Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC surrinfecté !!!


mike80

Messages recommandés

Voila , l j'ai bien respecté les consignes :

 

 

 

(9/27/05 14:12:53) SPSeHjFix started v1.1.2

(9/27/05 14:12:53) OS: WinXP Service Pack 1 (5.1.2600)

(9/27/05 14:12:53) Language: français

(9/27/05 14:12:53) Win-Path: C:\WINDOWS

(9/27/05 14:12:53) System-Path: C:\WINDOWS\System32

(9/27/05 14:12:53) Temp-Path: C:\DOCUME~1\mickael\LOCALS~1\Temp\

(9/27/05 14:12:54) Disinfection started

(9/27/05 14:12:54) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:12:54) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:12:54) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:12:54) Bad IE-pages:

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\jtytv.dll/sp.html#93256

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\jtytv.dll/sp.html#93256

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\jtytv.dll/sp.html#93256

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\jtytv.dll/sp.html#93256

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\jtytv.dll/sp.html#93256

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\jtytv.dll/sp.html#93256

deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\jtytv.dll/sp.html#93256

(9/27/05 14:12:54) Stealth-String not found

(9/27/05 14:12:54) No locked Files to delete. End without Reboot

(9/27/05 14:12:57) Disinfection started

(9/27/05 14:12:57) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:12:57) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:12:57) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:12:57) Bad IE-pages: (none)

(9/27/05 14:12:57) Stealth-String not found

(9/27/05 14:12:57) No locked Files to delete. End without Reboot

(9/27/05 14:13:01) Disinfection started

(9/27/05 14:13:01) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:01) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:01) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:01) Bad IE-pages: (none)

(9/27/05 14:13:01) Stealth-String not found

(9/27/05 14:13:01) No locked Files to delete. End without Reboot

(9/27/05 14:13:02) Disinfection started

(9/27/05 14:13:02) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) Bad IE-pages: (none)

(9/27/05 14:13:02) Stealth-String not found

(9/27/05 14:13:02) No locked Files to delete. End without Reboot

(9/27/05 14:13:02) Disinfection started

(9/27/05 14:13:02) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) Bad IE-pages: (none)

(9/27/05 14:13:02) Stealth-String not found

(9/27/05 14:13:02) No locked Files to delete. End without Reboot

(9/27/05 14:13:02) Disinfection started

(9/27/05 14:13:02) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) Bad IE-pages: (none)

(9/27/05 14:13:02) Stealth-String not found

(9/27/05 14:13:02) No locked Files to delete. End without Reboot

(9/27/05 14:13:02) Disinfection started

(9/27/05 14:13:02) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) Bad IE-pages: (none)

(9/27/05 14:13:02) Stealth-String not found

(9/27/05 14:13:02) No locked Files to delete. End without Reboot

(9/27/05 14:13:02) Disinfection started

(9/27/05 14:13:02) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) Bad IE-pages: (none)

(9/27/05 14:13:02) Stealth-String not found

(9/27/05 14:13:02) No locked Files to delete. End without Reboot

(9/27/05 14:13:02) Disinfection started

(9/27/05 14:13:02) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:02) Bad IE-pages: (none)

(9/27/05 14:13:02) Stealth-String not found

(9/27/05 14:13:02) No locked Files to delete. End without Reboot

(9/27/05 14:13:03) Disinfection started

(9/27/05 14:13:03) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:03) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:03) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:03) Bad IE-pages: (none)

(9/27/05 14:13:03) Stealth-String not found

(9/27/05 14:13:03) No locked Files to delete. End without Reboot

(9/27/05 14:13:03) Disinfection started

(9/27/05 14:13:03) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:03) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:03) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:03) Bad IE-pages: (none)

(9/27/05 14:13:03) Stealth-String not found

(9/27/05 14:13:03) No locked Files to delete. End without Reboot

(9/27/05 14:13:03) Disinfection started

(9/27/05 14:13:03) Bad-Dll(IEP): c:\windows\jtytv.dll

(9/27/05 14:13:03) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:03) UBF: 5 - UBB: 1 - UBR: 6

(9/27/05 14:13:03) Bad IE-pages: (none)

(9/27/05 14:13:03) Stealth-String not found

(9/27/05 14:13:03) No locked Files to delete. End without Reboot

----------------------------------------------------------------------------------------

 

Mais a chaque fois que je veux ouvrir une page internet, antivir détect ceci :

 

 

C:\WINDOWS\SYSTEM32\EVVPX.DLL

 

Is the Trojan horse TR/StartPa.DU.DLL.1

 

--------------------------------------------------------------------

 

Est-ce normal ?

