member

cof336

Posté(e)
  • Auteur
Posté(e)

Merci pour une reponse si rapide voila le rapport de combofix

 

ComboFix 08-05-25.3 - sophie chebassier 2008-05-25 23:45:43.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.541 [GMT 2:00]

Endroit: C:\Documents and Settings\sophie chebassier\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\sophie chebassier\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\ekbvpqgl.dll

C:\WINDOWS\system32\icpldrvx.exe

C:\WINDOWS\system32\mflttibe.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\Activate.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\update.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\winav.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\PGE.dat

C:\Program Files\Fichiers communs\winantivirus pro 2006

C:\Program Files\Fichiers communs\winantivirus pro 2006\err.log

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\wa6pcw.exe

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WAPPChk.dll

C:\WA6P

C:\WA6P\Quar\Index.dat

C:\WA6P\Quar\SOapoldu

C:\WA6P\Quar\SOasqeml

C:\WA6P\Quar\SObcihcu

C:\WA6P\Quar\SObjyixk

C:\WA6P\Quar\SObqzdjr

C:\WA6P\Quar\SOcatbbi

C:\WA6P\Quar\SOcewrax

C:\WA6P\Quar\SOckgafe

C:\WA6P\Quar\SOdldmhq

C:\WA6P\Quar\SOdwqqry

C:\WA6P\Quar\SOegfmhu

C:\WA6P\Quar\SOemrjkx

C:\WA6P\Quar\SOerebah

C:\WA6P\Quar\SOfxoiux

C:\WA6P\Quar\SOgbmuke

C:\WA6P\Quar\SOgjcbrc

C:\WA6P\Quar\SOgnyons

C:\WA6P\Quar\SOgopuul

C:\WA6P\Quar\SOgzntuh

C:\WA6P\Quar\SOhfpwny

C:\WA6P\Quar\SOhjvxyq

C:\WA6P\Quar\SOhxxote

C:\WA6P\Quar\SOimhvfr

C:\WA6P\Quar\SOiyqyll

C:\WA6P\Quar\SOjaqlrt

C:\WA6P\Quar\SOjmnjzo

C:\WA6P\Quar\SOjuekdc

C:\WA6P\Quar\SOkfqnfn

C:\WA6P\Quar\SOkvxudp

C:\WA6P\Quar\SOldpflz

C:\WA6P\Quar\SOlgzmir

C:\WA6P\Quar\SOlllpds

C:\WA6P\Quar\SOlpaaiz

C:\WA6P\Quar\SOlwkdmb

C:\WA6P\Quar\SOlzkwfj

C:\WA6P\Quar\SOmdezuy

C:\WA6P\Quar\SOmljkkf

C:\WA6P\Quar\SOndpnqq

C:\WA6P\Quar\SOnjgvnt

C:\WA6P\Quar\SOnusabs

C:\WA6P\Quar\SOocslsi

C:\WA6P\Quar\SOoiorhh

C:\WA6P\Quar\SOommmak

C:\WA6P\Quar\SOoonznm

C:\WA6P\Quar\SOoskpjo

C:\WA6P\Quar\SOoyaohc

C:\WA6P\Quar\SOozrkqy

C:\WA6P\Quar\SOpaundl

C:\WA6P\Quar\SOpykhlm

C:\WA6P\Quar\SOqbctdl

C:\WA6P\Quar\SOqluzch

C:\WA6P\Quar\SOqngfze

C:\WA6P\Quar\SOqyfxkh

C:\WA6P\Quar\SOrqaabb

C:\WA6P\Quar\SOrwogkl

C:\WA6P\Quar\SOrwpdqb

C:\WA6P\Quar\SOrxkaxg

C:\WA6P\Quar\SOryvhrw

C:\WA6P\Quar\SOrzjliv

C:\WA6P\Quar\SOsbektz

C:\WA6P\Quar\SOseaxku

C:\WA6P\Quar\SOsfmdvc

C:\WA6P\Quar\SOsnrnms

C:\WA6P\Quar\SOsqdfqh

C:\WA6P\Quar\SOteyxlt

C:\WA6P\Quar\SOtigfeo

C:\WA6P\Quar\SOtmyilz

C:\WA6P\Quar\SOtueopi

C:\WA6P\Quar\SOuabzyx

C:\WA6P\Quar\SOufuaqs

C:\WA6P\Quar\SOughlmk

C:\WA6P\Quar\SOuhjlxz

C:\WA6P\Quar\SOujmmvm

C:\WA6P\Quar\SOunjwck

C:\WA6P\Quar\SOvjvqvx

C:\WA6P\Quar\SOvnsawd

C:\WA6P\Quar\SOvpbtuf

C:\WA6P\Quar\SOvtwrtb

C:\WA6P\Quar\SOvxaesa

C:\WA6P\Quar\SOwmgbvr

C:\WA6P\Quar\SOwnrnsl

C:\WA6P\Quar\SOxfmvfp

C:\WA6P\Quar\SOxgujsy

C:\WA6P\Quar\SOxpwjjj

C:\WA6P\Quar\SOxpysgo

C:\WA6P\Quar\SOxyxjuo

C:\WA6P\Quar\SOycpmcw

C:\WA6P\Quar\SOzadppo

C:\WA6P\Quar\SOzfoclh

C:\WA6P\Quar\SOzksreh

C:\WA6P\Quar\SOzrjckd

C:\WINDOWS\BM59044253.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\abfbrkhd.exe

