bonjour j'ai un probleme de pub !!
et un petit probleme d'Iexplore.exe ouvert dans les processus lorsque toute mes pages sont fermés
si quelqu'un pouvai m'aider sa serai simpa merci d'avance.
Logfile of HijackThis v1.99.1
Scan saved at 15:22:41, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {dcf10501-ed1e-4fc5-ad89-513864147a39} - C:\WINDOWS\system32\C_2svc.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\mlkijk.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Wallpaper Scout - {E404A0E3-7B06-4697-A990-D3E78E85F1BA} - C:\Program Files\Wallpaper Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: C_2svc - C:\WINDOWS\SYSTEM32\C_2svc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Message édité par Laosthai le 20-02-2007 à 15:27:19
Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe
Tu peux consulter le tutorial de F-Secure BlackLight : (merci à Malekal)
http://www.malekal.com/tutorial_f- [...] Light.html
voici les logs blbeta
02/20/07 16:01:36 [Info]: BlackLight Engine 1.0.55 initialized
02/20/07 16:01:36 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/20/07 16:01:36 [Note]: 7019 4
02/20/07 16:01:36 [Note]: 7005 0
02/20/07 16:01:38 [Note]: 7006 0
02/20/07 16:01:38 [Note]: 7011 1860
02/20/07 16:01:38 [Note]: 7026 0
02/20/07 16:01:38 [Note]: 7026 0
02/20/07 16:01:42 [Note]: FSRAW library version 1.7.1021
02/20/07 16:09:39 [Note]: 7007 0
Bonjour,
Il y a des traces de Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Répondre à Angeldark
merci de vos reponse je vous donne les logs d'ici peu
aparement je ne suis pas infecté par vundo
VundoFix V6.3.8
Checking Java version...
Java version is 1.5.0.5
Java version is 1.5.0.6
Java version is 1.5.0.8
Java version is 1.5.0.9
Scan started at 16:39:28 20/02/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16:43:53, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {dcf10501-ed1e-4fc5-ad89-513864147a39} - C:\WINDOWS\system32\C_2svc.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\mlkijk.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Wallpaper Scout - {E404A0E3-7B06-4697-A990-D3E78E85F1BA} - C:\Program Files\Wallpaper Scout\flashextract.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: C_2svc - C:\WINDOWS\SYSTEM32\C_2svc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
j'avais installer kaspersky entre temps qui m'a trouvé un petit trojan downloader
Re,
| Citation : - Assure toi d'avoir accès aux dossiers/fichiers cachés
|
Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:
C:\WINDOWS\system32\C_2svc.dll
Clique ensuite sur Send
Poste le rapport en fin d'analyse.
Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
Répondre à Angeldark
re désolé j'etais pas la donc je poste l'analyse:
Fortinet 2.85.0.0 02.20.2007 suspicious
Panda 9.0.0.4 02.20.2007 Suspicious file
Sunbelt 2.2.907.0 02.17.2007 VIPRE.Suspicious
VirusBuster 4.3.19:9 02.20.2007 novirus
acked/Upack
AntiVir 7.3.1.37 02.20.2007 no virus found
Authentium 4.93.8 02.19.2007 no virus found
Avast 4.7.936.0 02.20.2007 no virus found
AVG 386 02.20.2007 no virus found
BitDefender 7.2 02.20.2007 no virus found
CAT-QuickHeal 9.00 02.20.2007 no virus found
ClamAV devel-20060426 02.20.2007 no virus found
DrWeb 4.33 02.20.2007 no virus found
eSafe 7.0.14.0 02.20.2007 no virus found
eTrust-Vet 30.4.3414 02.20.2007 no virus found
Ewido 4.0 02.20.2007 no virus found
FileAdvisor 1 02.20.2007 no virus found
F-Prot 4.2.1.29 02.19.2007 no virus found
F-Secure 6.70.13030.0 02.20.2007 no virus found
Ikarus T3.1.0.31 02.20.2007 no virus found
Kaspersky 4.0.2.24 02.20.2007 no virus found
McAfee 4967 02.20.2007 no virus found
Microsoft 1.2204 02.20.2007 no virus found
NOD32v2 2072 02.20.2007 no virus found
Norman 5.80.02 02.20.2007 no virus found
Prevx1 V2 02.20.2007 no virus found
Sophos 4.14.0 02.19.2007 no virus found
Symantec 10 02.20.2007 no virus found
TheHacker 6.1.6.061 02.20.2007 no virus found
UNA 1.83 02.20.2007 no virus found
VBA32 3.11.2 02.20.2007 no virus found
File size: 19417 bytes
MD5: 3ceca04f4543429ead9f3de9d4833e1d
SHA1: 8c3c9e7a4853040984f4321812226fe381045ab6
packers: UPACK
packers: UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Re,
- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
Répondre à Angeldark
C:\WINDOWS\System32\perfh009.dat -->20/02/2007 23:39:20
C:\WINDOWS\System32\perfc009.dat -->20/02/2007 23:39:20
C:\WINDOWS\System32\PerfStringBackup.INI -->20/02/2007 23:39:19
C:\WINDOWS\System32\nvapps.xml -->20/02/2007 23:34:41
C:\WINDOWS\System32\CONFIG.NT -->20/02/2007 15:32:55
C:\WINDOWS\System32\wpa.dbl -->16/02/2007 03:15:42
C:\WINDOWS\System32\TZLog.log -->16/02/2007 03:06:49
C:\WINDOWS\System32\C_2svc.dll -->15/02/2007 14:47:30
C:\WINDOWS\System32\MRT.exe -->07/02/2007 14:01:46
C:\WINDOWS\System32\tzchange.exe -->29/01/2007 09:58:06
C:\WINDOWS\System32\urlmon.dll -->25/01/2007 13:24:58
C:\WINDOWS\System32\hhctrl.ocx -->23/01/2007 20:24:27
C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -->18/01/2007 01:20:16
C:\WINDOWS\System32\aswBoot.exe -->15/01/2007 18:32:07
C:\WINDOWS\System32\wininet.dll -->04/01/2007 15:05:30
C:\WINDOWS\System32\shlwapi.dll -->04/01/2007 15:05:30
C:\WINDOWS\System32\shdocvw.dll -->04/01/2007 15:05:30
C:\WINDOWS\System32\pngfilt.dll -->04/01/2007 15:05:30
C:\WINDOWS\System32\mstime.dll -->04/01/2007 15:05:30
C:\WINDOWS\System32\msrating.dll -->04/01/2007 15:05:29
C:\WINDOWS\System32\mshtmled.dll -->04/01/2007 15:05:29
C:\WINDOWS\System32\jsproxy.dll -->04/01/2007 15:05:29
C:\WINDOWS\System32\inseng.dll -->04/01/2007 15:05:29
C:\WINDOWS\System32\iepeers.dll -->04/01/2007 15:05:28
C:\WINDOWS\System32\extmgr.dll -->04/01/2007 15:05:28
C:\WINDOWS\WindowsUpdate.log -->21/02/2007 00:01:00
C:\WINDOWS\KB923694.log -->21/02/2007 00:00:59
C:\WINDOWS\wmsetup.log -->20/02/2007 23:40:28
C:\WINDOWS\KB911564.log -->20/02/2007 23:40:28
C:\WINDOWS\setupapi.log -->20/02/2007 23:40:24
C:\WINDOWS\win.ini -->20/02/2007 23:36:40
C:\WINDOWS\system.ini -->20/02/2007 23:36:40
C:\WINDOWS\wiaservc.log -->20/02/2007 23:34:57
C:\WINDOWS\wiadebug.log -->20/02/2007 23:34:57
C:\WINDOWS\kjiklm.ini -->20/02/2007 23:34:47
C:\WINDOWS\0.log -->20/02/2007 23:34:34
C:\WINDOWS\bootstat.dat -->20/02/2007 23:34:33
C:\WINDOWS\SchedLgU.Txt -->20/02/2007 23:33:56
C:\WINDOWS\tsoc.log -->20/02/2007 19:43:17
C:\WINDOWS\tabletoc.log -->20/02/2007 19:43:17
C:\WINDOWS\ALCFDRTM.EXE |23/05/2006 15:13:19
C:\WINDOWS\alcrmv.exe |10/05/2006 13:32:23
C:\WINDOWS\alcupd.exe |10/05/2006 13:32:23
C:\WINDOWS\AppRun.exe |13/06/2006 00:18:57
C:\WINDOWS\GPlrLanc.exe |13/05/2006 15:28:10
C:\WINDOWS\IsUn040c.exe |20/02/2007 16:58:35
C:\WINDOWS\IsUninst.exe |10/05/2006 13:28:09
C:\WINDOWS\iun6002.exe |04/10/2006 23:52:38
C:\WINDOWS\LOGI_MWX.EXE |11/05/2006 11:43:07
C:\WINDOWS\Restart.exe |13/06/2006 00:18:57
C:\WINDOWS\SOUNDMAN.EXE |10/05/2006 13:32:23
C:\WINDOWS\twunk_16.exe |23/08/2001 13:00:00
