lag énorme
Dernière réponse : dans Sécurité
bonjour a tous
depuis mon dernié téléchargement , mon ordinateur lag énorme , je passe de 0.5sec a ouvrire page web a 5 6 mn facile
je voudrais savoir comment faire , je ne peut presque rien faire télément le lag es énorme !
merci de répondre
( dsl pour les fautes je peut pas ouvrire mon correcteur je lag trop apré )
je ne peut pas formaté je n'ais pas le CD
depuis mon dernié téléchargement , mon ordinateur lag énorme , je passe de 0.5sec a ouvrire page web a 5 6 mn facile
je voudrais savoir comment faire , je ne peut presque rien faire télément le lag es énorme !
merci de répondre
( dsl pour les fautes je peut pas ouvrire mon correcteur je lag trop apré )
je ne peut pas formaté je n'ais pas le CD
Autres pages sur : lag enorme
Lassé par la pub ? Créez un compte
Bonjour,
On va regarder ça..
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici[ le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
On va regarder ça..
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
merci d'avoir répondu XmichouX
a quoi sa ressemble le rapport ? , j'ai vue sa dans le bloc note mais je ne suis pas sure de moi !
( copié collé )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:24, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\documents and settings\adrien\local settings\application data\wiwcwok.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Adrien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKCU\..\Run: [wiwcwok] c:\documents and settings\adrien\local settings\application data\wiwcwok.exe wiwcwok
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0517D5-FBEC-427B-8AED-A6F7FBA18DA2}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{89646E3E-F3DE-407E-A7C6-E27FC9D8C64F}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.198 85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\..\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.198 85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\..\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.198 85.255.112.231
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 8805 bytes
a quoi sa ressemble le rapport ? , j'ai vue sa dans le bloc note mais je ne suis pas sure de moi !
( copié collé )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:24, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\documents and settings\adrien\local settings\application data\wiwcwok.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Adrien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKCU\..\Run: [wiwcwok] c:\documents and settings\adrien\local settings\application data\wiwcwok.exe wiwcwok
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0517D5-FBEC-427B-8AED-A6F7FBA18DA2}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{89646E3E-F3DE-407E-A7C6-E27FC9D8C64F}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.198 85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\..\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.198 85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\..\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}: NameServer = 85.255.113.198,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.198 85.255.112.231
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 8805 bytes
Re,
Plusieurs infections.
Télécharge FixWareout (de LonnyRJones) sur le Bureau.
>>Deuxième lien<<
Double clique sur FixWareout.exe, : clique sur Next puis Install.
Run fixit doit être coché, enfin clique sur Finish.
Suis les messages à l'écran. Ton ordinateur devra redémarrer, accepte. Le démarrage sera légèrement plus long que d’habitude.
Poste le rapport : C:\fixwareout\report.txt accompagné d’un nouveau log HijackThis.
***********
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
************
Télécharge Navilog (de Il-Mafioso)
Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
Poste le rapport généré.
Le rapport se trouve ici : C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Plusieurs infections.
Télécharge FixWareout (de LonnyRJones) sur le Bureau.
>>Deuxième lien<<
***********
Télécharge SDFix (d’Andy Manchesta)
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Il se trouve également. dans le dossier SDFix >Report.txt<
************
Télécharge Navilog (de Il-Mafioso)
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
"*** Analyse Termine le ..... ***"
Le rapport se trouve ici : C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Xmichoux ,
voilà le 1er rapport ( je fais les deux autres )
( copié collé )
Username "Adrien" - 20/06/2008 16:29:53 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.198 85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}
"nameserver"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4C0517D5-FBEC-427B-8AED-A6F7FBA18DA2}
"nameserver"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89646E3E-F3DE-407E-A7C6-E27FC9D8C64F}
"nameserver"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}
"DhcpNameServer"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89646E3E-F3DE-407E-A7C6-E27FC9D8C64F}
"DhcpNameServer"="85.255.113.198,85.255.112.231" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Bron-Spizaetus"="\"C:\\WINDOWS\\ShellNew\\RakyatKelaparan.exe\""
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\""
"bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Pile Five.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"managerbrowse"="C:\\DOCUME~1\\Adrien\\APPLIC~1\\STOPGR~1\\deletegramflaw.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Tok-Cirrhatus"=""
"Tok-Cirrhatus-1398"="\"C:\\Documents and Settings\\Adrien\\Local Settings\\Application Data\\br3819on.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
"Jnskdfmf9eldfd"="C:\\DOCUME~1\\Adrien\\LOCALS~1\\Temp\\csrssc.exe"
"WanadooMail"="C:\\WINDOWS\\system32\\WanadooMail.exe"
"wiwcwok"="c:\\documents and settings\\adrien\\local settings\\application data\\wiwcwok.exe wiwcwok"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
voilà le 1er rapport ( je fais les deux autres )
( copié collé )
Username "Adrien" - 20/06/2008 16:29:53 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.198 85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}
"nameserver"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4C0517D5-FBEC-427B-8AED-A6F7FBA18DA2}
"nameserver"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89646E3E-F3DE-407E-A7C6-E27FC9D8C64F}
"nameserver"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{47431136-45C3-4DA1-B7B8-207ACF2F2A9B}
"DhcpNameServer"="85.255.113.198,85.255.112.231" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89646E3E-F3DE-407E-A7C6-E27FC9D8C64F}
"DhcpNameServer"="85.255.113.198,85.255.112.231" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Bron-Spizaetus"="\"C:\\WINDOWS\\ShellNew\\RakyatKelaparan.exe\""
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\""
"bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Pile Five.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"managerbrowse"="C:\\DOCUME~1\\Adrien\\APPLIC~1\\STOPGR~1\\deletegramflaw.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Tok-Cirrhatus"=""
"Tok-Cirrhatus-1398"="\"C:\\Documents and Settings\\Adrien\\Local Settings\\Application Data\\br3819on.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
"Jnskdfmf9eldfd"="C:\\DOCUME~1\\Adrien\\LOCALS~1\\Temp\\csrssc.exe"
"WanadooMail"="C:\\WINDOWS\\system32\\WanadooMail.exe"
"wiwcwok"="c:\\documents and settings\\adrien\\local settings\\application data\\wiwcwok.exe wiwcwok"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Comment faire le mode sans échec ?