C:\WINDOWS\system32\camdjqhj.exe

C:\WINDOWS\system32\ekbvpqgl.dll

C:\WINDOWS\system32\eohvdqwb.ini

C:\WINDOWS\system32\iieybtbx.ini

C:\WINDOWS\system32\lgqpvbke.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mflttibe.dll

C:\WINDOWS\system32\mmporrqr.ini

C:\WINDOWS\system32\mmporrqr.ini2

C:\WINDOWS\system32\nqenklmw.ini

C:\WINDOWS\system32\opnlljhf.dll

C:\WINDOWS\system32\othkaduu.exe

C:\WINDOWS\system32\plbhcgba.ini

C:\WINDOWS\system32\qgnthswg.ini

C:\WINDOWS\system32\stera.job

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\uqcrkhti.exe

C:\WINDOWS\system32\urlmsnlink.dat

C:\WINDOWS\system32\uswmsrmh.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

-------\Legacy_VSPF

-------\Legacy_VSPF_HK

-------\Service_FOPN

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-25 23:13 . 2008-05-25 23:27 <REP> d-------- C:\HJT

2008-05-25 17:52 . 2008-05-25 17:52 94,208 --a------ C:\WINDOWS\system32\wmlkneqn.dll

2008-05-25 17:34 . 2008-05-25 17:34 109,056 --a------ C:\WINDOWS\system32\qlojsvjp.dll

2008-05-24 00:19 . 2008-05-24 00:19 2 --a------ C:\WINDOWS\msoffice.ini

2008-05-23 22:17 . 2008-05-23 22:17 <REP> d-------- C:\Program Files\Avira

2008-05-23 21:56 . 2008-05-23 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-17 18:14 . 2008-05-17 18:57 <REP> d-------- C:\Documents and Settings\sophie chebassier\Application Data\Desperate Housewives

2008-05-17 18:02 . 2008-05-17 18:02 <REP> d-------- C:\Program Files\Buena Vista Games

2008-05-17 18:01 . 2008-05-17 18:14 1,104 --a------ C:\WINDOWS\disney.ini

2008-05-17 18:01 . 2008-05-17 18:01 185 --a------ C:\WINDOWS\disneysy.ini

2008-05-17 17:34 . 2008-05-17 17:34 <REP> d-------- C:\Program Files\Ubisoft

2008-05-17 12:23 . 2008-05-17 12:23 374,784 --a------ C:\WINDOWS\system32\rqrropmm.dll

2008-05-15 16:15 . 1997-07-06 20:22 756,736 --------- C:\WINDOWS\system32\ir41_32.dll

2008-05-15 16:14 . 2008-05-15 16:14 <REP> d-------- C:\Program Files\Microsoft Games

2008-04-27 13:17 . 2008-04-27 13:17 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-27 13:16 . 2008-04-27 13:18 <REP> d-------- C:\Program Files\Windows Live

2008-04-27 13:16 . 2008-04-27 13:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-25 13:22 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\U3

2008-05-23 22:20 --------- d-----w C:\Program Files\Fichiers communs\AOL

2008-05-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-05-23 17:40 --------- d-----w C:\Program Files\EoRezo

2008-05-23 17:40 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\EoRezo

2008-05-20 16:10 --------- d-----w C:\Program Files\CDDC-MahJongg

2008-05-17 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-15 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 15:17 --------- d-----w C:\Program Files\HOTALBUMMyBOX

2008-04-01 13:32 --------- d-----w C:\Program Files\PhotoFiltre Studio

2008-04-01 13:32 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\ItsLabel

2008-04-01 13:31 --------- d-----w C:\Program Files\Its Label

2007-03-27 16:40 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2007-03-03 11:03 46,592 ----a-w C:\Documents and Settings\sophie chebassier\fopn.sys

2007-01-30 19:37 174 ----a-w C:\Documents and Settings\sophie chebassier\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EE68FE-193D-42E4-A89A-E5B1106187DF}]

2008-05-17 12:23 374784 --a------ C:\WINDOWS\system32\rqrropmm.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 15:19 389120]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05 344064]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 22:50 729178]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59 794624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54 253952]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17 409600]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26 233534]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-20 13:26 1838592]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-21 18:52 155648]