C:\WINDOWS\twunk_32.exe |23/08/2001 13:00:00
C:\WINDOWS\War3Unin.exe |07/09/2006 18:38:47
C:\WINDOWS\mlkijk.dll |15/02/2007 15:14:59
C:\WINDOWS\twain.dll |23/08/2001 13:00:00
C:\WINDOWS\twain_32.dll |04/08/2004 00:56:48
C:\WINDOWS\system32\5289_Devi86.exe |10/05/2006 13:30:30
C:\WINDOWS\system32\ali5minst.exe |10/05/2006 13:28:18
C:\WINDOWS\system32\append.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\aswBoot.exe |14/02/2007 10:03:47
C:\WINDOWS\system32\ChCfg.exe |10/05/2006 13:32:23
C:\WINDOWS\system32\cmdow.exe |26/02/2006 15:47:48
C:\WINDOWS\system32\debug.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\dosx.exe |03/08/2004 22:51:22
C:\WINDOWS\system32\dvdplay.exe |17/08/2001 23:36:42
C:\WINDOWS\system32\edlin.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\exe2bin.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\fastopen.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\hdashcut.exe |13/10/2005 21:35:58
C:\WINDOWS\system32\java.exe |18/01/2007 01:20:17
C:\WINDOWS\system32\javaw.exe |18/01/2007 01:20:17
C:\WINDOWS\system32\javaws.exe |18/01/2007 01:20:17
C:\WINDOWS\system32\keystone.exe |10/03/2006 04:29:00
C:\WINDOWS\system32\mem.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\mscdexnt.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\msnsc.exe |15/01/2006 03:49:08
C:\WINDOWS\system32\nlsfunc.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\nvappbar.exe |10/03/2006 04:29:00
C:\WINDOWS\system32\nvcolor.exe |10/03/2006 04:29:00
C:\WINDOWS\system32\nvdspsch.exe |10/03/2006 04:29:00
C:\WINDOWS\system32\nvsvc32.exe |10/03/2006 04:29:00
C:\WINDOWS\system32\nvudisp.exe |19/05/2006 02:21:37
C:\WINDOWS\system32\NVUNINST.EXE |19/05/2006 02:21:28
C:\WINDOWS\system32\nw16.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\nwiz.exe |10/03/2006 04:29:00
C:\WINDOWS\system32\pxcpya64.exe |27/05/2006 17:54:05
C:\WINDOWS\system32\pxhpinst.exe |27/05/2006 17:54:05
C:\WINDOWS\system32\pxinsa64.exe |27/05/2006 17:54:05
C:\WINDOWS\system32\redir.exe |03/08/2004 22:48:46
C:\WINDOWS\system32\rmlan.exe |10/05/2006 13:33:13
C:\WINDOWS\system32\rmusb20.EXE |10/05/2006 13:33:29
C:\WINDOWS\system32\RTLCPL.EXE |10/05/2006 13:32:23
C:\WINDOWS\system32\setupold.exe |26/02/2006 15:47:58
C:\WINDOWS\system32\setver.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\share.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\uninst.exe |10/05/2006 13:28:17
C:\WINDOWS\system32\UnInstall_KAccess.exe |17/08/2006 16:55:02
C:\WINDOWS\system32\UnLAN.exe |10/05/2006 13:33:13
C:\WINDOWS\system32\Unusb20.exe |10/05/2006 13:33:29
C:\WINDOWS\system32\usrmlnka.exe |17/08/2001 23:37:00
C:\WINDOWS\system32\usrprbda.exe |17/08/2001 23:37:00
C:\WINDOWS\system32\usrshuta.exe |17/08/2001 23:37:00
C:\WINDOWS\system32\vwipxspx.exe |23/08/2001 13:00:00
C:\WINDOWS\system32\a3d.dll |10/05/2006 13:32:23
C:\WINDOWS\system32\ali55prp.dll |09/05/2006 04:31:34
C:\WINDOWS\system32\amstream.dll |04/08/2004 00:56:42
C:\WINDOWS\system32\atmfd.dll |04/08/2004 00:56:00
C:\WINDOWS\system32\atmlib.dll |04/08/2004 00:56:42
C:\WINDOWS\system32\Audio3D.dll |10/05/2006 13:32:23
C:\WINDOWS\system32\clauth1.dll |12/05/2006 01:59:04
C:\WINDOWS\system32\clauth2.dll |12/05/2006 01:59:04
C:\WINDOWS\system32\CmdLineExt.dll |14/08/2006 23:02:12
C:\WINDOWS\system32\CmdLineExt03.dll |18/05/2006 10:35:07
C:\WINDOWS\system32\COMNCTR.DLL |11/05/2006 11:43:08
C:\WINDOWS\system32\compatUI.dll |04/08/2004 00:56:42
C:\WINDOWS\system32\C_2svc.dll |15/02/2007 14:47:30
C:\WINDOWS\system32\devenum.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\dgrpsetu.dll |09/05/2006 04:35:33
C:\WINDOWS\system32\dgsetup.dll |09/05/2006 04:35:33
C:\WINDOWS\system32\divx.dll |07/08/2006 21:34:04
C:\WINDOWS\system32\dpl100.dll |07/08/2006 21:34:04
C:\WINDOWS\system32\dtu100.dll |07/08/2006 21:34:04
C:\WINDOWS\system32\dxmasf.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\encdec.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\EqnClass.Dll |09/05/2006 04:35:33
C:\WINDOWS\system32\ff_vfw.dll |07/08/2006 21:34:03
C:\WINDOWS\system32\hdaprop.dll |13/10/2005 21:35:58
C:\WINDOWS\system32\hdaudres.dll |13/10/2005 21:35:58
C:\WINDOWS\system32\hticons.dll |09/05/2006 16:53:53
C:\WINDOWS\system32\hypertrm.dll |09/05/2006 16:53:31
C:\WINDOWS\system32\iccvid.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\ieencode.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\ir32_32.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\ir41_qc.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\ir41_qcx.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\ir50_32.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\ir50_qc.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\ir50_qcx.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\isrdbg32.dll |09/05/2006 16:55:40
C:\WINDOWS\system32\jgaw400.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\jgdw400.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\jgmd400.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\jgpl400.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\jgsd400.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\jgsh400.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\klogon.dll |01/11/2006 17:42:54
C:\WINDOWS\system32\LCamCpl.dll |10/05/2006 13:21:40
C:\WINDOWS\system32\LCoInst.Dll |11/05/2006 11:43:07
C:\WINDOWS\system32\lfbmp12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\LFCMP12n.DLL |10/05/2006 13:21:39
C:\WINDOWS\system32\lffax12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\lftif12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\LGUICOM.DLL |11/05/2006 11:43:08
C:\WINDOWS\system32\libdivx.dll |07/08/2006 21:34:04
C:\WINDOWS\system32\lmoufrc.dll |11/05/2006 11:43:07
C:\WINDOWS\system32\LMOUSE16.DLL |11/05/2006 11:43:08
C:\WINDOWS\system32\LMOUSE32.DLL |11/05/2006 11:43:08
C:\WINDOWS\system32\LQCUI2.dll |10/05/2006 13:21:38
C:\WINDOWS\system32\lsprst7.dll |12/05/2006 01:59:04
C:\WINDOWS\system32\LTDIS12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\ltefx12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\ltfil12n.DLL |10/05/2006 13:21:39
C:\WINDOWS\system32\ltimg12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\ltkrn12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\Ltwvc12n.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\Lvkrn12n.dll |10/05/2006 13:21:40
C:\WINDOWS\system32\mciqtz32.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\mdwmdmsp.dll |17/08/2001 23:36:20
C:\WINDOWS\system32\msdmo.dll |04/08/2004 00:56:44
C:\WINDOWS\system32\msdxmlc.dll |04/08/2004 00:56:14
C:\WINDOWS\system32\msencode.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\nv4_disp.dll |18/05/2006 14:12:15