nouveaux rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:16, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\documents and settings\adrien\local settings\application data\wiwcwok.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Adrien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKCU\..\Run: [wiwcwok] c:\documents and settings\adrien\local settings\application data\wiwcwok.exe wiwcwok
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7867 bytes
Merci de répondre XmichouX c'est sympa![:)]( ":)")
nouveaux rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:16, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\documents and settings\adrien\local settings\application data\wiwcwok.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Adrien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKCU\..\Run: [wiwcwok] c:\documents and settings\adrien\local settings\application data\wiwcwok.exe wiwcwok
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7867 bytes
Merci de répondre XmichouX c'est sympa
re ,
rapport avec navi
Search Navipromo version 3.5.8 commencé le 20/06/2008 à 19:31:17,90
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Adrien"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
InternetGameBox
Favorit
Windows Live Favorites pour Windows Live Toolbar
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
C:\Program Files\InternetGameBox trouvé !
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans "C:\Documents and Settings\Adrien\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Adrien\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Adrien\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Adrien\locals~1\applic~1" *
Fichiers trouvés :
wiwcwok.exe trouvé !
wiwcwok.dat trouvé !
wiwcwok_nav.dat trouvé !
wiwcwok_navps.dat trouvé !
*** Recherche fichiers ***
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Adrien\locals~1\applic~1" :
wiwcwok.dat trouvé !
wiwcwok_nav.dat trouvé !
wiwcwok_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 20/06/2008 à 19:36:00,28 ***
( je n'arrive pas avec SD , j'appuie sur Y , sa écris mon y dans le texte et sa s arrête la )
rapport avec navi
Search Navipromo version 3.5.8 commencé le 20/06/2008 à 19:31:17,90
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Adrien"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
InternetGameBox
Favorit
Windows Live Favorites pour Windows Live Toolbar
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
C:\Program Files\InternetGameBox trouvé !
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans "C:\Documents and Settings\Adrien\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Adrien\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Adrien\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Adrien\locals~1\applic~1" *
Fichiers trouvés :
wiwcwok.exe trouvé !
wiwcwok.dat trouvé !
wiwcwok_nav.dat trouvé !
wiwcwok_navps.dat trouvé !
*** Recherche fichiers ***
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Adrien\locals~1\applic~1" :
wiwcwok.dat trouvé !
wiwcwok_nav.dat trouvé !
wiwcwok_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 20/06/2008 à 19:36:00,28 ***
( je n'arrive pas avec SD , j'appuie sur Y , sa écris mon y dans le texte et sa s arrête la )
Re,
Double clique sur le raccourci de Navilog1.
Choisis l'option 2 puis valide. (Entrée)
Laisse toi guider.
Ton ordinateur va redémarrer, sinon fais le manuellement.
Ton bureau va disparaître.
Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"
Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
Montorgueil ; VIP
Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.
Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau
Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Les programmes suivants installent cette infection :
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.7
***********
Fais SDFix en sans échec![:)]( ":)")
"*** Nettoyage Termine le ..... ***"
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
Montorgueil ; VIP
Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.
Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau
Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Les programmes suivants installent cette infection :
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
***********
Fais SDFix en sans échec
Re ,
rapport nevi
Clean Navipromo version 3.5.8 commencé le 20/06/2008 à 20:29:04,62
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Adrien"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
C:\WINDOWS\prefetch\wiwcwok*.pf trouvé !
Copie C:\WINDOWS\prefetch\wiwcwok*.pf réalisée avec succès !
C:\WINDOWS\prefetch\wiwcwok*.pf supprimé !
* Suppression dans "C:\Documents and Settings\Adrien\locals~1\applic~1" *
wiwcwok.exe trouvé !
Copie wiwcwok.exe réalisée avec succès !
wiwcwok.exe supprimé !
wiwcwok.dat trouvé !
Copie wiwcwok.dat réalisée avec succès !
wiwcwok.dat supprimé !
wiwcwok_nav.dat trouvé !
Copie wiwcwok_nav.dat réalisée avec succès !
wiwcwok_nav.dat supprimé !
wiwcwok_navps.dat trouvé !
Copie wiwcwok_navps.dat réalisée avec succès !
wiwcwok_navps.dat supprimé !
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
C:\Program Files\InternetGamebox ...suppression...
C:\Program Files\InternetGamebox supprimé !
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
...\InternetGamebox ...suppression...
...\InternetGamebox supprimé !
*** Suppression dossiers dans "C:\Documents and Settings\Adrien\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Adrien\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Adrien\menudm~1\progra~1" ***
*** Suppression fichiers ***
C:\WINDOWS\system32\nvs2.inf supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Adrien\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Adrien\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 20/06/2008 à 20:32:38,65 ***
-----------------------------------------------------------------------------------------------------
rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:29, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Adrien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7619 bytes
Dit XmichouX je voudrais savoir se que tu essai de faire ^^ , car depuis le début je suis t'es instruction sans savoir pourquoi , enfin juste petite question bête ^^, tu n'es pas obliger d'i repondre . Sinon merci de répondre
PS : pour SD j'étais déjà en mode sans échec
rapport nevi
Clean Navipromo version 3.5.8 commencé le 20/06/2008 à 20:29:04,62
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Adrien"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
C:\WINDOWS\prefetch\wiwcwok*.pf trouvé !
Copie C:\WINDOWS\prefetch\wiwcwok*.pf réalisée avec succès !
C:\WINDOWS\prefetch\wiwcwok*.pf supprimé !
* Suppression dans "C:\Documents and Settings\Adrien\locals~1\applic~1" *
wiwcwok.exe trouvé !