Lien vers le commentaire
Partager sur d’autres sites

Re salut bipbip, bonjour a tous,

 

voici le log hijackthis comme convenu :

 

Logfile of HijackThis v1.99.1

Scan saved at 10:00:32, on 29/09/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\atlmc32.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe

C:\Matlab7\webserver\bin\win32\matlabserver.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\atlje.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\AVPersonal\INETUPD.EXE

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyweb.utc.fr:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {0B770DD6-AEB5-21ED-6D51-033B76258C77} - C:\WINDOWS\system32\ieso.dll

O2 - BHO: Class - {10ABDCE8-0FE1-1F00-353B-C722D83B9139} - C:\WINDOWS\system32\netjz32.dll

O2 - BHO: Class - {1E94F949-F3F0-5C64-038A-53C68D35F288} - C:\WINDOWS\system32\javaoj.dll

O2 - BHO: Class - {1EABB716-6766-9034-E2FB-D0FA3A1B06E9} - C:\WINDOWS\system32\netyy.dll

O2 - BHO: Class - {1F6BBD3D-4D92-B6C9-0D86-67BC18D25967} - C:\WINDOWS\system32\d3my32.dll

O2 - BHO: Class - {201C2FBF-3759-3A0D-344E-15772DA97FF5} - C:\WINDOWS\javazq.dll

O2 - BHO: Class - {21550CC0-2AA4-18C6-156A-0927D0630C0D} - C:\WINDOWS\system32\ipwo.dll

O2 - BHO: Class - {27E1E8D6-D0CD-4321-1020-995AA1BFB2B5} - C:\WINDOWS\system32\javapc.dll

O2 - BHO: Class - {27E66E0E-10B1-AE94-6FA4-137B013EE875} - C:\WINDOWS\system32\sysvz.dll

O2 - BHO: Class - {2CFEA94E-5A24-A0DD-8BBF-23387F8EEBCF} - C:\WINDOWS\system32\sdkkb32.dll

O2 - BHO: Class - {321EE590-67C6-6B11-CCA5-70323A77E2B6} - C:\WINDOWS\msko.dll

O2 - BHO: Class - {3430DBD7-FB8E-89AC-570B-BFD4FF9822B6} - C:\WINDOWS\system32\sdkyc32.dll

O2 - BHO: Class - {347CF0FD-5E7D-8D1B-57E2-27841B120F68} - C:\WINDOWS\javagq32.dll

O2 - BHO: Class - {35F1EB9B-2875-FC5F-C210-4FA3B45FC995} - C:\WINDOWS\system32\javafp32.dll

O2 - BHO: Class - {3A3AA010-1800-53BA-E16B-DD32344A479E} - C:\WINDOWS\ntqd32.dll

O2 - BHO: Class - {40623E66-6632-B92E-52FA-C47B8259279F} - C:\WINDOWS\system32\atlgx32.dll

O2 - BHO: Class - {46B118F7-A9C3-30B6-F02A-A8C72E1E4FD5} - C:\WINDOWS\system32\javayy32.dll

O2 - BHO: Class - {4C71452A-6C8B-7351-0338-0370964A66D2} - C:\WINDOWS\ievo32.dll

O2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apial.dll

O2 - BHO: Class - {517564DA-70D9-1F28-3710-89856CB474C4} - C:\WINDOWS\system32\netfk.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Class - {572A44A6-4945-DA71-B13F-066F8EC29E66} - C:\WINDOWS\appex.dll

O2 - BHO: Class - {575C418B-0B32-878B-11D3-E5EA0E460E09} - C:\WINDOWS\system32\ntpv32.dll

O2 - BHO: Class - {5874F8D0-E3AD-83A1-3957-B52E1289B231} - C:\WINDOWS\addmc.dll

O2 - BHO: Class - {61CB9A96-52A6-77AC-2D80-908A69B10150} - C:\WINDOWS\sysqg32.dll

O2 - BHO: Class - {6261A424-B0FC-0029-57C0-677FD04E086B} - C:\WINDOWS\sysej32.dll

O2 - BHO: Class - {655B57FC-F511-E626-4D9C-B315180CF3AA} - C:\WINDOWS\system32\sdkme32.dll

O2 - BHO: Class - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - C:\WINDOWS\atlyt32.dll

O2 - BHO: Class - {6D1994C5-8E89-1F2D-9ABD-D6FD47944E0B} - C:\WINDOWS\system32\iebd.dll

O2 - BHO: Class - {70BA9630-8D19-EFD5-E92D-0662A9598CAE} - C:\WINDOWS\addxs.dll

O2 - BHO: Class - {7585DA5E-00B8-A6A6-588F-E650C178A259} - C:\WINDOWS\syser32.dll

O2 - BHO: Class - {763B83B8-1A6B-61BB-A43E-8A426D1F77FC} - C:\WINDOWS\system32\apizl.dll

O2 - BHO: Class - {795C4F6D-8709-7CDE-2594-4B088D22936D} - C:\WINDOWS\sdkzt32.dll