C:\WINDOWS\system32\nvapi.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvcod.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvcodins.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvcpl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvhwvid.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nview.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvmccs.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvmccsrs.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvmctray.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvnt4cpl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvoglnt.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsar.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrscs.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsda.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsde.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsel.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrseng.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrses.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsesm.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsfi.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsfr.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrshe.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrshu.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsit.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsja.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsko.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsnl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsno.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrspl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrspt.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsptb.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrsru.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrssk.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrssl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrssv.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrstr.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrszhc.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvrszht.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvshell.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwddi.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwdmcpl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwimg.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsar.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrscs.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsda.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsde.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsel.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrseng.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrses.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsesm.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsfi.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsfr.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrshe.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrshu.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsit.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsja.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsko.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsnl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsno.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrspl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrspt.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsptb.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrsru.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrssk.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrssl.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrssv.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrstr.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrszhc.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\nvwrszht.dll |10/03/2006 04:29:00
C:\WINDOWS\system32\paqsp.dll |17/08/2001 23:36:28
C:\WINDOWS\system32\px.dll |27/05/2006 17:54:05
C:\WINDOWS\system32\pxdrv.dll |27/05/2006 17:54:05
C:\WINDOWS\system32\pxmas.dll |27/05/2006 17:54:05
C:\WINDOWS\system32\pxwave.dll |27/05/2006 17:54:05
C:\WINDOWS\system32\qcap.dll |04/08/2004 00:56:46
C:\WINDOWS\system32\QCUI2.dll |10/05/2006 13:21:39
C:\WINDOWS\system32\qdv.dll |04/08/2004 00:56:46
C:\WINDOWS\system32\qdvd.dll |19/02/2006 01:01:10
C:\WINDOWS\system32\qedit.dll |04/08/2004 00:56:46
C:\WINDOWS\system32\qedwipes.dll |04/08/2004 00:56:26
C:\WINDOWS\system32\qt-dx331.dll |07/08/2006 21:34:04
C:\WINDOWS\system32\quartz.dll |16/01/2006 21:39:34
C:\WINDOWS\system32\Rey_SubClasser.dll |27/09/2006 14:24:19
C:\WINDOWS\system32\RTLCPAPI.dll |10/05/2006 13:32:23
C:\WINDOWS\system32\sbe.dll |04/08/2004 00:56:46
C:\WINDOWS\system32\scriptpw.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\slbcsp.dll |03/08/2004 22:31:44
C:\WINDOWS\system32\slbiop.dll |04/08/2004 00:56:46
C:\WINDOWS\system32\slbrccsp.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\spnike.dll |17/08/2001 23:36:32
C:\WINDOWS\system32\sprio600.dll |17/08/2001 23:36:32
C:\WINDOWS\system32\sprio800.dll |17/08/2001 23:36:32
C:\WINDOWS\system32\spxcoins.dll |09/05/2006 04:35:33
C:\WINDOWS\system32\ssldivx.dll |07/08/2006 21:34:05
C:\WINDOWS\system32\ssprs.dll |12/05/2006 01:59:04
C:\WINDOWS\system32\sysprs7.dll |12/05/2006 01:59:04
C:\WINDOWS\system32\tsd32.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\unrar.dll |12/05/2006 12:46:17
C:\WINDOWS\system32\usrcntra.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrcoina.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrdpa.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrdtea.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrfaxa.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrlbva.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrrtosa.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrsdpia.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrsvpia.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrv42a.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrv80a.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrvoica.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\usrvpa.dll |17/08/2001 23:36:34
C:\WINDOWS\system32\vp6vfw.dll |09/01/2007 23:08:52
C:\WINDOWS\system32\vxblock.dll |27/05/2006 17:54:05
C:\WINDOWS\system32\win87em.dll |23/08/2001 13:00:00
C:\WINDOWS\system32\x264vfw.dll |07/08/2006 21:34:05
C:\WINDOWS\system32\xvidcore.dll |07/08/2006 21:34:05
C:\WINDOWS\system32\xvidvfw.dll |07/08/2006 21:34:05
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\WINDOWS\system32
04/08/2004 00:56 6 144 csrss.exe
1 File(s) 6 144 bytes
0 Dir(s) 27 793 567 744 bytes free
Contenu de Downloaded Program Files
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\WINDOWS\Downloaded Program Files
20/02/2007 15:33 <DIR> .
20/02/2007 15:33 <DIR> ..