Copie wiwcwok.exe réalisée avec succès !
wiwcwok.exe supprimé !
wiwcwok.dat trouvé !
Copie wiwcwok.dat réalisée avec succès !
wiwcwok.dat supprimé !
wiwcwok_nav.dat trouvé !
Copie wiwcwok_nav.dat réalisée avec succès !
wiwcwok_nav.dat supprimé !
wiwcwok_navps.dat trouvé !
Copie wiwcwok_navps.dat réalisée avec succès !
wiwcwok_navps.dat supprimé !
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
C:\Program Files\InternetGamebox ...suppression...
C:\Program Files\InternetGamebox supprimé !
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
...\InternetGamebox ...suppression...
...\InternetGamebox supprimé !
*** Suppression dossiers dans "C:\Documents and Settings\Adrien\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Adrien\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Adrien\menudm~1\progra~1" ***
*** Suppression fichiers ***
C:\WINDOWS\system32\nvs2.inf supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Adrien\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Adrien\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 20/06/2008 à 20:32:38,65 ***
-----------------------------------------------------------------------------------------------------
rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:29, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Adrien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7619 bytes
Dit XmichouX je voudrais savoir se que tu essai de faire ^^ , car depuis le début je suis t'es instruction sans savoir pourquoi , enfin juste petite question bête ^^, tu n'es pas obliger d'i repondre . Sinon merci de répondre
PS : pour SD j'étais déjà en mode sans échec
re ,
youhou !
SDFix: Version 1.195
Run by Adrien on 20/06/2008 at 21:08
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
narqwe
Path :
\??\C:\WINDOWS\system32\narqwe.sys
narqwe - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\148118~1 - Deleted
C:\Program Files\outlook\p.zip - Deleted
C:\WINDOWS\system32\narqwe.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 21:13:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:42,77,8d,e2,62,4b,92,ef,2d,d2,01,9f,cd,72,b0,ea,0c,2b,ed,b3,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,56,0d,52,8c,fe,01,b5,55,0a,77,c6,ac,46,ad,1a,3b,18,..
"khjeh"=hex:16,95,72,67,d1,bc,33,e6,ee,d4,58,07,1e,d3,61,ce,80,e1,c1,9c,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f0,63,ae,5f,3c,95,c7,b8,c5,72,96,b1,c5,3b,09,4f,13,7c,d7,5d,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:42,77,8d,e2,62,4b,92,ef,2d,d2,01,9f,cd,72,b0,ea,0c,2b,ed,b3,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,56,0d,52,8c,fe,01,b5,55,0a,77,c6,ac,46,ad,1a,3b,18,..
"khjeh"=hex:16,95,72,67,d1,bc,33,e6,ee,d4,58,07,1e,d3,61,ce,80,e1,c1,9c,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f0,63,ae,5f,3c,95,c7,b8,c5,72,96,b1,c5,3b,09,4f,13,7c,d7,5d,79,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"="C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe:*:Enabled:NFSC"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Documents and Settings\\Adrien\\Bureau\\emule.exe"="C:\\Documents and Settings\\Adrien\\Bureau\\emule.exe:*:Enabled:eMule"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Aug 2004 1,392,671 ..SHR --- "C:\WINDOWS\system32\msvbvm60.dll"
Tue 29 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 27 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 4 Nov 2007 150,705 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12c9c7b74d009cd8f751411d54cc4b11\BIT1.tmp"
Tue 8 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\249236e184433b685b8d328e2f3512f9\BIT4.tmp"
Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT2.tmp"
Sun 4 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4896e7eb404b9f0d2ec9221b3c0f425b\BIT2.tmp"
Fri 20 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\58d6fbd2c3ae67b257e04127ea7d8039\BIT5.tmp"
Fri 20 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b2c65a0dd2d8f6b57326f016f4dc62d\BIT4.tmp"
Thu 19 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e5fb48c7a6be3f22de8aaab67292519d\BIT2.tmp"
Sun 4 Nov 2007 280,026 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BIT8.tmp"
Finished!
voilà ( je lag plus j'ai l'impression merci XmichouX![:)]( ":)")
)
j'attends ta réponse au cas ou il resterai une chose a faire
Merci beaucoup déjà pour tout !
youhou !
SDFix: Version 1.195
Run by Adrien on 20/06/2008 at 21:08
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
narqwe
Path :
\??\C:\WINDOWS\system32\narqwe.sys
narqwe - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\148118~1 - Deleted
C:\Program Files\outlook\p.zip - Deleted
C:\WINDOWS\system32\narqwe.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 21:13:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:42,77,8d,e2,62,4b,92,ef,2d,d2,01,9f,cd,72,b0,ea,0c,2b,ed,b3,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,56,0d,52,8c,fe,01,b5,55,0a,77,c6,ac,46,ad,1a,3b,18,..
"khjeh"=hex:16,95,72,67,d1,bc,33,e6,ee,d4,58,07,1e,d3,61,ce,80,e1,c1,9c,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f0,63,ae,5f,3c,95,c7,b8,c5,72,96,b1,c5,3b,09,4f,13,7c,d7,5d,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:42,77,8d,e2,62,4b,92,ef,2d,d2,01,9f,cd,72,b0,ea,0c,2b,ed,b3,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,56,0d,52,8c,fe,01,b5,55,0a,77,c6,ac,46,ad,1a,3b,18,..