"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]

"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248]

"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632]

"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552]

"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536]

"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 15:48 789144]

"EoEngine"="" []

"EoWeather"="" []

"ItsTV"="C:\Program Files\Its Label\ItsTV\ItsTV.exe" [2007-04-26 16:19 2908160]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"BM59044253"="C:\WINDOWS\system32\qlojsvjp.dll" [2008-05-25 17:34 109056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Reflex English Cambridge\\data\\fscommand\\flchk.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-03-17 12:23]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06]

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2123da1c-ae2d-11dc-937d-0014a5735547}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-25 21:32:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

angelique Devil Member !

angelique

Posté(e)
Posté(e)

oui toujours vérolé, mais ça progresse ;o)

 

• desactive temporairement antivir sinon il va gener dans la desinfection, clic droit sur le parapluie dans le systray à coté de l'horloge , decoche <antivir guard enable>

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\wmlkneqn.dll
C:\WINDOWS\system32\qlojsvjp.dll
C:\WINDOWS\system32\rqrropmm.dll
C:\Documents and Settings\sophie chebassier\fopn.sys

Folder::
C:\Program Files\EoRezo
C:\Documents and Settings\sophie chebassier\Application Data\EoRezo

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EE68FE-193D-42E4-A89A-E5B1106187DF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM59044253"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

cof336 Junior Member

cof336

Posté(e)
  • Auteur
Posté(e)

Voici le rapport demandé, il y a eu une MAJ de windows

 

ComboFix 08-05-25.3 - sophie chebassier 2008-05-26 23:04:59.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.512 [GMT 2:00]

Endroit: C:\Documents and Settings\sophie chebassier\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\sophie chebassier\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\Documents and Settings\sophie chebassier\fopn.sys

C:\WINDOWS\system32\qlojsvjp.dll

C:\WINDOWS\system32\rqrropmm.dll

C:\WINDOWS\system32\wmlkneqn.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\cmhost.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\ConfMedia.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\db\cat.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\eoDesktop\config.xml

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\eoDesktop\eoDesktop.html

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\eoDesktop\userConfig.xml

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather.cfg

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\67_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\67_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\69_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\69_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\70_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\70_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\78_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\78_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\82_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\82_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\83_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\83_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\84_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\84_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\85_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\85_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\89_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\89_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\back.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_1.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_1days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_2days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_7days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\backPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\band.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\band_small.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\close.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\closePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionClose.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\earth.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\fonds_écran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\help.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\helpPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\minimise.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\minimisePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\next.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\nextPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\option.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\optionPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\reflet_ecran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\small_background.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\Thumbs.db

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\67_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\67_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\69_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\69_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\70_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\70_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\78_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\78_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\82_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\82_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\83_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\83_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\84_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\84_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\85_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\85_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\89_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\89_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\about.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\back.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_1.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_1days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_2days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_7days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\backPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\close.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\closePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\earth.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\fonds_écran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\help.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\helpPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\minimise.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\minimisePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\next.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\nextPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\option.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\optionPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\Thumbs.db

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\txt_14x13.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\host.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\towns.cfg

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\user.cyp

C:\Documents and Settings\sophie chebassier\fopn.sys

C:\Program Files\EoRezo

C:\Program Files\EoRezo\EoAdv\eoAdv.url

C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6184

C:\WINDOWS\BM59044253.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\ipsefcpa.ini

C:\WINDOWS\system32\mmporrqr.ini

C:\WINDOWS\system32\mmporrqr.ini2

C:\WINDOWS\system32\qlojsvjp.dll

C:\WINDOWS\system32\rqrropmm.dll

C:\WINDOWS\system32\rxuoycka.exe

C:\WINDOWS\system32\wmlkneqn.dll

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\Activate.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\update.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\winav.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\PGE.dat