O2 - BHO: Class - {865E429D-BFA4-C656-5DF9-DD49CC5D9CC7} - C:\WINDOWS\sdklw32.dll

O2 - BHO: Class - {868B9A8E-F8FF-0CE7-B336-2B1AF1713C5F} - C:\WINDOWS\addvi32.dll

O2 - BHO: Class - {8D199EFD-5E92-9066-A959-CAE4A3ADE0B2} - C:\WINDOWS\system32\mszt.dll

O2 - BHO: Class - {92CDA6FC-1C7D-E1DC-676E-761A6ECC0847} - C:\WINDOWS\system32\msbw.dll

O2 - BHO: Class - {93757B32-DCC3-5C75-4010-8C148E619B58} - C:\WINDOWS\system32\sdkvj.dll

O2 - BHO: Class - {9A7207C1-F9CF-2AD4-96C4-3A2EDCF39262} - C:\WINDOWS\nttw32.dll

O2 - BHO: Class - {9A8FA81A-5DB1-391E-A47A-E2064E5B330E} - C:\WINDOWS\d3yn.dll

O2 - BHO: Class - {9D9DFEE4-D4FF-4DF2-9A8B-75B98238D291} - C:\WINDOWS\ntxd32.dll

O2 - BHO: Class - {A4881825-4CC9-B4CE-6290-C430E5E901F8} - C:\WINDOWS\system32\appsk.dll

O2 - BHO: Class - {A5F1C6CB-4A7E-5372-1963-B6EBAEC0BB23} - C:\WINDOWS\system32\msyq32.dll

O2 - BHO: Class - {A992910C-ED06-1A17-A389-6EE7DD6C9071} - C:\WINDOWS\iprs.dll

O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javahn.dll

O2 - BHO: Class - {CEDD5709-5058-410D-7FA2-8B13FFF31739} - C:\WINDOWS\system32\msca.dll

O2 - BHO: Class - {CF5405A2-4593-3340-58C9-D8197B57070C} - C:\WINDOWS\system32\crmd32.dll

O2 - BHO: Class - {D1F0CDB5-E908-7D81-54C6-CCE72BC8C94D} - C:\WINDOWS\addym32.dll

O2 - BHO: Class - {D26313C5-AFE8-33BB-E5DB-1E585F2541C9} - C:\WINDOWS\wincw.dll

O2 - BHO: Class - {EAB92D78-0DD3-8A5E-CA0A-36AA7566EC41} - C:\WINDOWS\system32\appqj32.dll

O2 - BHO: Class - {ECDBD93B-30EF-D196-FC96-85492CDB4F6A} - C:\WINDOWS\javakw32.dll

O2 - BHO: Class - {F292FDF9-73D1-15E7-DA6B-DA2D7932EB4D} - C:\WINDOWS\apidv32.dll

O2 - BHO: Class - {F3485428-77FF-E708-DA20-E086B5881F90} - C:\WINDOWS\msjk.dll

O2 - BHO: Class - {FA6A4655-C13C-BF9A-C97E-513B7A9A010A} - C:\WINDOWS\system32\apijv32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [atlje.exe] C:\WINDOWS\system32\atlje.exe

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127472494031

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: FGLRYUTIL (FGLRYUtil) - ATI Technologies, Inc. - C:\Program Files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Matlab7\webserver\bin\win32\matlabserver.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

J'ai un rapport ANTIVIR et n autre ABOUTBUSTER , je te les envoie ?

Lien vers le commentaire
Partager sur d’autres sites

Les voici au cas ou :

 

 

Creation date of the report file: mardi 27 septembre 2005 18:16

 

AntiVir®/XP (2000 + NT) PersonalEdition Classic

Build 1068 of 21.09.2005

Mainprogram 6.32.00.07 of 16.09.2005

VDF file 6.32.0.36 (0) of 21.09.2005

 

 

This program is for PERSONAL USE only.

Any other use is PROHIBITED.

Informations regarding commercial versions of AntiVir may be obtained from:

www.hbedv.com.

 

 

Scanning for 223228 virus strains and unwanted programs.

 

Licensed for: AntiVir Personal Edition

Serial number: 0000149991-WURGE-0001

 

Please enter the workstation and

contact name with phone number in this form:

 

Name ___________________________________________

 

Street ___________________________________________

 

Town ___________________________________________

 

Phone/Fax ___________________________________________

 

Email ___________________________________________

 

Platform: Windows NT Workstation

Windows version: 5.1 Build 2600 (Service Pack 1)

Username: mickael

Processor: Pentium

Working memory: 1048044 KB free

 

Version information:

AVWIN.DLL : 6.32.00.04 561192 16.08.2005 10:22:36

AVEWIN32.DLL : 6.32.0.6 832000 23.09.2005 12:59:58

AVGNT.EXE : 6.32.00.00 168039 29.07.2005 10:19:28

AVGUARD.EXE : 6.32.00.06 207912 07.09.2005 16:34:50

GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:12

AVGCMSG.DLL : 6.32.00.00 258165 29.07.2005 10:19:30

AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16

AVPACK32.DLL : 6.31.01.07 327720 07.09.2005 09:08:28

AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20

AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22

AVSched32.EXE : 6.32.00.01 110632 21.09.2005 11:14:42

AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:12

AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50

AVRep.DLL : 6.32.00.33 1364008 23.09.2005 13:00:34

INETUPD.EXE : 6.32.00.05 254011 16.08.2005 16:46:10

INETUPD.DLL : 6.32.00.05 143360 16.08.2005 16:46:10

CTL3D32.DLL : 2.31.000 27136 24.04.2003 03:00:00

MFC42.DLL : 6.00.8665.0 995383 24.04.2003 03:00:00

MSVCRT.DLL : 7.0.2600.1106 (xpsp1.020828-1920

MSVCRT.DLL : 7.0.2600.1106 323072 24.04.2003 03:00:00

CTL3DV2.DLL : No information

 

Configuration file:

 

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI

Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG

Start path: C:\Program Files\AVPersonal

Command line:

Start mode: unknown

 

Mode of report file:

[ ] Do not create report

[X] Overwrite report

[ ] Append new report

 

Data in report file:

[X] Infected files

[ ] Infected files with paths

[ ] All scanned files

[ ] Full information

 

Abridge report file:

[ ] Abridge report file

 

Warnings in report:

[X] Access denied/file locked

[X] Wrong file size in directory

[X] Wrong creation time in directory

[ ] COM file is too large

[X] Invalid start address

[X] Invalid EXE header

[X] Possibly damaged

 

Summary report:

[X] Create summary report

Output file: AVWIN.ACT

Maximum number of entries: 100

 

Where to search:

[X] Memory

[X] Boot record of selected drives

[X] Report unknown boot sectors

[X] All files

[ ] Program files

 

Response in case of a detection:

[X] Repair with prompt

[ ] Repair without prompt

[ ] Delete with prompt

[ ] Delete without prompt

[ ] Write in report file only

[X] Acoustic alarm

 

Response in case of destroyed files:

[X] Delete with prompt

[ ] Delete without prompt

[ ] Ignore

 

Response in case of destroyed files:

[X] No change

[ ] Current system time

[ ] Correct date

 

Drag&drop settings:

[X] Scan subdirectories

 

Profile settings:

[X] Scan subdirectories

 

Archive options

[X] Search archive

[X] Archive types to leave out

1000 1001 1002

 

Miscellaneous options:

Temporary path: %TEMP% -> C:\DOCUME~1\mickael\LOCALS~1\Temp

[X] Overwrite infected files

[ ] Detect idle time

[X] Allow interruptions of scan

[X] Load AVWin®/NT Guard on System start

 

General settings:

[X] Save options on exiting AntiVir

Priority: medium

 

Drives:

A: Floppy drive

C: Hard disk

D: CD-ROM

 

Start of scan: mardi 27 septembre 2005 18:16

 

Memory test OK

Master boot record of hard disk HD0 OK

Boot record of drive A:

The record could not be read!

Error code: 0x0015

Boot record of drive C: OK

 

 

C:\

hiberfil.sys

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

pagefile.sys

Access denied! Error during file opening!

This is a Windows swap file. This file is locked by Windows.

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson

user.dmp

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

AlexaRelated.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow13.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow14.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow15.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow16.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow17.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow18.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow19.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow20.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow21.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow22.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow23.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow24.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow25.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow26.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow27.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow28.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow29.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow30.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow31.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow32.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow33.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchAffWinshow9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL13.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL14.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL15.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL16.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL17.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL18.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL19.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL20.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatDLL9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller13.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller14.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchFeatInstaller9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchHomeSearch9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

CoolWWWSearchSearchKlick9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit13.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit14.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit15.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit16.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit17.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit18.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit19.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit20.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit21.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit22.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

DSOExploit9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb13.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb14.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb15.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb16.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWeb9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWebProducts.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWebProducts1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWebProducts2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWebProducts3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWebProducts4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

FunWebProducts5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

GAINDashBar.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

GAINGator.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

GAINGator1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

GAINGator2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

GAINGator3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

GAINGator4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

Investigator.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

MyWebSearch.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

MyWebSearch1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

MyWebSearch2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

MyWebSearch3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

MyWebSearch4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

MyWebSearch5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker1.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker10.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker11.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker12.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker13.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker14.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker15.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker16.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker17.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker18.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker19.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker2.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker20.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker21.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker3.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker4.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker5.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker6.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker7.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker8.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

TrekBlueErrorNuker9.zip

ArchiveType: ZIP

NOTE! The whole archive is password protected

C:\Documents and Settings\LocalService

NTUSER.DAT

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ntuser.dat.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows

UsrClass.dat

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

UsrClass.dat.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\mickael

NTUSER.DAT

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ntuser.dat.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\mickael\Application Data\Microsoft\Office\Récent

????? ?????? UTC.doc.lnk

Access denied! Error during file opening!