"khjeh"=hex:16,95,72,67,d1,bc,33,e6,ee,d4,58,07,1e,d3,61,ce,80,e1,c1,9c,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f0,63,ae,5f,3c,95,c7,b8,c5,72,96,b1,c5,3b,09,4f,13,7c,d7,5d,79,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"="C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe:*:Enabled:NFSC"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Documents and Settings\\Adrien\\Bureau\\emule.exe"="C:\\Documents and Settings\\Adrien\\Bureau\\emule.exe:*:Enabled:eMule"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Aug 2004 1,392,671 ..SHR --- "C:\WINDOWS\system32\msvbvm60.dll"
Tue 29 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 27 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 4 Nov 2007 150,705 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12c9c7b74d009cd8f751411d54cc4b11\BIT1.tmp"
Tue 8 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\249236e184433b685b8d328e2f3512f9\BIT4.tmp"
Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT2.tmp"
Sun 4 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4896e7eb404b9f0d2ec9221b3c0f425b\BIT2.tmp"
Fri 20 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\58d6fbd2c3ae67b257e04127ea7d8039\BIT5.tmp"
Fri 20 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b2c65a0dd2d8f6b57326f016f4dc62d\BIT4.tmp"
Thu 19 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e5fb48c7a6be3f22de8aaab67292519d\BIT2.tmp"
Sun 4 Nov 2007 280,026 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BIT8.tmp"
Finished!
voilà ( je lag plus j'ai l'impression merci XmichouX
)j'attends ta réponse au cas ou il resterai une chose a faire
Merci beaucoup déjà pour tout !
Re ,
Rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:06, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7552 bytes
voilou
Rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:06, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Pile Five.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [managerbrowse] C:\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\deletegramflaw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7552 bytes
voilou
Décidément, tu as toutes les infections imaginables ![:D]( ":D")
Il faudrait faire un peu attention ..
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Il faudrait faire un peu attention ..
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
lol , Oui j'avais désinstallé avast car il me faisais chier a dire toute les 2 mn trojan trouvé ou virus , et quand j'ai ramer a mort je l'ai remis mais rien a y fait , merci a toi ^^
Sinon voilà le rapport ( sinon comment faire attention a pas rechaupé le même truc ?
-----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Adrien ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 21/06/2008 | 1:13:16,54 ] [ PC : ADD-F67D71 ]
[ MAJ : 16-06-2008 | 23:01 ]
-------------[ Listing des dossiers dans Application Data ]------------
[13/02/2008|21:05] C:\DOCUME~1\Adrien\APPLIC~1\Adobe
[04/02/2008|23:28] C:\DOCUME~1\Adrien\APPLIC~1\Apple Computer
[15/04/2008|19:30] C:\DOCUME~1\Adrien\APPLIC~1\ATI
[29/04/2008|18:06] C:\DOCUME~1\Adrien\APPLIC~1\DAEMON Tools
[04/11/2007|19:55] C:\DOCUME~1\Adrien\APPLIC~1\desktop.ini
[26/01/2008|20:42] C:\DOCUME~1\Adrien\APPLIC~1\DivX
[04/11/2007|19:09] C:\DOCUME~1\Adrien\APPLIC~1\Identities
[27/01/2008|15:00] C:\DOCUME~1\Adrien\APPLIC~1\InstallShield
[16/04/2008|16:12] C:\DOCUME~1\Adrien\APPLIC~1\LimeWire
[04/11/2007|19:47] C:\DOCUME~1\Adrien\APPLIC~1\Macromedia
[15/04/2008|21:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft
[11/11/2007|15:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft Games
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Mozilla
[04/11/2007|19:41] C:\DOCUME~1\Adrien\APPLIC~1\MSNInstaller
[20/06/2008|21:17] C:\DOCUME~1\Adrien\APPLIC~1\OpenOffice.org2
[16/06/2008|11:10] C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
[27/05/2008|17:25] C:\DOCUME~1\Adrien\APPLIC~1\Stop Great
[16/12/2007|01:52] C:\DOCUME~1\Adrien\APPLIC~1\Sun
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Talkback
[13/11/2007|19:22] C:\DOCUME~1\Adrien\APPLIC~1\WinRAR
[10/11/2007|01:43] C:\DOCUME~1\Adrien\APPLIC~1\Yahoo!
[28/11/2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/11/2007|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[30/04/2008|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[04/11/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[07/06/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[27/05/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
[10/11/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/11/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/11/2007|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/02/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[27/11/2007|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/11/2007|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[02/04/2008|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[10/11/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[04/11/2007|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[04/11/2007|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[21/06/2008 01:00][--ah-----] C:\WINDOWS\tasks\A02BD33C91884A64.job
[13/06/2008 15:04][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[10/05/2008 17:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[21/06/2008 00:51][--a------] C:\WINDOWS\tasks\V%u201Arifier les mises %u2026 jour de Windows Live Toolbar.job
[20/06/2008 21:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
A02BD33C91884A64.job <--> c:\docume~1\adrien\applic~1\stopgr~1\pokemailmedia.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[18/06/2008|18:56] C:\Program Files\Alwil Software
[28/11/2007|16:59] C:\Program Files\Apple Software Update
[17/06/2008|10:13] C:\Program Files\AskTBar
[30/04/2008|01:46] C:\Program Files\ATI Technologies
[21/01/2008|18:30] C:\Program Files\CamStudio
[03/05/2008|16:58] C:\Program Files\Cenega
[04/11/2007|19:02] C:\Program Files\ComPlus Applications
[29/04/2008|19:38] C:\Program Files\DAEMON Tools Lite
[21/06/2008|00:18] C:\Program Files\Diablo II
[08/06/2008|11:49] C:\Program Files\DivX
[17/06/2008|11:30] C:\Program Files\Dofus