C:\Program Files\Fichiers communs\winantivirus pro 2006

C:\Program Files\Fichiers communs\winantivirus pro 2006\err.log

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\wa6pcw.exe

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WAPPChk.dll

C:\WA6P

C:\WA6P\Quar\Index.dat

C:\WA6P\Quar\SOapoldu

C:\WA6P\Quar\SOasqeml

C:\WA6P\Quar\SObcihcu

C:\WA6P\Quar\SObjyixk

C:\WA6P\Quar\SObqzdjr

C:\WA6P\Quar\SOcatbbi

C:\WA6P\Quar\SOcewrax

C:\WA6P\Quar\SOckgafe

C:\WA6P\Quar\SOdldmhq

C:\WA6P\Quar\SOdwqqry

C:\WA6P\Quar\SOegfmhu

C:\WA6P\Quar\SOemrjkx

C:\WA6P\Quar\SOerebah

C:\WA6P\Quar\SOfxoiux

C:\WA6P\Quar\SOgbmuke

C:\WA6P\Quar\SOgjcbrc

C:\WA6P\Quar\SOgnyons

C:\WA6P\Quar\SOgopuul

C:\WA6P\Quar\SOgzntuh

C:\WA6P\Quar\SOhfpwny

C:\WA6P\Quar\SOhjvxyq

C:\WA6P\Quar\SOhxxote

C:\WA6P\Quar\SOimhvfr

C:\WA6P\Quar\SOiyqyll

C:\WA6P\Quar\SOjaqlrt

C:\WA6P\Quar\SOjmnjzo

C:\WA6P\Quar\SOjuekdc

C:\WA6P\Quar\SOkfqnfn

C:\WA6P\Quar\SOkvxudp

C:\WA6P\Quar\SOldpflz

C:\WA6P\Quar\SOlgzmir

C:\WA6P\Quar\SOlllpds

C:\WA6P\Quar\SOlpaaiz

C:\WA6P\Quar\SOlwkdmb

C:\WA6P\Quar\SOlzkwfj

C:\WA6P\Quar\SOmdezuy

C:\WA6P\Quar\SOmljkkf

C:\WA6P\Quar\SOndpnqq

C:\WA6P\Quar\SOnjgvnt

C:\WA6P\Quar\SOnusabs

C:\WA6P\Quar\SOocslsi

C:\WA6P\Quar\SOoiorhh

C:\WA6P\Quar\SOommmak

C:\WA6P\Quar\SOoonznm

C:\WA6P\Quar\SOoskpjo

C:\WA6P\Quar\SOoyaohc

C:\WA6P\Quar\SOozrkqy

C:\WA6P\Quar\SOpaundl

C:\WA6P\Quar\SOpykhlm

C:\WA6P\Quar\SOqbctdl

C:\WA6P\Quar\SOqluzch

C:\WA6P\Quar\SOqngfze

C:\WA6P\Quar\SOqyfxkh

C:\WA6P\Quar\SOrqaabb

C:\WA6P\Quar\SOrwogkl

C:\WA6P\Quar\SOrwpdqb

C:\WA6P\Quar\SOrxkaxg

C:\WA6P\Quar\SOryvhrw

C:\WA6P\Quar\SOrzjliv

C:\WA6P\Quar\SOsbektz

C:\WA6P\Quar\SOseaxku

C:\WA6P\Quar\SOsfmdvc

C:\WA6P\Quar\SOsnrnms

C:\WA6P\Quar\SOsqdfqh

C:\WA6P\Quar\SOteyxlt

C:\WA6P\Quar\SOtigfeo

C:\WA6P\Quar\SOtmyilz

C:\WA6P\Quar\SOtueopi

C:\WA6P\Quar\SOuabzyx

C:\WA6P\Quar\SOufuaqs

C:\WA6P\Quar\SOughlmk

C:\WA6P\Quar\SOuhjlxz

C:\WA6P\Quar\SOujmmvm

C:\WA6P\Quar\SOunjwck

C:\WA6P\Quar\SOvjvqvx

C:\WA6P\Quar\SOvnsawd

C:\WA6P\Quar\SOvpbtuf

C:\WA6P\Quar\SOvtwrtb

C:\WA6P\Quar\SOvxaesa

C:\WA6P\Quar\SOwmgbvr

C:\WA6P\Quar\SOwnrnsl

C:\WA6P\Quar\SOxfmvfp

C:\WA6P\Quar\SOxgujsy

C:\WA6P\Quar\SOxpwjjj

C:\WA6P\Quar\SOxpysgo

C:\WA6P\Quar\SOxyxjuo

C:\WA6P\Quar\SOycpmcw

C:\WA6P\Quar\SOzadppo

C:\WA6P\Quar\SOzfoclh

C:\WA6P\Quar\SOzksreh

C:\WA6P\Quar\SOzrjckd

C:\WINDOWS\BM59044253.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\abfbrkhd.exe

C:\WINDOWS\system32\camdjqhj.exe

C:\WINDOWS\system32\ekbvpqgl.dll

C:\WINDOWS\system32\eohvdqwb.ini

C:\WINDOWS\system32\iieybtbx.ini

C:\WINDOWS\system32\lgqpvbke.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mflttibe.dll

C:\WINDOWS\system32\mmporrqr.ini

C:\WINDOWS\system32\mmporrqr.ini2

C:\WINDOWS\system32\nqenklmw.ini

C:\WINDOWS\system32\opnlljhf.dll

C:\WINDOWS\system32\othkaduu.exe

C:\WINDOWS\system32\plbhcgba.ini

C:\WINDOWS\system32\qgnthswg.ini

C:\WINDOWS\system32\stera.job

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\uqcrkhti.exe

C:\WINDOWS\system32\urlmsnlink.dat

C:\WINDOWS\system32\uswmsrmh.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