09/05/2006 16:56 65 desktop.ini
03/03/2006 04:40 1 271 erma.inf
04/10/2003 20:12 1 706 800 gdiplus.dll
04/10/2003 20:12 283 296 IDrop.ocx
04/10/2003 20:12 114 848 IDropENU.dll
11/05/2004 13:15 118 784 SassCln.dll
11/05/2004 12:52 306 SASSCLN.INF
28/03/2006 02:00 5 019 swflash.inf
04/10/2003 20:12 114 688 vizable.ocx
9 File(s) 2 345 077 bytes
Total Files Listed:
9 File(s) 2 345 077 bytes
2 Dir(s) 27 793 563 648 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
C:\WINDOWS\system32\bak existe Possible infection Trojan.Lowzone.SV
C:\Program Files\Common Files\Ahead\Lib\bak existe Possible infection Trojan.Lowzone.SV
Liste des programmes installes
3ds max 6
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8 - Français
Adobe Shockwave Player
Albatross18 (OGPlanet)
ALi mini IDE driver
America's Army
Angel Of Midgard
Anti-Blaxx 1.18
Archiveur WinRAR
Athlon 64 Processor Driver
AV Voice Changer Software 3.0
AVG Anti-Spyware 7.5
Azureus
Empty Temp Folders 2.8.3
EVEREST Home Edition v2.20
Fake Webcam 1.0
FixMessenger
FlashGet(JetCar)
Friendly PPPoE v3.0.0.26
FrostWire
GUILD WARS
Hamachi 1.0.1.5
HijackThis 1.99.1
HLSW v1.0.0.49
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.74 Full
Karma Online
Kaspersky Anti-Virus 6.0
Kaspersky Anti-Virus 6.0
Kit de connexion ADSL
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 Kit Glamour
Little Fighter 2 1.9c
Logiciel QuickCam de Logitech
Logitech MouseWare 9.80
Maxthon Browser (remove only)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Office Excel Viewer 2003
mIRC
Mozilla Firefox (2.0.0.1)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
NVIDIA Drivers
NVRefreshTool 2.1a
Power IEv3
Quake III Arena
Realtek AC'97 Audio
SafeCast Shared Components
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Silkroad
Software Update for Web Folders
Stellar Phoenix (FAT & NTFS) 2.1
StuffPlug-NG (Messenger Plus! Plugins)
TeamSpeak 2 RC2
TrackMania Nations ESWC 0.1.7.5
ULi LAN Driver
ULi M5289 SATA Driver
ULi USB2.0 Driver
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Ventrilo
VideoLAN VLC media player 0.8.6a
VNC Free Edition 4.1.1
WinAce Archiver
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
World of Warcraft
Wow Cartographe 1.07
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\Program Files
20/02/2007 21:10 <DIR> .
20/02/2007 21:10 <DIR> ..
28/10/2006 03:57 <DIR> Adobe
16/02/2007 17:06 <DIR> Alcohol Soft
20/02/2007 21:45 <DIR> ALi
10/05/2006 13:32 <DIR> AMD
29/10/2006 04:02 <DIR> America's Army Server Manager
15/02/2007 15:09 <DIR> Anti-Blaxx 1.18
09/02/2007 21:16 <DIR> AV VCS 3.0
11/08/2006 05:13 <DIR> Azureus
22/01/2007 00:56 <DIR> backburner 2
20/02/2007 16:53 <DIR> Common Files
09/05/2006 16:54 <DIR> ComPlus Applications
30/10/2006 15:54 <DIR> DAEMON Tools
20/02/2007 16:46 <DIR> Elaborate Bytes
29/09/2006 22:35 <DIR> Empty Temp Folders 2.8.3
07/06/2006 00:48 <DIR> Fake Webcam
20/02/2007 21:44 <DIR> Fichiers communs
26/08/2006 18:04 <DIR> FixMessenger
20/02/2007 16:02 <DIR> FlashGet
13/06/2006 00:18 <DIR> Friendly Technologies
27/05/2006 05:19 <DIR> FrostWire
29/10/2006 03:57 <DIR> GameSpy Arcade
18/05/2006 18:32 <DIR> GeForceTweakUtility
18/02/2007 14:24 <DIR> Grisoft
12/06/2006 23:31 <DIR> Hamachi
18/05/2006 12:55 <DIR> HardwareDetection
19/02/2007 08:48 <DIR> HLSW
20/02/2007 20:19 <DIR> Internet Explorer
18/01/2007 01:20 <DIR> Java
20/02/2007 16:04 <DIR> Kaspersky Lab
13/06/2006 00:18 <DIR> Kit ADSL
07/08/2006 21:34 <DIR> K-Lite Codec Pack
17/08/2006 16:55 <DIR> KSIGN
10/05/2006 12:04 <DIR> Lavalys
26/08/2006 03:35 <DIR> Lavasoft
05/08/2006 02:57 <DIR> LittleFighter2
11/05/2006 11:43 <DIR> Logitech
04/10/2006 19:29 <DIR> Maxthon
20/02/2007 20:31 <DIR> Messenger
20/02/2007 16:36 <DIR> MessengerPlus! 3
20/02/2007 20:22 <DIR> microsoft frontpage
20/02/2007 21:13 <DIR> Microsoft Office
18/02/2007 23:15 <DIR> mIRC
20/02/2007 20:20 <DIR> Movie Maker
20/02/2007 15:59 <DIR> Mozilla Firefox
04/10/2006 22:29 <DIR> Mplayer
20/02/2007 20:18 <DIR> MSN
20/02/2007 20:18 <DIR> MSN Gaming Zone
29/09/2006 18:02 <DIR> MSN Messenger
16/02/2007 03:01 <DIR> MSXML 4.0
17/05/2006 01:34 <DIR> Nero
20/02/2007 20:19 <DIR> NetMeeting
19/05/2006 02:06 <DIR> NVRefreshTool
09/05/2006 16:54 <DIR> Online Services
21/02/2007 00:00 <DIR> Outlook Express
14/02/2007 10:46 <DIR> Player Metaboli
29/08/2006 09:35 <DIR> Power IE
03/02/2007 13:37 <DIR> Project64 1.6
04/07/2006 21:40 <DIR> RealVNC
06/10/2006 09:47 <DIR> Replay Radio 5
20/02/2007 20:18 <DIR> Services en ligne
20/02/2007 16:53 <DIR> Skype
17/05/2006 12:24 <DIR> SlySoft
12/05/2006 02:01 <DIR> Stellar Phoenix FAT & NTFS
12/05/2006 02:15 <DIR> Teamspeak2_RC2
22/12/2006 21:17 <DIR> TrackMania Nations ESWC
20/02/2007 21:45 <DIR> ULI5289
14/11/2006 00:43 <DIR> Ventrilo
11/01/2007 03:37 <DIR> VideoLAN
20/02/2007 16:47 <DIR> Wallpaper Scout
14/02/2007 12:05 <DIR> WinAce
27/05/2006 18:01 <DIR> Winamp
27/08/2006 08:48 <DIR> Windows Media Connect 2
20/02/2007 23:40 <DIR> Windows Media Player
20/02/2007 20:18 <DIR> Windows NT
14/02/2007 11:03 <DIR> WinRAR
18/11/2006 09:59 <DIR> WowCartographe
20/02/2007 20:22 <DIR> xerox
28/10/2006 03:48 <DIR> Yahoo!
0 File(s) 0 bytes
80 Dir(s) 27 790 815 232 bytes free
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\Program Files\fichiers communs
20/02/2007 21:44 <DIR> .
20/02/2007 21:44 <DIR> ..
20/02/2007 21:13 <DIR> Designer
20/02/2007 21:46 <DIR> InstallShield
20/02/2007 21:14 <DIR> Microsoft Shared
20/02/2007 20:19 <DIR> MSSoap
20/02/2007 20:10 <DIR> ODBC
20/02/2007 20:19 <DIR> Services
20/02/2007 20:10 <DIR> SpeechEngines
20/02/2007 21:13 <DIR> System
0 File(s) 0 bytes
10 Dir(s) 27 790 815 232 bytes free
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
20/02/2007 21:14 <DIR> .