[12/06/2008|12:16] C:\Program Files\DofusArena2
[15/04/2008|20:17] C:\Program Files\Electronic Arts
[18/06/2008|18:37] C:\Program Files\eMule
[15/06/2008|20:17] C:\Program Files\ENPC_PersoTEST1
[15/04/2008|19:23] C:\Program Files\Fichiers communs
[25/05/2008|10:35] C:\Program Files\InstallShield Installation Information
[27/01/2008|15:11] C:\Program Files\Internet Explorer
[28/11/2007|17:00] C:\Program Files\iPod
[28/11/2007|17:00] C:\Program Files\iTunes
[16/06/2008|08:33] C:\Program Files\Java
[11/11/2007|19:46] C:\Program Files\LimeWire
[07/11/2007|03:36] C:\Program Files\Messenger
[13/01/2008|23:11] C:\Program Files\Messenger Plus! Live
[04/11/2007|19:49] C:\Program Files\MessengerPlus! 3
[04/11/2007|19:05] C:\Program Files\microsoft frontpage
[11/11/2007|15:39] C:\Program Files\Microsoft Games
[04/11/2007|19:03] C:\Program Files\Movie Maker
[21/06/2008|01:11] C:\Program Files\Mozilla Firefox
[04/11/2007|19:01] C:\Program Files\MSN Gaming Zone
[13/01/2008|23:11] C:\Program Files\MSN Messenger
[12/11/2007|14:33] C:\Program Files\MSXML 4.0
[12/05/2008|18:47] C:\Program Files\MTA San Andreas
[20/06/2008|20:32] C:\Program Files\Navilog1
[04/11/2007|19:03] C:\Program Files\NetMeeting
[13/06/2008|15:00] C:\Program Files\Norton Security Scan
[04/11/2007|19:01] C:\Program Files\Online Services
[16/06/2008|08:34] C:\Program Files\OpenOffice.org 2.4
[20/06/2008|21:10] C:\Program Files\outlook
[07/11/2007|03:35] C:\Program Files\Outlook Express
[28/11/2007|17:00] C:\Program Files\QuickTime
[25/05/2008|10:35] C:\Program Files\Rockstar Games
[04/11/2007|19:03] C:\Program Files\Services en ligne
[29/04/2008|18:10] C:\Program Files\ShoppingReport
[27/01/2008|15:05] C:\Program Files\Sierra
[27/05/2008|17:21] C:\Program Files\Stop Great
[20/06/2008|15:40] C:\Program Files\Trend Micro
[04/11/2007|19:09] C:\Program Files\Uninstall Information
[10/03/2008|23:39] C:\Program Files\Universal Interactive
[28/11/2007|20:43] C:\Program Files\Veoh Networks
[07/02/2008|21:37] C:\Program Files\Windows Live
[30/11/2007|14:12] C:\Program Files\Windows Live Favorites
[30/11/2007|14:12] C:\Program Files\Windows Live Toolbar
[27/11/2007|12:48] C:\Program Files\Windows Media Connect 2
[27/11/2007|12:52] C:\Program Files\Windows Media Player
[04/11/2007|19:01] C:\Program Files\Windows NT
[04/11/2007|19:03] C:\Program Files\WindowsUpdate
[28/01/2008|13:51] C:\Program Files\WinRAR
[04/11/2007|19:05] C:\Program Files\xerox
[10/11/2007|00:11] C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[28/11/2007|16:58] C:\Program Files\Fichiers communs\Apple
[15/04/2008|19:23] C:\Program Files\Fichiers communs\ATI Technologies
[15/04/2008|19:23] C:\Program Files\Fichiers communs\InstallShield
[11/11/2007|19:45] C:\Program Files\Fichiers communs\Java
[04/11/2007|19:56] C:\Program Files\Fichiers communs\Microsoft Shared
[04/11/2007|19:03] C:\Program Files\Fichiers communs\MSSoap
[04/11/2007|19:55] C:\Program Files\Fichiers communs\ODBC
[04/11/2007|19:03] C:\Program Files\Fichiers communs\Services
[04/11/2007|19:55] C:\Program Files\Fichiers communs\SpeechEngines
[07/11/2007|03:35] C:\Program Files\Fichiers communs\System
[07/02/2008|21:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 40
IEXPLORE.EXE ~ [1148]
IEXPLORE.EXE ~ [3024]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Adrien\Recent\Diablo_2_Lord_of_Destruction_v1.10_No-CD_Crack.lnk
[F:2][D:4]-> C:\DOCUME~1\Adrien\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Adrien\Cookies
[F:7][D:5]-> C:\DOCUME~1\Adrien\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 1:14:49,79 ]----------------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Pile Five.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\deletegramflaw.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\idlitvok.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\Jugs Bows Time Ping.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\mqxrshmi.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\oclcjpwt.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\pokemailmedia.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\ybnpobtq.exe
C:\Program Files\stopgr~1
C:\WINDOWS\Prefetch\PILE FIVE.EXE-033236F2.pf
C:\WINDOWS\Prefetch\DELETEGRAMFLAW.EXE-0E944FF9.pf
C:\WINDOWS\Prefetch\POKEMAILMEDIA.EXE-1E20F16F.pf
C:\WINDOWS\Tasks\A02BD33C91884A64.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"managerbrowse"="C:\\DOCUME~1\\Adrien\\APPLIC~1\\STOPGR~1\\deletegramflaw.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Pile Five.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 01:14:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
Sinon voilà le rapport ( sinon comment faire attention a pas rechaupé le même truc ?
-----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Adrien ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 21/06/2008 | 1:13:16,54 ] [ PC : ADD-F67D71 ]
[ MAJ : 16-06-2008 | 23:01 ]
-------------[ Listing des dossiers dans Application Data ]------------
[13/02/2008|21:05] C:\DOCUME~1\Adrien\APPLIC~1\Adobe
[04/02/2008|23:28] C:\DOCUME~1\Adrien\APPLIC~1\Apple Computer
[15/04/2008|19:30] C:\DOCUME~1\Adrien\APPLIC~1\ATI
[29/04/2008|18:06] C:\DOCUME~1\Adrien\APPLIC~1\DAEMON Tools
[04/11/2007|19:55] C:\DOCUME~1\Adrien\APPLIC~1\desktop.ini
[26/01/2008|20:42] C:\DOCUME~1\Adrien\APPLIC~1\DivX
[04/11/2007|19:09] C:\DOCUME~1\Adrien\APPLIC~1\Identities
[27/01/2008|15:00] C:\DOCUME~1\Adrien\APPLIC~1\InstallShield
[16/04/2008|16:12] C:\DOCUME~1\Adrien\APPLIC~1\LimeWire
[04/11/2007|19:47] C:\DOCUME~1\Adrien\APPLIC~1\Macromedia
[15/04/2008|21:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft
[11/11/2007|15:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft Games
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Mozilla
[04/11/2007|19:41] C:\DOCUME~1\Adrien\APPLIC~1\MSNInstaller
[20/06/2008|21:17] C:\DOCUME~1\Adrien\APPLIC~1\OpenOffice.org2
[16/06/2008|11:10] C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
[27/05/2008|17:25] C:\DOCUME~1\Adrien\APPLIC~1\Stop Great
[16/12/2007|01:52] C:\DOCUME~1\Adrien\APPLIC~1\Sun
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Talkback
[13/11/2007|19:22] C:\DOCUME~1\Adrien\APPLIC~1\WinRAR
[10/11/2007|01:43] C:\DOCUME~1\Adrien\APPLIC~1\Yahoo!