Error code: 0x0016

WARNING! Access error/file locked!

C:\Documents and Settings\mickael\Bureau\MICKAËL\TRAVAIL UTC MICKAEL\dossier-fortran\X86\SUPPORT\IE4\WIN95

MSGMS_2.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

MSGMS_3.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

C:\Documents and Settings\mickael\Bureau\MICKAËL\TRAVAIL UTC MICKAEL\dossier-fortran\X86\SUPPORT\IE4\WINNT

MSGMS_2.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

MSGMS_3.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

C:\Documents and Settings\mickael\Bureau\MICKAËL\TRAVAIL UTC MICKAEL\FICHIERS EXECUTABLES

Fortran 77.rar

ArchiveType: RAR

--> Fortran 77\X86\SUPPORT\IE4\WIN95\MSGMS_2.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

--> Fortran 77\X86\SUPPORT\IE4\WIN95\MSGMS_3.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

--> Fortran 77\X86\SUPPORT\IE4\WINNT\MSGMS_2.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

--> Fortran 77\X86\SUPPORT\IE4\WINNT\MSGMS_3.CAB

ArchiveType: CAB (Microsoft)

NOTE! The archive is created by multiple volumes

GID 7.2.rar

ArchiveType: RAR

--> GID 7.2\GiD7.2-win-split.exe

ArchiveType: RAR SFX (self extracting)

NOTE! The archive is created by multiple volumes

C:\Documents and Settings\mickael\Bureau\MICKAËL\TRAVAIL UTC MICKAEL\FICHIERS EXECUTABLES\GID 7.2

GiD7.2-win-split.exe

ArchiveType: RAR SFX (self extracting)

NOTE! The archive is created by multiple volumes

C:\Documents and Settings\mickael\Bureau\MICKAËL\TRAVAIL UTC MICKAEL\Papiers\Etudes réalisées avec REFLUX\Domaine Etang\Modification des niveaux d'eau en raison du vent dans les lacs palavasiens

Modification des niveaux d'eau en araison du vent ds les lacs palvasiens.doc

Access denied! Error during file opening!

Error code: 0x0002

WARNING! Access error/file locked!

C:\Documents and Settings\mickael\Local Settings\Application Data\Microsoft\Windows

UsrClass.dat

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

UsrClass.dat.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\NetworkService

NTUSER.DAT

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ntuser.dat.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows

UsrClass.dat

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

UsrClass.dat.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\Program Files\AVPersonal\INFECTED

A0118544.EXE.VIR

[DETECTION] Is the Trojan horse TR/Dldr.Agen.hl.1.A

WAS DELETED!

ADDEU.EXE.VIR

[DETECTION] Is the Trojan horse TR/Dldr.Agen.hl.1.A

WAS DELETED!

addeu.VIR

[DETECTION] Is the Trojan horse TR/Dldr.Agen.hl.1.A

WAS DELETED!

CRBS32.EXE.VIR

[DETECTION] Is the Trojan horse TR/Dldr.Agen.hl.1.A

WAS DELETED!

NETIG.EXE.VIR

[DETECTION] Is the Trojan horse TR/Agent.BI

WAS DELETED!

SDKCQ.EXE.VIR

[DETECTION] Is the Trojan horse TR/Agent.BI

WAS DELETED!

C:\Program Files\WinRAR

rarnew.dat

ArchiveType: RAR

NOTE! The archive is created by multiple volumes

C:\WINDOWS\$NtUninstallKB824141$

user32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

win32k.sys

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\$NtUninstallKB826939$

accwiz.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

crypt32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

cryptsvc.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

html32.cnv

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

locator.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

magnify.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

migwiz.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mrxsmb.sys

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msconv97.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

narrator.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

newdev.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ntdll.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ntkrnlpa.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ntoskrnl.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

osk.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

pchshell.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

raspptp.sys

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

shell32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

srrstr.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

srv.sys

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

sysmain.sdb

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

user32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

win32k.sys

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

winsrv.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

zipfldr.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\$NtUninstallKB828741$

catsrv.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

catsrvut.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

clbcatex.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

clbcatq.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

colbact.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

comadmin.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

comrepl.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

comsvcs.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

comuid.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

es.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msdtcprx.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msdtctm.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msdtcuiu.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mtxclu.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mtxoci.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ole32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

rpcrt4.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

rpcss.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

txflog.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\$NtUninstallKB835732$