20/02/2007 21:14 <DIR> ..
20/02/2007 21:13 <DIR> 1033
20/02/2007 21:13 <DIR> 1036
15/02/2001 05:45 1 318 912 MSONSEXT.DLL
13/02/2001 08:23 58 784 MSOSV.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
06/08/2000 09:04 401 462 MSVCP60.DLL
22/01/2001 03:25 69 632 PKMAXCTL.DLL
22/01/2001 03:25 872 448 PKMCDO.DLL
22/01/2001 03:25 159 744 PKMCORE.DLL
07/02/2001 09:59 106 496 PKMFORMS.DLL
12/02/2001 04:03 684 032 PKMRES.DLL
22/01/2001 03:25 28 672 PKMSSTLB.DLL
22/01/2001 03:25 40 960 PKMTEMPL.DLL
22/01/2001 03:25 24 576 PKMTRACE.DLL
22/01/2001 03:25 86 016 PKMWS.DLL
22/01/2001 03:25 237 568 PROMDEMO.DLL
22/01/2001 03:25 184 320 SECMGR.DLL
22/01/2001 03:25 323 584 VAIDDMGR.DLL
22/01/2001 03:25 32 768 VAIMEM.DLL
18 File(s) 4 879 944 bytes
4 Dir(s) 27 790 815 232 bytes free
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\Program Files\common files
20/02/2007 16:53 <DIR> .
20/02/2007 16:53 <DIR> ..
28/10/2006 03:57 <DIR> Adobe
20/02/2007 16:55 <DIR> Ahead
22/01/2007 00:56 <DIR> Autodesk Shared
06/11/2006 10:51 <DIR> Blizzard Entertainment
13/06/2006 00:18 <DIR> FTL Shared
29/10/2006 03:53 <DIR> InstallShield
27/05/2006 05:19 <DIR> Java
20/02/2007 16:59 <DIR> Logitech
22/01/2007 00:56 <DIR> Macrovision Shared
27/09/2006 14:40 <DIR> Microsoft Shared
09/05/2006 16:55 <DIR> MSSoap
09/05/2006 04:35 <DIR> ODBC
27/08/2006 08:50 <DIR> Services
09/05/2006 04:35 <DIR> SpeechEngines
22/10/2006 13:18 <DIR> Synacast
16/02/2007 03:01 <DIR> System
20/02/2007 16:46 <DIR> Wise Installation Wizard
0 File(s) 0 bytes
19 Dir(s) 27 790 815 232 bytes free
Volume in drive C is programe
Volume Serial Number is B87B-35DA
Directory of C:\
11/11/2001 00:00 68 096 diff.exe
27/08/2006 14:10 103 424 grep.exe
29/09/2006 22:13 218 112 HijackThis.exe
3 File(s) 389 632 bytes
0 Dir(s) 27 790 815 232 bytes free
c:\Documents and Settings\All Users\Application Data\Exetender\Setup.exe
c:\Documents and Settings\inthra\~tmp0374.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\ARPPRODUCTICON.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut1_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut12_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut13_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut15_6778954C13C24333AF77F5C885EB280F_1.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut8_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut9_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_3d366f1d.exe
c:\Documents and Settings\inthra\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_4bde371b.exe
c:\Documents and Settings\inthra\Desktop\blbeta.exe
c:\Documents and Settings\inthra\Desktop\fff-ea87.exe
c:\Documents and Settings\inthra\Desktop\Firefox Setup 2.0.exe
c:\Documents and Settings\inthra\Desktop\guide.exe
c:\Documents and Settings\inthra\Desktop\lf2_v19.exe
c:\Documents and Settings\inthra\Desktop\project64_1.6_windows.exe
c:\Documents and Settings\inthra\Desktop\VundoFix.exe
c:\Documents and Settings\inthra\Desktop\aequitas_0_9b\aequitas.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\diff.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\Fport.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\grep.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\LFiles.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\pslist.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\streams.exe
c:\Documents and Settings\inthra\Desktop\DiagHelp\swreg.exe
c:\Documents and Settings\inthra\Desktop\guide_v19\guide.exe
c:\Documents and Settings\inthra\Desktop\Mame32k_0[1][1].67\mame32k.exe
c:\Documents and Settings\inthra\Desktop\Mame32k_0[1][1].67\uninst.exe
c:\Documents and Settings\inthra\Desktop\mame32k_emuline_pack1\mame32k.exe
c:\Documents and Settings\inthra\Desktop\sd4_hide\sd4hide.exe
c:\Documents and Settings\inthra\Desktop\setup_neufbox\preinstall_checker.exe
c:\Documents and Settings\inthra\Desktop\setup_neufbox\setup.exe
c:\Documents and Settings\inthra\Desktop\setup_neufbox\setup_eth.exe
c:\Documents and Settings\inthra\Desktop\setup_neufbox\Tools\offline\NetAgent_USB_PPPoE.exe
c:\Documents and Settings\inthra\Desktop\setup_neufbox\Tools\offline\PostInstall_Checker.exe
c:\Documents and Settings\inthra\Desktop\snes9k009z\Snes9K.exe
c:\Documents and Settings\inthra\Desktop\snes9k_0.09\snes9k.exe
c:\Documents and Settings\inthra\Desktop\WinHIIP_V1.7.6\WinHIIP.exe
c:\Documents and Settings\inthra\Desktop\zsnes_1.42_windows\zsnesw.exe
c:\Documents and Settings\inthra\Local Settings\Temp\11484.exe
c:\Documents and Settings\inthra\Local Settings\Temp\AutoRun.exe
c:\Documents and Settings\inthra\Local Settings\Temp\eauninstall.exe
c:\Documents and Settings\inthra\Local Settings\Temp\First15.exe
c:\Documents and Settings\inthra\Local Settings\Temp\hamachi-1.0.1.3.exe
c:\Documents and Settings\inthra\Local Settings\Temp\hamachi-update-1.0.1.5.exe
c:\Documents and Settings\inthra\Local Settings\Temp\irsetup.exe
c:\Documents and Settings\inthra\Local Settings\Temp\The Sims 2 Family Fun Stuff_uninst.exe
c:\Documents and Settings\inthra\Local Settings\Temp\tmp138.tmp.exe
c:\Documents and Settings\inthra\Local Settings\Temp\tmp13A.tmp.exe
c:\Documents and Settings\inthra\Local Settings\Temp\tmp13B.tmp.exe
c:\Documents and Settings\inthra\Local Settings\Temp\VP6Install.exe
c:\Documents and Settings\inthra\Local Settings\Temp\war3_Install.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\Setup.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\CheckDev.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\detectID.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\INSTALL.EXE
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\rmlan.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\UnLAN.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\remove64\install.exe
c:\Documents and Settings\inthra\Local Settings\Temp\pft4.tmp\UTILITY\remove64\rmlan.exe
c:\Documents and Settings\inthra\Local Settings\Temporary Internet Files\Content.IE5\H48NTDC1\kav6.0.1.411fr[1].exe
c:\Documents and Settings\inthra\My Documents\Vcs_3.0.74.Final.Full.exe
c:\Documents and Settings\inthra\My Documents\x-spec.exe
c:\Documents and Settings\inthra\My Documents\driver and bios\bios939A8X-M(2.10)\ASRFLASH.EXE
c:\Documents and Settings\inthra\My Documents\driver and bios\nt4\immc.exe
c:\Documents and Settings\inthra\My Documents\driver and bios\nt4\mssce.exe
c:\Documents and Settings\inthra\My Documents\driver and bios\nt4\regsvr32.exe
c:\Documents and Settings\inthra\My Documents\driver and bios\nt4\scesp4i.exe
c:\Documents and Settings\inthra\My Documents\wow\Installer.exe
c:\Documents and Settings\inthra\My Documents\wow\world_of_warcraft_mise_a_jour_depuis_v1.9.4_francais_19469.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\inthra\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\inthra.INTHROU-CWP7KI7\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
Liste des drivers...