-------\Legacy_VSPF

-------\Legacy_VSPF_HK

-------\Service_FOPN

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-26 00:08 . 2008-05-26 00:08 109,056 --a------ C:\WINDOWS\system32\corvtbvg.dll

2008-05-26 00:08 . 2008-05-26 00:08 94,208 --a------ C:\WINDOWS\system32\apcfespi.dll

2008-05-25 23:13 . 2008-05-25 23:27 <REP> d-------- C:\HJT

2008-05-24 00:19 . 2008-05-24 00:19 2 --a------ C:\WINDOWS\msoffice.ini

2008-05-23 22:17 . 2008-05-23 22:17 <REP> d-------- C:\Program Files\Avira

2008-05-23 21:56 . 2008-05-23 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-17 18:14 . 2008-05-17 18:57 <REP> d-------- C:\Documents and Settings\sophie chebassier\Application Data\Desperate Housewives

2008-05-17 18:02 . 2008-05-17 18:02 <REP> d-------- C:\Program Files\Buena Vista Games

2008-05-17 18:01 . 2008-05-17 18:14 1,104 --a------ C:\WINDOWS\disney.ini

2008-05-17 18:01 . 2008-05-17 18:01 185 --a------ C:\WINDOWS\disneysy.ini

2008-05-17 17:34 . 2008-05-17 17:34 <REP> d-------- C:\Program Files\Ubisoft

2008-05-15 16:15 . 1997-07-06 20:22 756,736 --------- C:\WINDOWS\system32\ir41_32.dll

2008-05-15 16:14 . 2008-05-15 16:14 <REP> d-------- C:\Program Files\Microsoft Games

2008-04-27 13:17 . 2008-04-27 13:17 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-27 13:16 . 2008-04-27 13:18 <REP> d-------- C:\Program Files\Windows Live

2008-04-27 13:16 . 2008-04-27 13:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-25 13:22 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\U3

2008-05-23 22:20 --------- d-----w C:\Program Files\Fichiers communs\AOL

2008-05-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-05-20 16:10 --------- d-----w C:\Program Files\CDDC-MahJongg

2008-05-17 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-15 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 15:17 --------- d-----w C:\Program Files\HOTALBUMMyBOX

2008-04-01 13:32 --------- d-----w C:\Program Files\PhotoFiltre Studio

2008-04-01 13:32 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\ItsLabel

2008-04-01 13:31 --------- d-----w C:\Program Files\Its Label

2007-03-27 16:40 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2007-01-30 19:37 174 ----a-w C:\Documents and Settings\sophie chebassier\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-26_ 0.06.38.28 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-25 21:55:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 21:09:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 15:19 389120]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05 344064]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 22:50 729178]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59 794624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54 253952]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17 409600]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26 233534]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-20 13:26 1838592]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-21 18:52 155648]

"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]

"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248]

"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632]

"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552]

"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536]

"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 15:48 789144]

"ItsTV"="C:\Program Files\Its Label\ItsTV\ItsTV.exe" [2007-04-26 16:19 2908160]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"5a3771cf"="C:\WINDOWS\system32\apcfespi.dll" [2008-05-26 00:08 94208]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Reflex English Cambridge\\data\\fscommand\\flchk.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-03-17 12:23]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06]

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2123da1c-ae2d-11dc-937d-0014a5735547}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-26 20:32:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• tu vas reexecuter un CFScript , le dernier j'espere!! mais tu vas te deconnecter physiquement d'internet [tu debranches ton cable], tu executes le CFScript ci dessous de la meme maniere que precedemment,tu le fais glisser sur l'icone de ComboFix sur ton bureau, tu patientes 10 Mn avant de te reconnecter et tu postes le rapport CFScript

 

File::
C:\WINDOWS\system32\corvtbvg.dll
C:\WINDOWS\system32\apcfespi.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5a3771cf"=-

cof336 Junior Member

cof336

Posté(e)
  • Auteur
Posté(e)

Voila le rapport, pour info j'avais enlevé winantivurus pro 200- juste avant d'intaller antivir qui a detecter cette saloperie.