[28/11/2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/11/2007|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[30/04/2008|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[04/11/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[07/06/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[27/05/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
[10/11/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/11/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/11/2007|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/02/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[27/11/2007|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/11/2007|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[02/04/2008|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[10/11/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[04/11/2007|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[04/11/2007|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[21/06/2008 01:00][--ah-----] C:\WINDOWS\tasks\A02BD33C91884A64.job
[13/06/2008 15:04][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[10/05/2008 17:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[21/06/2008 00:51][--a------] C:\WINDOWS\tasks\V%u201Arifier les mises %u2026 jour de Windows Live Toolbar.job
[20/06/2008 21:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
A02BD33C91884A64.job <--> c:\docume~1\adrien\applic~1\stopgr~1\pokemailmedia.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[18/06/2008|18:56] C:\Program Files\Alwil Software
[28/11/2007|16:59] C:\Program Files\Apple Software Update
[17/06/2008|10:13] C:\Program Files\AskTBar
[30/04/2008|01:46] C:\Program Files\ATI Technologies
[21/01/2008|18:30] C:\Program Files\CamStudio
[03/05/2008|16:58] C:\Program Files\Cenega
[04/11/2007|19:02] C:\Program Files\ComPlus Applications
[29/04/2008|19:38] C:\Program Files\DAEMON Tools Lite
[21/06/2008|00:18] C:\Program Files\Diablo II
[08/06/2008|11:49] C:\Program Files\DivX
[17/06/2008|11:30] C:\Program Files\Dofus
[12/06/2008|12:16] C:\Program Files\DofusArena2
[15/04/2008|20:17] C:\Program Files\Electronic Arts
[18/06/2008|18:37] C:\Program Files\eMule
[15/06/2008|20:17] C:\Program Files\ENPC_PersoTEST1
[15/04/2008|19:23] C:\Program Files\Fichiers communs
[25/05/2008|10:35] C:\Program Files\InstallShield Installation Information
[27/01/2008|15:11] C:\Program Files\Internet Explorer
[28/11/2007|17:00] C:\Program Files\iPod
[28/11/2007|17:00] C:\Program Files\iTunes
[16/06/2008|08:33] C:\Program Files\Java
[11/11/2007|19:46] C:\Program Files\LimeWire
[07/11/2007|03:36] C:\Program Files\Messenger
[13/01/2008|23:11] C:\Program Files\Messenger Plus! Live
[04/11/2007|19:49] C:\Program Files\MessengerPlus! 3
[04/11/2007|19:05] C:\Program Files\microsoft frontpage
[11/11/2007|15:39] C:\Program Files\Microsoft Games
[04/11/2007|19:03] C:\Program Files\Movie Maker
[21/06/2008|01:11] C:\Program Files\Mozilla Firefox
[04/11/2007|19:01] C:\Program Files\MSN Gaming Zone
[13/01/2008|23:11] C:\Program Files\MSN Messenger
[12/11/2007|14:33] C:\Program Files\MSXML 4.0
[12/05/2008|18:47] C:\Program Files\MTA San Andreas
[20/06/2008|20:32] C:\Program Files\Navilog1
[04/11/2007|19:03] C:\Program Files\NetMeeting
[13/06/2008|15:00] C:\Program Files\Norton Security Scan
[04/11/2007|19:01] C:\Program Files\Online Services
[16/06/2008|08:34] C:\Program Files\OpenOffice.org 2.4
[20/06/2008|21:10] C:\Program Files\outlook
[07/11/2007|03:35] C:\Program Files\Outlook Express
[28/11/2007|17:00] C:\Program Files\QuickTime
[25/05/2008|10:35] C:\Program Files\Rockstar Games
[04/11/2007|19:03] C:\Program Files\Services en ligne
[29/04/2008|18:10] C:\Program Files\ShoppingReport
[27/01/2008|15:05] C:\Program Files\Sierra
[27/05/2008|17:21] C:\Program Files\Stop Great
[20/06/2008|15:40] C:\Program Files\Trend Micro
[04/11/2007|19:09] C:\Program Files\Uninstall Information
[10/03/2008|23:39] C:\Program Files\Universal Interactive
[28/11/2007|20:43] C:\Program Files\Veoh Networks
[07/02/2008|21:37] C:\Program Files\Windows Live
[30/11/2007|14:12] C:\Program Files\Windows Live Favorites
[30/11/2007|14:12] C:\Program Files\Windows Live Toolbar
[27/11/2007|12:48] C:\Program Files\Windows Media Connect 2
[27/11/2007|12:52] C:\Program Files\Windows Media Player
[04/11/2007|19:01] C:\Program Files\Windows NT
[04/11/2007|19:03] C:\Program Files\WindowsUpdate
[28/01/2008|13:51] C:\Program Files\WinRAR
[04/11/2007|19:05] C:\Program Files\xerox
[10/11/2007|00:11] C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[28/11/2007|16:58] C:\Program Files\Fichiers communs\Apple
[15/04/2008|19:23] C:\Program Files\Fichiers communs\ATI Technologies
[15/04/2008|19:23] C:\Program Files\Fichiers communs\InstallShield
[11/11/2007|19:45] C:\Program Files\Fichiers communs\Java