callcont.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

cmdevtgprov.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

gdi32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

h323.tsp

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

h323msp.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

helpctr.exe

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

ipnathlp.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

lsasrv.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mf3216.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msasn1.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msgina.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mst120.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

netapi32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

nmcom.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

rtcdll.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

schannel.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\$NtUninstallKB837001$

dao360.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

expsrv.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msexch40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msexcl40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msjet40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msjetoledb40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msjint40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msjter40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msjtes40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msltus40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mspbde40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msrd2x40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msrd3x40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msrepl40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mstext40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mswdat10.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

mswstr10.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

msxbde40.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

vbajet32.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\$NtUninstallQ828026$

msdxm.ocx

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

wmpcore.dll

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\system32

mtnjp.dll

[DETECTION] Is the Trojan horse TR/StartPa.DU.DLL.1

WAS DELETED!

tqvnv.dll

[DETECTION] Is the Trojan horse TR/StartPa.DU.DLL.1

WAS DELETED!

C:\WINDOWS\system32\config

default

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

default.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

SAM

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

SAM.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

SECURITY

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

SECURITY.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

software

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

software.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

system

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

system.LOG

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\Temp

ZLT03f87.TMP

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

C:\WINDOWS\Temp\hsperfdata_SYSTEM

1948

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

416

Access denied! Error during file opening!

Error code: 0x000D

WARNING! Access error/file locked!

 

 

 

End of scan: jeudi 29 septembre 2005 09:38

Time taken: 2361:31 min

 

 

11186 directories were scanned

526902 files were scanned

113 warning messages were issued

8 files were deleted

0 files were repaired

8 detections

 

------------------------------------------------------------------------------------------

 

AboutBuster 5.0 reference file 28

Scan started on [29/09/2005] at [10:14:10]

------------------------------------------------

Removed Stream! C:\WINDOWS\WORDPAD.INI:nqbajn

Removed Stream! C:\WINDOWS\yoxgz.dat:grugdq

Removed Stream! C:\WINDOWS\_iserr31.ini:vhlgnt

Removed Stream! C:\WINDOWS\_iserr31.ini:vsrbk

------------------------------------------------

Removed File! : C:\Windows\auaip.dat

------------------------------------------------

Scan was COMPLETED SUCCESSFULLY at 10:14:35

Lien vers le commentaire
Partager sur d’autres sites

Norton 2005\Crack\snis2514\Keygen.exe -> TrojanDropper.Delf.fd

C:\RECYCLER\S-1-5-21-2273660475-864594668-2996095181-1007\Dc2.rar/Norton Internet Security 2005 FR + Crack-Par LE GAULOIS\Norton Internet Security 2005 FR + Crack-Par LE GAULOIS\Crack NIS 2005\Crack\snis2514\Keygen.exe -> TrojanDropper.Delf.fd : Erreur durant le nettoyage

 

Je note que tu as de mauvaises habitudes ! Il n'est pas bon d'utiliser des crack pour utiliser les logiciels payant ! :P car ils sont souvent piégés et source d'infection ! Si tu n'as pas les moyen je te conseil d'utiliser des logiciels gratuis notamament pour ton antivirus ... :P

 

Télécharger AboutBuster

Ou la http://www.bleepingcomputer.com/files/spyw...boutBuster5.zip

 

 

Supprimer la restauration système: ( aide visuelle ):

Cliquez sur Démarrer.

Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Cliquez sur l'onglet «Restauration du système».

Sélectionnez «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquez sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquez sur Oui.

Cliquez sur OK, redémarrer votre PC

 

Démarrer le logiciel HijackThis hijackthis_big.gif et lancer un scan "Do a system scan only".

Puis cocher les lignes suivantes (dans HijackThis):

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtnjp.dll/sp.html#93256

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {0B770DD6-AEB5-21ED-6D51-033B76258C77} - C:\WINDOWS\system32\ieso.dll

O2 - BHO: Class - {10ABDCE8-0FE1-1F00-353B-C722D83B9139} - C:\WINDOWS\system32\netjz32.dll

O2 - BHO: Class - {1E94F949-F3F0-5C64-038A-53C68D35F288} - C:\WINDOWS\system32\javaoj.dll

O2 - BHO: Class - {1EABB716-6766-9034-E2FB-D0FA3A1B06E9} - C:\WINDOWS\system32\netyy.dll

O2 - BHO: Class - {1F6BBD3D-4D92-B6C9-0D86-67BC18D25967} - C:\WINDOWS\system32\d3my32.dll

O2 - BHO: Class - {201C2FBF-3759-3A0D-344E-15772DA97FF5} - C:\WINDOWS\javazq.dll

O2 - BHO: Class - {21550CC0-2AA4-18C6-156A-0927D0630C0D} - C:\WINDOWS\system32\ipwo.dll