 

ComboFix 08-05-25.3 - sophie chebassier 2008-05-27 20:22:56.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.558 [GMT 2:00]

Endroit: C:\Documents and Settings\sophie chebassier\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\sophie chebassier\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\apcfespi.dll

C:\WINDOWS\system32\corvtbvg.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\sophie chebassier\err.log

C:\WINDOWS\system32\corvtbvg.dll

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\cmhost.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\ConfMedia.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\db\cat.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\eoDesktop\config.xml

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\eoDesktop\eoDesktop.html

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\eoDesktop\userConfig.xml

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather.cfg

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\67_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\67_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\69_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\69_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\70_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\70_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\78_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\78_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\82_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\82_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\83_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\83_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\84_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\84_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\85_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\85_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\89_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\89_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\back.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_1.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_1days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_2days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\background_7days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\backPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\band.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\band_small.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\close.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\closePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionClose.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\earth.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\fonds_écran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\help.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\helpPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\minimise.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\minimisePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\next.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\nextPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\option.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\optionPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\reflet_ecran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\small_background.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_classic\Thumbs.db

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\67_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\67_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\69_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\69_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\70_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\70_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\78_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\78_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\82_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\82_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\83_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\83_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\84_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\84_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\85_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\85_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\89_day.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\89_night.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\about.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\back.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_1.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_1days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_2days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\background_7days.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\backPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\close.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\closePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\earth.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\fonds_écran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\help.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\helpPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\minimise.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\minimisePressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\next.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\nextPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\option.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\optionPressed.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\Thumbs.db

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\EoWeather\images_station_meteo\txt_14x13.png

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\host.cyp

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\towns.cfg

C:\Documents and Settings\sophie chebassier\Application Data\EoRezo\user.cyp

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\Activate.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\update.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\Logs\winav.log

C:\Documents and Settings\sophie chebassier\Application Data\WinAntiVirus Pro 2006\PGE.dat