[04/11/2007|19:56] C:\Program Files\Fichiers communs\Microsoft Shared
[04/11/2007|19:03] C:\Program Files\Fichiers communs\MSSoap
[04/11/2007|19:55] C:\Program Files\Fichiers communs\ODBC
[04/11/2007|19:03] C:\Program Files\Fichiers communs\Services
[04/11/2007|19:55] C:\Program Files\Fichiers communs\SpeechEngines
[07/11/2007|03:35] C:\Program Files\Fichiers communs\System
[07/02/2008|21:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 40
IEXPLORE.EXE ~ [1148]
IEXPLORE.EXE ~ [3024]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Adrien\Recent\Diablo_2_Lord_of_Destruction_v1.10_No-CD_Crack.lnk
[F:2][D:4]-> C:\DOCUME~1\Adrien\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Adrien\Cookies
[F:7][D:5]-> C:\DOCUME~1\Adrien\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 1:14:49,79 ]----------------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Pile Five.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\deletegramflaw.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\idlitvok.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\Jugs Bows Time Ping.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\mqxrshmi.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\oclcjpwt.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\pokemailmedia.exe
C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\ybnpobtq.exe
C:\Program Files\stopgr~1
C:\WINDOWS\Prefetch\PILE FIVE.EXE-033236F2.pf
C:\WINDOWS\Prefetch\DELETEGRAMFLAW.EXE-0E944FF9.pf
C:\WINDOWS\Prefetch\POKEMAILMEDIA.EXE-1E20F16F.pf
C:\WINDOWS\Tasks\A02BD33C91884A64.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"managerbrowse"="C:\\DOCUME~1\\Adrien\\APPLIC~1\\STOPGR~1\\deletegramflaw.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Pile Five.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 01:14:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
Tu as trafiqué le rapport ?
Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier
Relance Lop S&D
Choisis cette fois ci l'Option 4 (LopScript)
Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (C:\lopR.txt)
Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier
C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
C:\Program Files\AskTBar
C:\Program Files\AskTBar
Relance Lop S&D
non je n'ai pas trafiqué le rapport mais il me semble que je n'avais pas tout sélectionnés , c'est peut être sa ,
sinon voila le rapport :
-----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Adrien ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 21/06/2008 | 10:54:10,70 ] [ PC : ADD-F67D71 ]
[ MAJ : 16-06-2008 | 23:01 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////
C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
C:\Program Files\AskTBar
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Pile Five.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\deletegramflaw.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\idlitvok.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\Jugs Bows Time Ping.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\mqxrshmi.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\oclcjpwt.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\pokemailmedia.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\ybnpobtq.exe
Supprimé! - C:\WINDOWS\Prefetch\PILE FIVE.EXE-033236F2.pf
Supprimé! - C:\WINDOWS\Prefetch\DELETEGRAMFLAW.EXE-0E944FF9.pf
Supprimé! - C:\WINDOWS\Prefetch\POKEMAILMEDIA.EXE-1E20F16F.pf
Supprimé! - C:\WINDOWS\Tasks\A02BD33C91884A64.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1
Supprimé! - C:\Program Files\stopgr~1
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprimé! - C:\Program Files\ShoppingReport
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[13/02/2008|21:05] C:\DOCUME~1\Adrien\APPLIC~1\Adobe
[04/02/2008|23:28] C:\DOCUME~1\Adrien\APPLIC~1\Apple Computer
[15/04/2008|19:30] C:\DOCUME~1\Adrien\APPLIC~1\ATI
[29/04/2008|18:06] C:\DOCUME~1\Adrien\APPLIC~1\DAEMON Tools
[04/11/2007|19:55] C:\DOCUME~1\Adrien\APPLIC~1\desktop.ini
[26/01/2008|20:42] C:\DOCUME~1\Adrien\APPLIC~1\DivX
[04/11/2007|19:09] C:\DOCUME~1\Adrien\APPLIC~1\Identities
[27/01/2008|15:00] C:\DOCUME~1\Adrien\APPLIC~1\InstallShield
[16/04/2008|16:12] C:\DOCUME~1\Adrien\APPLIC~1\LimeWire
[04/11/2007|19:47] C:\DOCUME~1\Adrien\APPLIC~1\Macromedia
[15/04/2008|21:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft
[11/11/2007|15:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft Games
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Mozilla
[04/11/2007|19:41] C:\DOCUME~1\Adrien\APPLIC~1\MSNInstaller
[21/06/2008|10:48] C:\DOCUME~1\Adrien\APPLIC~1\OpenOffice.org2
[16/12/2007|01:52] C:\DOCUME~1\Adrien\APPLIC~1\Sun
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Talkback
[13/11/2007|19:22] C:\DOCUME~1\Adrien\APPLIC~1\WinRAR
[10/11/2007|01:43] C:\DOCUME~1\Adrien\APPLIC~1\Yahoo!