< Service Pack 2 2 21 2007 00:45:39.500
< Loaded driver sptd.sys
< Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
< Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
< Loaded driver aliide.sys
< Loaded driver m5289.sys
< Loaded driver aliidex.sys
< Loaded driver PxHelp20.sys
< Loaded driver sfvfs02.sys
< Loaded driver sfhlp02.sys
< Loaded driver sfdrv01.sys
< Loaded driver aliperf.sys
< Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
< Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
< Loaded driver \SystemRoot\system32\DRIVERS\irsir.sys
< Loaded driver \SystemRoot\system32\DRIVERS\irenum.sys
< Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
< Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
< Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys
< Loaded driver \SystemRoot\system32\drivers\msmpu401.sys
< Loaded driver \SystemRoot\system32\DRIVERS\L8042pr2.Sys
< Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
< Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS
< Loaded driver \SystemRoot\system32\drivers\ALCXSENS.SYS
< Loaded driver \SystemRoot\system32\DRIVERS\ULILAN.SYS
< Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
< Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
< Loaded driver \SystemRoot\System32\Drivers\ALIEHCI.sys
< Loaded driver \SystemRoot\System32\Drivers\a4ereztx.SYS
< Loaded driver \SystemRoot\System32\Drivers\dtscsi.sys
< Loaded driver \SystemRoot\system32\DRIVERS\AmdK8.sys
< Loaded driver \SystemRoot\system32\DRIVERS\rasirda.sys
< Loaded driver \SystemRoot\system32\DRIVERS\PPPoEWin.SYS
< Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
< Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
< Loaded driver \SystemRoot\system32\DRIVERS\AliRtHub.sys
< Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys
< Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
< Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
< Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
< Loaded driver \SystemRoot\system32\DRIVERS\irda.sys
< Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
< Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
< Loaded driver \SystemRoot\system32\drivers\splitter.sys
< Loaded driver \SystemRoot\system32\drivers\aec.sys
< Loaded driver \SystemRoot\system32\drivers\swmidi.sys
< Loaded driver \SystemRoot\system32\drivers\DMusic.sys
< Loaded driver \SystemRoot\system32\drivers\kmixer.sys
< Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Re,
J'ai toujours un doute sur le fichier...
| Citation : - Assure toi d'avoir accès aux dossiers/fichiers cachés
|
Renomme le fichier en :
C:\WINDOWS\system32\C_2svc.vir
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {dcf10501-ed1e-4fc5-ad89-513864147a39} - C:\WINDOWS\system32\C_2svc.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\mlkijk.dll",setvm
O20 - AppInit_DLLs:
O20 - Winlogon Notify: C_2svc - C:\WINDOWS\SYSTEM32\C_2svc.dll
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Double-clique sur OTMoveIt.exe afin de le lancer.
Sélectionne l'emplacement suivant :
C:\WINDOWS\mlkijk.dll
---> Clique-droit puis Copier
Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur MoveIt!
!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
Télécharge FindAWF.exe (par Noahdfear) sur ton Bureau.
- Double-clique FindAWF.exe
- Un fichier texte sera produit et s'affichera à l'écran (awf.txt)
- Copie/colle le contenu du fichier dans ta prochaine réponse.
Répondre à Angeldark
jdois avoir un probleme puisque je ne peut pas renomer c_2svc.dll ensuite sous hijackthis je ne peu pas fix non plus les ligne contenant c_2svc.dll
Message édité par Laosthai le 21-02-2007 à 14:45:00
je poste quand meme le rapport de findawf :
Find AWF report by noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 "C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libcaca_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll"
21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MESSEN~1\BAK
14/10/2004 00:21 1ÿ694ÿ208 msmsgs.exe
1 File(s) 1ÿ694ÿ208 bytes
Directory of C:\PROGRA~1\MESSEN~2\BAK
29/09/2006 18:09 190ÿ024 MsgPlus.exe
1 File(s) 190ÿ024 bytes
Directory of C:\PROGRA~1\ULI5289\BAK
11/03/2005 03:56 405ÿ504 ALi5289.exe
1 File(s) 405ÿ504 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
20/07/2005 06:32 221ÿ184 LVCOMSX.EXE
1 File(s) 221ÿ184 bytes
Directory of C:\PROGRA~1\FRIEND~1\BROADB~1\BAK
06/05/2003 08:28 72ÿ192 fts.exe
1 File(s) 72ÿ192 bytes
Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK
09/06/2005 04:24 458ÿ752 ISStart.exe
09/06/2005 04:14 217ÿ088 LogiTray.exe
09/06/2005 03:44 196ÿ608 ManifestEngine.exe
3 File(s) 872ÿ448 bytes
Directory of C:\PROGRA~1\SKYPE\PHONE\BAK
29/01/2007 15:36 25ÿ370ÿ152 Skype.exe
1 File(s) 25ÿ370ÿ152 bytes
Directory of C:\PROGRA~1\SLYSOFT\ANYDVD\BAK
17/05/2006 12:25 463ÿ360 AnyDVD.exe
1 File(s) 463ÿ360 bytes
Directory of C:\PROGRA~1\SLYSOFT\CLONECD\BAK
19/05/2005 14:47 57ÿ344 CloneCDTray.exe
1 File(s) 57ÿ344 bytes
Directory of C:\WINDOWS\IME\IMJP8_1\BAK
23/11/2005 17:33 208ÿ952 IMJPMIG.EXE
1 File(s) 208ÿ952 bytes
Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK
13/01/2006 04:40 155ÿ648 NeroCheck.exe
02/03/2006 08:43 90ÿ112 NMBgMonitor.exe
2 File(s) 245ÿ760 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
09/11/2006 15:07 49ÿ263 jusched.exe
1 File(s) 49ÿ263 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK
03/08/2004 22:31 59ÿ392 ImScInst.exe
1 File(s) 59ÿ392 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
03/08/2004 22:32 455ÿ168 TINTSETP.EXE
1 File(s) 455ÿ168 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
1077277 2 Aug 2001 "C:\Program Files\Messenger\msmsgs.exe"
1694208 14 Oct 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
190024 29 Sep 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
405504 16 Sep 2004 "C:\Program Files\ULI5289\ALi5289.exe"
405504 11 Mar 2005 "C:\Program Files\ULI5289\bak\ALi5289.exe"
221184 20 Jul 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
72192 6 May 2003 "C:\Program Files\Friendly Technologies\BroadbandAccess\bak\fts.exe"
458752 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
25370152 29 Jan 2007 "C:\Program Files\Skype\Phone\bak\Skype.exe"
463360 17 May 2006 "C:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe"
57344 19 May 2005 "C:\Program Files\SlySoft\CloneCD\bak\CloneCDTray.exe"
208952 23 Nov 2005 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
155648 13 Jan 2006 "C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
90112 2 Mar 2006 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
36975 26 Aug 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 26 Jul 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 12 Oct 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
59392 3 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 3 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
end of report
Re,
Le rapport OTMoveIt ?