C:\Documents and Settings\sophie chebassier\fopn.sys

C:\Program Files\EoRezo

C:\Program Files\EoRezo\EoAdv\eoAdv.url

C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6184

C:\Program Files\Fichiers communs\winantivirus pro 2006

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\err.log

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\wa6pcw.exe

C:\Program Files\Fichiers communs\winantivirus pro 2006\WapCHK.dll

C:\Program Files\Fichiers communs\winantivirus pro 2006\WAPPChk.dll

C:\WA6P

C:\WA6P\Quar\Index.dat

C:\WA6P\Quar\SOapoldu

C:\WA6P\Quar\SOasqeml

C:\WA6P\Quar\SObcihcu

C:\WA6P\Quar\SObjyixk

C:\WA6P\Quar\SObqzdjr

C:\WA6P\Quar\SOcatbbi

C:\WA6P\Quar\SOcewrax

C:\WA6P\Quar\SOckgafe

C:\WA6P\Quar\SOdldmhq

C:\WA6P\Quar\SOdwqqry

C:\WA6P\Quar\SOegfmhu

C:\WA6P\Quar\SOemrjkx

C:\WA6P\Quar\SOerebah

C:\WA6P\Quar\SOfxoiux

C:\WA6P\Quar\SOgbmuke

C:\WA6P\Quar\SOgjcbrc

C:\WA6P\Quar\SOgnyons

C:\WA6P\Quar\SOgopuul

C:\WA6P\Quar\SOgzntuh

C:\WA6P\Quar\SOhfpwny

C:\WA6P\Quar\SOhjvxyq

C:\WA6P\Quar\SOhxxote

C:\WA6P\Quar\SOimhvfr

C:\WA6P\Quar\SOiyqyll

C:\WA6P\Quar\SOjaqlrt

C:\WA6P\Quar\SOjmnjzo

C:\WA6P\Quar\SOjuekdc

C:\WA6P\Quar\SOkfqnfn

C:\WA6P\Quar\SOkvxudp

C:\WA6P\Quar\SOldpflz

C:\WA6P\Quar\SOlgzmir

C:\WA6P\Quar\SOlllpds

C:\WA6P\Quar\SOlpaaiz

C:\WA6P\Quar\SOlwkdmb

C:\WA6P\Quar\SOlzkwfj

C:\WA6P\Quar\SOmdezuy

C:\WA6P\Quar\SOmljkkf

C:\WA6P\Quar\SOndpnqq

C:\WA6P\Quar\SOnjgvnt

C:\WA6P\Quar\SOnusabs

C:\WA6P\Quar\SOocslsi

C:\WA6P\Quar\SOoiorhh

C:\WA6P\Quar\SOommmak

C:\WA6P\Quar\SOoonznm

C:\WA6P\Quar\SOoskpjo

C:\WA6P\Quar\SOoyaohc

C:\WA6P\Quar\SOozrkqy

C:\WA6P\Quar\SOpaundl

C:\WA6P\Quar\SOpykhlm

C:\WA6P\Quar\SOqbctdl

C:\WA6P\Quar\SOqluzch

C:\WA6P\Quar\SOqngfze

C:\WA6P\Quar\SOqyfxkh

C:\WA6P\Quar\SOrqaabb

C:\WA6P\Quar\SOrwogkl

C:\WA6P\Quar\SOrwpdqb

C:\WA6P\Quar\SOrxkaxg

C:\WA6P\Quar\SOryvhrw

C:\WA6P\Quar\SOrzjliv

C:\WA6P\Quar\SOsbektz

C:\WA6P\Quar\SOseaxku

C:\WA6P\Quar\SOsfmdvc

C:\WA6P\Quar\SOsnrnms

C:\WA6P\Quar\SOsqdfqh

C:\WA6P\Quar\SOteyxlt

C:\WA6P\Quar\SOtigfeo

C:\WA6P\Quar\SOtmyilz

C:\WA6P\Quar\SOtueopi

C:\WA6P\Quar\SOuabzyx

C:\WA6P\Quar\SOufuaqs

C:\WA6P\Quar\SOughlmk

C:\WA6P\Quar\SOuhjlxz

C:\WA6P\Quar\SOujmmvm

C:\WA6P\Quar\SOunjwck

C:\WA6P\Quar\SOvjvqvx

C:\WA6P\Quar\SOvnsawd

C:\WA6P\Quar\SOvpbtuf

C:\WA6P\Quar\SOvtwrtb

C:\WA6P\Quar\SOvxaesa

C:\WA6P\Quar\SOwmgbvr

C:\WA6P\Quar\SOwnrnsl

C:\WA6P\Quar\SOxfmvfp

C:\WA6P\Quar\SOxgujsy

C:\WA6P\Quar\SOxpwjjj

C:\WA6P\Quar\SOxpysgo

C:\WA6P\Quar\SOxyxjuo

C:\WA6P\Quar\SOycpmcw

C:\WA6P\Quar\SOzadppo

C:\WA6P\Quar\SOzfoclh

C:\WA6P\Quar\SOzksreh

C:\WA6P\Quar\SOzrjckd

C:\WINDOWS\BM59044253.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\abfbrkhd.exe

C:\WINDOWS\system32\camdjqhj.exe

C:\WINDOWS\system32\ekbvpqgl.dll

C:\WINDOWS\system32\eohvdqwb.ini

C:\WINDOWS\system32\iieybtbx.ini

C:\WINDOWS\system32\ipsefcpa.ini

C:\WINDOWS\system32\lgqpvbke.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mflttibe.dll

C:\WINDOWS\system32\mmporrqr.ini

C:\WINDOWS\system32\mmporrqr.ini2

C:\WINDOWS\system32\nqenklmw.ini

C:\WINDOWS\system32\opnlljhf.dll

C:\WINDOWS\system32\othkaduu.exe

C:\WINDOWS\system32\plbhcgba.ini

C:\WINDOWS\system32\qgnthswg.ini

C:\WINDOWS\system32\qlojsvjp.dll

C:\WINDOWS\system32\rqrropmm.dll

C:\WINDOWS\system32\rxuoycka.exe

C:\WINDOWS\system32\stera.job

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\uqcrkhti.exe

C:\WINDOWS\system32\urlmsnlink.dat

C:\WINDOWS\system32\uswmsrmh.exe

C:\WINDOWS\system32\wmlkneqn.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

-------\Legacy_VSPF

-------\Legacy_VSPF_HK

-------\Service_FOPN

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-26 23:21 . 2008-05-26 23:21 206 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-26 23:13 . 2008-05-26 23:13 294 ---hs---- C:\WINDOWS\system32\ipsefcpa.ini

2008-05-25 23:13 . 2008-05-25 23:27 <REP> d-------- C:\HJT

2008-05-24 00:19 . 2008-05-24 00:19 2 --a------ C:\WINDOWS\msoffice.ini

2008-05-23 22:17 . 2008-05-23 22:17 <REP> d-------- C:\Program Files\Avira

2008-05-23 21:56 . 2008-05-23 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-17 18:14 . 2008-05-17 18:57 <REP> d-------- C:\Documents and Settings\sophie chebassier\Application Data\Desperate Housewives

2008-05-17 18:02 . 2008-05-17 18:02 <REP> d-------- C:\Program Files\Buena Vista Games

2008-05-17 18:01 . 2008-05-17 18:14 1,104 --a------ C:\WINDOWS\disney.ini

2008-05-17 18:01 . 2008-05-17 18:01 185 --a------ C:\WINDOWS\disneysy.ini

2008-05-17 17:34 . 2008-05-17 17:34 <REP> d-------- C:\Program Files\Ubisoft

2008-05-15 16:15 . 1997-07-06 20:22 756,736 --------- C:\WINDOWS\system32\ir41_32.dll

2008-05-15 16:14 . 2008-05-15 16:14 <REP> d-------- C:\Program Files\Microsoft Games

2008-04-27 13:17 . 2008-04-27 13:17 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-27 13:16 . 2008-04-27 13:18 <REP> d-------- C:\Program Files\Windows Live

2008-04-27 13:16 . 2008-04-27 13:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-25 13:22 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\U3

2008-05-23 22:20 --------- d-----w C:\Program Files\Fichiers communs\AOL

2008-05-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-05-20 16:10 --------- d-----w C:\Program Files\CDDC-MahJongg