O2 - BHO: Class - {27E1E8D6-D0CD-4321-1020-995AA1BFB2B5} - C:\WINDOWS\system32\javapc.dll

O2 - BHO: Class - {27E66E0E-10B1-AE94-6FA4-137B013EE875} - C:\WINDOWS\system32\sysvz.dll

O2 - BHO: Class - {2CFEA94E-5A24-A0DD-8BBF-23387F8EEBCF} - C:\WINDOWS\system32\sdkkb32.dll

O2 - BHO: Class - {321EE590-67C6-6B11-CCA5-70323A77E2B6} - C:\WINDOWS\msko.dll

O2 - BHO: Class - {3430DBD7-FB8E-89AC-570B-BFD4FF9822B6} - C:\WINDOWS\system32\sdkyc32.dll

O2 - BHO: Class - {347CF0FD-5E7D-8D1B-57E2-27841B120F68} - C:\WINDOWS\javagq32.dll

O2 - BHO: Class - {35F1EB9B-2875-FC5F-C210-4FA3B45FC995} - C:\WINDOWS\system32\javafp32.dll

O2 - BHO: Class - {3A3AA010-1800-53BA-E16B-DD32344A479E} - C:\WINDOWS\ntqd32.dll

O2 - BHO: Class - {40623E66-6632-B92E-52FA-C47B8259279F} - C:\WINDOWS\system32\atlgx32.dll

O2 - BHO: Class - {46B118F7-A9C3-30B6-F02A-A8C72E1E4FD5} - C:\WINDOWS\system32\javayy32.dll

O2 - BHO: Class - {4C71452A-6C8B-7351-0338-0370964A66D2} - C:\WINDOWS\ievo32.dll

O2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apial.dll

O2 - BHO: Class - {517564DA-70D9-1F28-3710-89856CB474C4} - C:\WINDOWS\system32\netfk.dll

O2 - BHO: Class - {572A44A6-4945-DA71-B13F-066F8EC29E66} - C:\WINDOWS\appex.dll

O2 - BHO: Class - {575C418B-0B32-878B-11D3-E5EA0E460E09} - C:\WINDOWS\system32\ntpv32.dll

O2 - BHO: Class - {5874F8D0-E3AD-83A1-3957-B52E1289B231} - C:\WINDOWS\addmc.dll

O2 - BHO: Class - {61CB9A96-52A6-77AC-2D80-908A69B10150} - C:\WINDOWS\sysqg32.dll

O2 - BHO: Class - {6261A424-B0FC-0029-57C0-677FD04E086B} - C:\WINDOWS\sysej32.dll

O2 - BHO: Class - {655B57FC-F511-E626-4D9C-B315180CF3AA} - C:\WINDOWS\system32\sdkme32.dll

O2 - BHO: Class - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - C:\WINDOWS\atlyt32.dll

O2 - BHO: Class - {6D1994C5-8E89-1F2D-9ABD-D6FD47944E0B} - C:\WINDOWS\system32\iebd.dll

O2 - BHO: Class - {70BA9630-8D19-EFD5-E92D-0662A9598CAE} - C:\WINDOWS\addxs.dll

O2 - BHO: Class - {7585DA5E-00B8-A6A6-588F-E650C178A259} - C:\WINDOWS\syser32.dll

O2 - BHO: Class - {763B83B8-1A6B-61BB-A43E-8A426D1F77FC} - C:\WINDOWS\system32\apizl.dll

O2 - BHO: Class - {795C4F6D-8709-7CDE-2594-4B088D22936D} - C:\WINDOWS\sdkzt32.dll

O2 - BHO: Class - {865E429D-BFA4-C656-5DF9-DD49CC5D9CC7} - C:\WINDOWS\sdklw32.dll

O2 - BHO: Class - {868B9A8E-F8FF-0CE7-B336-2B1AF1713C5F} - C:\WINDOWS\addvi32.dll

O2 - BHO: Class - {8D199EFD-5E92-9066-A959-CAE4A3ADE0B2} - C:\WINDOWS\system32\mszt.dll

O2 - BHO: Class - {92CDA6FC-1C7D-E1DC-676E-761A6ECC0847} - C:\WINDOWS\system32\msbw.dll

O2 - BHO: Class - {93757B32-DCC3-5C75-4010-8C148E619B58} - C:\WINDOWS\system32\sdkvj.dll

O2 - BHO: Class - {9A7207C1-F9CF-2AD4-96C4-3A2EDCF39262} - C:\WINDOWS\nttw32.dll

O2 - BHO: Class - {9A8FA81A-5DB1-391E-A47A-E2064E5B330E} - C:\WINDOWS\d3yn.dll

O2 - BHO: Class - {9D9DFEE4-D4FF-4DF2-9A8B-75B98238D291} - C:\WINDOWS\ntxd32.dll

O2 - BHO: Class - {A4881825-4CC9-B4CE-6290-C430E5E901F8} - C:\WINDOWS\system32\appsk.dll