On s'occupe d'abord de LowZones.
Démarrer/Exécuter/notepad
Copie les lignes du cadre ci-dessous pour les coller dans le Bloc-Notes.
!! Ne copie pas la ligne "Citation :"
| Citation : @echo off
|
Fichier/Enregistrer sous...
Nomme ce fichier "Fix.bat" !! avec les guillemets
Clique ensuite sur Enregistrer.
Redémarre en mode sans échec
Lance le fichier Fix.bat.
Cela ne devrait durer que quelques secondes...
Redémarre normalement.
- FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger DelDomains
- Ferme toutes les fenêtres puis déconnecte toi
- Clique Droit sur DelDomains puis choisis Installer
- FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger ResetProtocolDefaults.reg
- Double-clique sur ResetProtocolDefaults.reg puis accepte la ou les questions.
Refais un scan FindAWF.
Message édité par Angeldark le 21-02-2007 à 15:36:10
Répondre à Angeldark
DllUnregisterServer procedure not found in C:\WINDOWS\mlkijk.dll
C:\WINDOWS\mlkijk.dll NOT unregistered.
C:\WINDOWS\mlkijk.dll moved successfully.
Created on 02/21/2007 14:44:35
le reste je le fais de suite
Find AWF report by noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 "C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libcaca_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll"
21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MESSEN~1\BAK
14/10/2004 00:21 1ÿ694ÿ208 msmsgs.exe
1 File(s) 1ÿ694ÿ208 bytes
Directory of C:\PROGRA~1\MESSEN~2\BAK
29/09/2006 18:09 190ÿ024 MsgPlus.exe
1 File(s) 190ÿ024 bytes
Directory of C:\PROGRA~1\ULI5289\BAK
11/03/2005 03:56 405ÿ504 ALi5289.exe
1 File(s) 405ÿ504 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
20/07/2005 06:32 221ÿ184 LVCOMSX.EXE
1 File(s) 221ÿ184 bytes
Directory of C:\PROGRA~1\FRIEND~1\BROADB~1\BAK
06/05/2003 08:28 72ÿ192 fts.exe
1 File(s) 72ÿ192 bytes
Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK
09/06/2005 04:24 458ÿ752 ISStart.exe
09/06/2005 04:14 217ÿ088 LogiTray.exe
09/06/2005 03:44 196ÿ608 ManifestEngine.exe
3 File(s) 872ÿ448 bytes
Directory of C:\PROGRA~1\SKYPE\PHONE\BAK
29/01/2007 15:36 25ÿ370ÿ152 Skype.exe
1 File(s) 25ÿ370ÿ152 bytes
Directory of C:\PROGRA~1\SLYSOFT\ANYDVD\BAK
17/05/2006 12:25 463ÿ360 AnyDVD.exe
1 File(s) 463ÿ360 bytes
Directory of C:\PROGRA~1\SLYSOFT\CLONECD\BAK
19/05/2005 14:47 57ÿ344 CloneCDTray.exe
1 File(s) 57ÿ344 bytes
Directory of C:\WINDOWS\IME\IMJP8_1\BAK
23/11/2005 17:33 208ÿ952 IMJPMIG.EXE
1 File(s) 208ÿ952 bytes
Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK
13/01/2006 04:40 155ÿ648 NeroCheck.exe
02/03/2006 08:43 90ÿ112 NMBgMonitor.exe
2 File(s) 245ÿ760 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
09/11/2006 15:07 49ÿ263 jusched.exe
1 File(s) 49ÿ263 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK
03/08/2004 22:31 59ÿ392 ImScInst.exe
1 File(s) 59ÿ392 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
03/08/2004 22:32 455ÿ168 TINTSETP.EXE
1 File(s) 455ÿ168 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
1077277 2 Aug 2001 "C:\Program Files\Messenger\msmsgs.exe"
1694208 14 Oct 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
190024 29 Sep 2006 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
190024 29 Sep 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
405504 11 Mar 2005 "C:\Program Files\ULI5289\ALi5289.exe"
405504 11 Mar 2005 "C:\Program Files\ULI5289\bak\ALi5289.exe"
221184 20 Jul 2005 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 20 Jul 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
72192 6 May 2003 "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
72192 6 May 2003 "C:\Program Files\Friendly Technologies\BroadbandAccess\bak\fts.exe"
458752 9 Jun 2005 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 9 Jun 2005 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 9 Jun 2005 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
25370152 29 Jan 2007 "C:\Program Files\Skype\Phone\Skype.exe"
25370152 29 Jan 2007 "C:\Program Files\Skype\Phone\bak\Skype.exe"
463360 17 May 2006 "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
463360 17 May 2006 "C:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe"
57344 19 May 2005 "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe"
57344 19 May 2005 "C:\Program Files\SlySoft\CloneCD\bak\CloneCDTray.exe"
208952 23 Nov 2005 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
208952 23 Nov 2005 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
155648 13 Jan 2006 "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
155648 13 Jan 2006 "C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
90112 2 Mar 2006 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
90112 2 Mar 2006 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
36975 26 Aug 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 26 Jul 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 12 Oct 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
59392 3 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe"
59392 3 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 3 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 3 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
end of report
C'est bien un nouveau rapport FindAWF ?
Répondre à Angeldark
oui c'est un nouveau raport ca m'a aussi paru bizard je l'ai refait 2fois
Message édité par Laosthai le 21-02-2007 à 19:48:41
Tu peux repasser fix.bat (il faut les guillemets quand tu enregistres !)
Veille lors de sa création :
- a ne pas avoir Citation :
- ne pas avoir de ligne vide avant @ echo off
Répondre à Angeldark
je l'ai refait mais ca revien toujours a la meme chose pt etre parce que j'ai justement desinstalé tout ces logiciel ou presque
Refais un scan FindAWF & Hijackthis stp.