2008-05-17 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-15 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 15:17 --------- d-----w C:\Program Files\HOTALBUMMyBOX

2008-04-01 13:32 --------- d-----w C:\Program Files\PhotoFiltre Studio

2008-04-01 13:32 --------- d-----w C:\Documents and Settings\sophie chebassier\Application Data\ItsLabel

2008-04-01 13:31 --------- d-----w C:\Program Files\Its Label

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2007-03-27 16:40 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2007-01-30 19:37 174 ----a-w C:\Documents and Settings\sophie chebassier\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-26_ 0.06.38.28 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-25 21:55:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 21:23:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 15:19 389120]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05 344064]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 22:50 729178]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59 794624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54 253952]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17 409600]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26 233534]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-20 13:26 1838592]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-21 18:52 155648]

"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]

"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248]

"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632]

"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552]

"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536]

"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 15:48 789144]

"ItsTV"="C:\Program Files\Its Label\ItsTV\ItsTV.exe" [2007-04-26 16:19 2908160]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Reflex English Cambridge\\data\\fscommand\\flchk.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-03-17 12:23]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06]

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2123da1c-ae2d-11dc-937d-0014a5735547}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-26 21:32:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-27 20:26:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?7?2?5??????? ???B?????????????hLC? ??????

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-05-27 20:29:07

ComboFix-quarantined-files.txt 2008-05-27 18:28:19

 

Pre-Run: 58,575,659,008 octets libres

Post-Run: 58,566,062,080 octets libres

 

384 --- E O F --- 2008-05-26 21:21:55

angelique Devil Member !

angelique

Posté(e)
Posté(e)
Voila le rapport, pour info j'avais enlevé winantivurus pro 200- juste avant d'intaller antivir qui a detecter cette saloperie.

 

Oui c'est un rogue , un faux outils .

en voila une liste: http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

à lire: http://forum.malekal.com/viewtopic.php?f=56&t=589

 

 

ça m'a l'air ok , mais on va verifier un truc avec un scan online kaspersky.

Fait ceci auparavent:

 

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la:

 

ComboFix /u

 

supprime si toujours existant c:\qoobox , c:\bug , c:\combofix

 

• Ouvre le poste de travail

Clic sur le menu outils en haut à droite puis options des dossiers

Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

Coche dans la liste "Afficher les fichiers cachés"

Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"

Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

Appliquer.

 

Supprime le fichier en gras: C:\WINDOWS\system32\ipsefcpa.ini

 

• * Fais un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

tuto:: http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291566

 

Tu postes le rapport que tu auras precedemment enregistré en fin de scan.

cof336 Junior Member

cof336

Posté(e)
  • Auteur
Posté(e)

Ce fichier n'existait pas C:\WINDOWS\system32\ipsefcpa.ini

 

Voila le rapport de kaspersky

 

KASPERSKY ONLINE SCANNER REPORT

Wednesday, May 28, 2008 11:54:23 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 28/05/2008

Kaspersky Anti-Virus database records: 809537

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

C:\

D:\

 

Scan Statistics

Total number of scanned objects 67436

Number of viruses found 1

Number of infected objects 2

Number of suspicious objects 0

Duration of the scan process 01:19:58

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BraCTLCN.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BraSTMLM.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BraSTMON.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BraWDLMW.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.192.Crwl Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.192.gthr Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wsb Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy29.gthr Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4.tmp Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5.tmp Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_42c.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Messenger\sophie.chebassier@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Messenger\sophie.chebassier@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Messenger\sophie.chebassier@hotmail.fr\SharingMetadata\Working\database_7E77_5ADA_5A37_7160\dfsr.db Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Messenger\sophie.chebassier@hotmail.fr\SharingMetadata\Working\database_7E77_5ADA_5A37_7160\fsr.log Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Messenger\sophie.chebassier@hotmail.fr\SharingMetadata\Working\database_7E77_5ADA_5A37_7160\fsrtmp.log Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Messenger\sophie.chebassier@hotmail.fr\SharingMetadata\Working\database_7E77_5ADA_5A37_7160\tmp.edb Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Application Data\Microsoft\Windows Live Contacts\sophie.chebassier@hotmail.fr\real\members.stg Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temp\Acr23.tmp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temp\Acr35.tmp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temp\Acr5F.tmp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temp\~DFD5CC.tmp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temp\~DFD5E0.tmp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temp\~DFFDDD.tmp Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\ntuser.dat Object is locked skipped

 

C:\Documents and Settings\sophie chebassier\ntuser.dat.LOG Object is locked skipped

 

C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped

 

C:\Program Files\Common Files\Companion Wizard\WapCHK{503AA6ED-31DE-440E-B9FD-E13D5757FB14}.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP354\change.log Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\EventCache\{DE79B985-A8DF-4BAD-A8A4-BECD6629AE8D}.bin Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

 

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...