O2 - BHO: Class - {A5F1C6CB-4A7E-5372-1963-B6EBAEC0BB23} - C:\WINDOWS\system32\msyq32.dll

O2 - BHO: Class - {A992910C-ED06-1A17-A389-6EE7DD6C9071} - C:\WINDOWS\iprs.dll

O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javahn.dll

O2 - BHO: Class - {CEDD5709-5058-410D-7FA2-8B13FFF31739} - C:\WINDOWS\system32\msca.dll

O2 - BHO: Class - {CF5405A2-4593-3340-58C9-D8197B57070C} - C:\WINDOWS\system32\crmd32.dll

O2 - BHO: Class - {D1F0CDB5-E908-7D81-54C6-CCE72BC8C94D} - C:\WINDOWS\addym32.dll

O2 - BHO: Class - {D26313C5-AFE8-33BB-E5DB-1E585F2541C9} - C:\WINDOWS\wincw.dll

O2 - BHO: Class - {EAB92D78-0DD3-8A5E-CA0A-36AA7566EC41} - C:\WINDOWS\system32\appqj32.dll

O2 - BHO: Class - {ECDBD93B-30EF-D196-FC96-85492CDB4F6A} - C:\WINDOWS\javakw32.dll

O2 - BHO: Class - {F292FDF9-73D1-15E7-DA6B-DA2D7932EB4D} - C:\WINDOWS\apidv32.dll

O2 - BHO: Class - {F3485428-77FF-E708-DA20-E086B5881F90} - C:\WINDOWS\msjk.dll

O2 - BHO: Class - {FA6A4655-C13C-BF9A-C97E-513B7A9A010A} - C:\WINDOWS\system32\apijv32.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

O4 - HKLM\..\Run: [atlje.exe] C:\WINDOWS\system32\atlje.exe

 

NB: attention a ne pas cocher cette ligne:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

Fermer toutes les fenêtres Windows, Internet explorer, Outlook,…sauf le logiciel Hijackthis et cliquer sur « Fix checked »

 

Redémarrer en mode sans echec (appuyer sur F8 ou F5 lors du démarrage)

 

Ensuite aller dans l’ Explorateur Windows et afficher tous les fichiers cachés:

Dans une fenêtre de l'explorateur Windows, cliquez sur le menu "Outils" et choisissez "Options des dossiers...".

Affichez l'onglet "Affichage" et sélectionnez l'option "Afficher les fichiers et dossiers cachés"

caches.gif

Cliquer sur « Appliquer ». Fermer la fenêtre d'options en cliquant "OK".

En image ici

 

et supprimer les fichiers ci dessous si ils sont présent :

 

C:\Documents and Settings\mickael\Bureau\MICKAËL\TRAVAIL UTC MICKAEL\perso\MICKAËL\Norton 2005\

C\temp\ <-- supprimer tout le contenu du dossier

C:\windows\temp\ <-- supprimer tout le contenu du dossier

C:\windows\Downloaded Program Files\ <-- supprimer tout le contenu du dossier

C:\Documents and settings\Tous les identifiants\application data\Sun\Java\Deployment\cache\javapi1.0\jar\ <-- supprimer tout le contenu du dossier

C:\Documents and Settings\Tous les identifiants\Local Settings\Temp\ <-- supprimer tout le contenu du dossier

C:\Documents and Settings\ Tous les identifiants\Local Settings\Temporary Internet Files\ <-- supprimer tout le contenu du dossier

Fichier temporaire internet:

Démarrer/panneau de configuration/options internet

--> button supprimer cookies

--> button supprimer fichier temporaire internet

Fichiers temporaries : Démarrer/exécuter " CleanMgr "

Cocher tout sauf :

Compression des fichiers non utilisés

Fichiers catalogue d’indexation du contenu

/ OK / OUI

 

Dans l'Explorateur Windows recacher les fichiers systeme afin de ne pas faire d'erreur a l'avenir:

Retournez à la fenêtre <Paramètres de dossier> et sélectionnez <Ne pas afficher les fichiers cachés ou les fichiers système>.

 

Lancer:

Ewido;

Adaware;

Spybot;

SpSeHjfix: http://gerard.melone.free.fr/IT/IT-HJT2.html#OPnq

AboutBuster

 

Relancer

AboutBuster: Dezip le, Lance le programme et sauvegarder le rapport et tu le postes ici.

 

Remettre la restauration système:

Cliquez sur Démarrer.

Cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés.

Cliquez sur l'onglet «Restauration du système».

Désélectionnez «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs».

Cliquez sur Appliquer puis sur OK. Redémarre.

 

viens remettre un rapport AboutBuster, HJT et Ewido

Modifié par BipBip07
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...