On va faire ça manuellement alors.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 19:50:15, on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
F:\jeux\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\mIRC\mirc.exe
f:\jeux\steam\steamapps\inthra\counter-strike\hl.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {dcf10501-ed1e-4fc5-ad89-513864147a39} - C:\WINDOWS\system32\C_2svc.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: C_2svc - C:\WINDOWS\SYSTEM32\C_2svc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
-----------------------------------------------------------------
Find AWF report by noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 "C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libcaca_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll"
21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MESSEN~1\BAK
14/10/2004 00:21 1ÿ694ÿ208 msmsgs.exe
1 File(s) 1ÿ694ÿ208 bytes
Directory of C:\PROGRA~1\MESSEN~2\BAK
29/09/2006 18:09 190ÿ024 MsgPlus.exe
1 File(s) 190ÿ024 bytes
Directory of C:\PROGRA~1\ULI5289\BAK
11/03/2005 03:56 405ÿ504 ALi5289.exe
1 File(s) 405ÿ504 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
20/07/2005 06:32 221ÿ184 LVCOMSX.EXE
1 File(s) 221ÿ184 bytes
Directory of C:\PROGRA~1\FRIEND~1\BROADB~1\BAK
06/05/2003 08:28 72ÿ192 fts.exe
1 File(s) 72ÿ192 bytes
Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK
09/06/2005 04:24 458ÿ752 ISStart.exe
09/06/2005 04:14 217ÿ088 LogiTray.exe
09/06/2005 03:44 196ÿ608 ManifestEngine.exe
3 File(s) 872ÿ448 bytes
Directory of C:\PROGRA~1\SKYPE\PHONE\BAK
29/01/2007 15:36 25ÿ370ÿ152 Skype.exe
1 File(s) 25ÿ370ÿ152 bytes
Directory of C:\PROGRA~1\SLYSOFT\ANYDVD\BAK
17/05/2006 12:25 463ÿ360 AnyDVD.exe
1 File(s) 463ÿ360 bytes
Directory of C:\PROGRA~1\SLYSOFT\CLONECD\BAK
19/05/2005 14:47 57ÿ344 CloneCDTray.exe
1 File(s) 57ÿ344 bytes
Directory of C:\WINDOWS\IME\IMJP8_1\BAK
23/11/2005 17:33 208ÿ952 IMJPMIG.EXE
1 File(s) 208ÿ952 bytes
Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK
13/01/2006 04:40 155ÿ648 NeroCheck.exe
02/03/2006 08:43 90ÿ112 NMBgMonitor.exe
2 File(s) 245ÿ760 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
09/11/2006 15:07 49ÿ263 jusched.exe
1 File(s) 49ÿ263 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK
03/08/2004 22:31 59ÿ392 ImScInst.exe
1 File(s) 59ÿ392 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
03/08/2004 22:32 455ÿ168 TINTSETP.EXE
1 File(s) 455ÿ168 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
1077277 2 Aug 2001 "C:\Program Files\Messenger\msmsgs.exe"
1694208 14 Oct 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
190024 29 Sep 2006 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
190024 29 Sep 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
405504 11 Mar 2005 "C:\Program Files\ULI5289\ALi5289.exe"
405504 11 Mar 2005 "C:\Program Files\ULI5289\bak\ALi5289.exe"
221184 20 Jul 2005 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 20 Jul 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
72192 6 May 2003 "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
72192 6 May 2003 "C:\Program Files\Friendly Technologies\BroadbandAccess\bak\fts.exe"
458752 9 Jun 2005 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 9 Jun 2005 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 9 Jun 2005 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 9 Jun 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
25370152 29 Jan 2007 "C:\Program Files\Skype\Phone\Skype.exe"
25370152 29 Jan 2007 "C:\Program Files\Skype\Phone\bak\Skype.exe"
463360 17 May 2006 "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
463360 17 May 2006 "C:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe"
57344 19 May 2005 "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe"
57344 19 May 2005 "C:\Program Files\SlySoft\CloneCD\bak\CloneCDTray.exe"
208952 23 Nov 2005 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
208952 23 Nov 2005 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
155648 13 Jan 2006 "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
155648 13 Jan 2006 "C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
90112 2 Mar 2006 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
90112 2 Mar 2006 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
36975 26 Aug 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 26 Jul 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 12 Oct 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
59392 3 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe"
59392 3 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 3 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 3 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
end of report
Re,
Ex à faire pour les autres
C:\Program Files\Messenger\bak\msmsgs.exe<- copie ce fichier
C:\Program Files\Messenger\<- colle-le ici
**********
C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe
C:\Program Files\MessengerPlus! 3\
C:\Program Files\ULI5289\bak\ALi5289.exe
C:\Program Files\ULI5289\
C:\WINDOWS\system32\bak\LVCOMSX.EXE
C:\WINDOWS\system32\
C:\Program Files\Friendly Technologies\BroadbandAccess\bak\fts.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\
C:\Program Files\Logitech\Video\bak\LogiTray.exe et ManifestEngine.exe et ISStart.exe
C:\Program Files\Logitech\Video\
C:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe et \CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\
C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
C:\WINDOWS\ime\IMJP8_1\
C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe et NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\
C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe
C:\Program Files\Java\jre1.5.0_10\bin\
C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe et TINTSETP.EXE
C:\WINDOWS\system32\IME\PINTLGNT\
Répondre à Angeldark
les fichier i sont deja j'ai quand meme fais la manip et d'autre que je ne peut pas parce qu'il son en cours d'utilisation ensuite j'ai refait un coup de findawf et c'est toujours le meme log
Les fichiers y sont déjà mais ce ne sont pas les mêmes (compare leur taille).
Il faut accepter leur remplacement.
Répondre à Angeldark
oui j'ai remarqué pour certain pour la taille mais d'autre sont les memes et meme en les remplacent j'obtien toujours le meme rapport sur findawf
Maintenant supprime ces dossiers bak :
C:\Program Files\Messenger\bak\
C:\Program Files\MessengerPlus! 3\bak\
C:\Program Files\ULI5289\bak\
C:\WINDOWS\system32\bak\
C:\Program Files\Friendly Technologies\BroadbandAccess\bak\
C:\Program Files\Logitech\Video\bak\
C:\Program Files\SlySoft\AnyDVD\bak\
C:\WINDOWS\ime\IMJP8_1\bak\
C:\Program Files\Common Files\Ahead\Lib\bak\
C:\Program Files\Java\jre1.5.0_10\bin\bak\
C:\WINDOWS\system32\IME\PINTLGNT\bak\
Répondre à Angeldark
c'est fait ^^
Refis un scan FindWF.
Message édité par Angeldark le 23-02-2007 à 14:59:37
Répondre à Angeldark
Find AWF report by noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 "C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libcaca_plugin.dll"
21504 "C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll"
21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
09/11/2006 15:07 49ÿ263 jusched.exe
1 File(s) 49ÿ263 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
36975 26 Aug 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 26 Jul 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 12 Oct 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 9 Nov 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
end of report
C'est ok 
Reposte un rapport Hijackthis.
Répondre à Angeldark
hop
Logfile of HijackThis v1.99.1
Scan saved at 01:00:54, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Slysoft all in one march 2006\sl9306.exe
C:\DOCUME~1\inthra\LOCALS~1\Temp\ir_ext_temp_1\autorun.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {dcf10501-ed1e-4fc5-ad89-513864147a39} - C:\WINDOWS\system32\C_2svc.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: C_2svc - C:\WINDOWS\SYSTEM32\C_2svc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Tu as toujours des problèmes ?
Répondre à Angeldark
j'ai toujours les pub qui s'affiche aleatoirement quand j'ai une page IE ouverte sans que ce soit un popup
j'ai remarqué quand ouvrant une page IE j'avais un second processus iexplore.exe qui souvrai un peu apres et tant qu'il etait active j'avais des pub en continue d'une intervalle assez reguliere et bien ce probleme est toujours d'actualité il faut a chaque fois que je ferme ce processus en trop. en tout cas merci de ton aide 
| Citation : j'ai remarqué quand ouvrant une page IE j'avais un second processus iexplore.exe qui souvrai un peu apres et tant |
Normal.
Télécharge:
Ccleaner
Installe le dans un répertoire dédié.
Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
AIDE : Tuto sur Ccleaner
-- Lance Ccleaner :
- Clique sur le bouton "Analyse"
- Clique maintenant sur le bouton "Lancer le Néttoyage".
- Clique sur l'onglet "Erreurs"
- Clique successivement sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées".
Répondre à Angeldark
Il y a 224 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