[28/11/2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/11/2007|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[30/04/2008|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[04/11/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[07/06/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[10/11/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/11/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/11/2007|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/02/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[27/11/2007|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/11/2007|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[02/04/2008|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[10/11/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[04/11/2007|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[04/11/2007|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[13/06/2008 15:04][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[10/05/2008 17:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[21/06/2008 10:51][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[21/06/2008 10:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[18/06/2008|18:56] C:\Program Files\Alwil Software
[28/11/2007|16:59] C:\Program Files\Apple Software Update
[17/06/2008|10:13] C:\Program Files\AskTBar
[30/04/2008|01:46] C:\Program Files\ATI Technologies
[21/01/2008|18:30] C:\Program Files\CamStudio
[03/05/2008|16:58] C:\Program Files\Cenega
[04/11/2007|19:02] C:\Program Files\ComPlus Applications
[29/04/2008|19:38] C:\Program Files\DAEMON Tools Lite
[21/06/2008|01:28] C:\Program Files\Diablo II
[08/06/2008|11:49] C:\Program Files\DivX
[17/06/2008|11:30] C:\Program Files\Dofus
[12/06/2008|12:16] C:\Program Files\DofusArena2
[15/04/2008|20:17] C:\Program Files\Electronic Arts
[18/06/2008|18:37] C:\Program Files\eMule
[15/06/2008|20:17] C:\Program Files\ENPC_PersoTEST1
[15/04/2008|19:23] C:\Program Files\Fichiers communs
[25/05/2008|10:35] C:\Program Files\InstallShield Installation Information
[27/01/2008|15:11] C:\Program Files\Internet Explorer
[28/11/2007|17:00] C:\Program Files\iPod
[28/11/2007|17:00] C:\Program Files\iTunes
[16/06/2008|08:33] C:\Program Files\Java
[11/11/2007|19:46] C:\Program Files\LimeWire
[07/11/2007|03:36] C:\Program Files\Messenger
[13/01/2008|23:11] C:\Program Files\Messenger Plus! Live
[04/11/2007|19:49] C:\Program Files\MessengerPlus! 3
[04/11/2007|19:05] C:\Program Files\microsoft frontpage
[11/11/2007|15:39] C:\Program Files\Microsoft Games
[04/11/2007|19:03] C:\Program Files\Movie Maker
[21/06/2008|10:51] C:\Program Files\Mozilla Firefox
[04/11/2007|19:01] C:\Program Files\MSN Gaming Zone
[13/01/2008|23:11] C:\Program Files\MSN Messenger
[12/11/2007|14:33] C:\Program Files\MSXML 4.0
[12/05/2008|18:47] C:\Program Files\MTA San Andreas
[20/06/2008|20:32] C:\Program Files\Navilog1
[04/11/2007|19:03] C:\Program Files\NetMeeting
[13/06/2008|15:00] C:\Program Files\Norton Security Scan
[04/11/2007|19:01] C:\Program Files\Online Services
[16/06/2008|08:34] C:\Program Files\OpenOffice.org 2.4
[20/06/2008|21:10] C:\Program Files\outlook
[07/11/2007|03:35] C:\Program Files\Outlook Express
[28/11/2007|17:00] C:\Program Files\QuickTime
[25/05/2008|10:35] C:\Program Files\Rockstar Games
[04/11/2007|19:03] C:\Program Files\Services en ligne
[27/01/2008|15:05] C:\Program Files\Sierra
[20/06/2008|15:40] C:\Program Files\Trend Micro
[04/11/2007|19:09] C:\Program Files\Uninstall Information
[10/03/2008|23:39] C:\Program Files\Universal Interactive
[28/11/2007|20:43] C:\Program Files\Veoh Networks
[07/02/2008|21:37] C:\Program Files\Windows Live
[30/11/2007|14:12] C:\Program Files\Windows Live Favorites
[30/11/2007|14:12] C:\Program Files\Windows Live Toolbar
[27/11/2007|12:48] C:\Program Files\Windows Media Connect 2
[27/11/2007|12:52] C:\Program Files\Windows Media Player
[04/11/2007|19:01] C:\Program Files\Windows NT
[04/11/2007|19:03] C:\Program Files\WindowsUpdate
[28/01/2008|13:51] C:\Program Files\WinRAR
[04/11/2007|19:05] C:\Program Files\xerox
[10/11/2007|00:11] C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[28/11/2007|16:58] C:\Program Files\Fichiers communs\Apple
[15/04/2008|19:23] C:\Program Files\Fichiers communs\ATI Technologies
[15/04/2008|19:23] C:\Program Files\Fichiers communs\InstallShield
[11/11/2007|19:45] C:\Program Files\Fichiers communs\Java
[04/11/2007|19:56] C:\Program Files\Fichiers communs\Microsoft Shared
[04/11/2007|19:03] C:\Program Files\Fichiers communs\MSSoap
[04/11/2007|19:55] C:\Program Files\Fichiers communs\ODBC
[04/11/2007|19:03] C:\Program Files\Fichiers communs\Services
[04/11/2007|19:55] C:\Program Files\Fichiers communs\SpeechEngines
[07/11/2007|03:35] C:\Program Files\Fichiers communs\System
[07/02/2008|21:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 41
IEXPLORE.EXE ~ [2340]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 10:55:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Adrien\Recent\Diablo_2_Lord_of_Destruction_v1.10_No-CD_Crack.lnk
[F:3][D:4]-> C:\DOCUME~1\Adrien\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Adrien\Cookies
[F:7][D:5]-> C:\DOCUME~1\Adrien\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 10:56:05,14 ]----------------------
sinon voila le rapport :
-----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Adrien ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 21/06/2008 | 10:54:10,70 ] [ PC : ADD-F67D71 ]
[ MAJ : 16-06-2008 | 23:01 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////
C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
C:\Program Files\AskTBar
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Pile Five.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\deletegramflaw.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\idlitvok.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\Jugs Bows Time Ping.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\mqxrshmi.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\oclcjpwt.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\pokemailmedia.exe
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1\ybnpobtq.exe
Supprimé! - C:\WINDOWS\Prefetch\PILE FIVE.EXE-033236F2.pf
Supprimé! - C:\WINDOWS\Prefetch\DELETEGRAMFLAW.EXE-0E944FF9.pf
Supprimé! - C:\WINDOWS\Prefetch\POKEMAILMEDIA.EXE-1E20F16F.pf
Supprimé! - C:\WINDOWS\Tasks\A02BD33C91884A64.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\stopgr~1
Supprimé! - C:\Program Files\stopgr~1
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprimé! - C:\Program Files\ShoppingReport
Supprimé! - C:\DOCUME~1\Adrien\APPLIC~1\ShoppingReport
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[13/02/2008|21:05] C:\DOCUME~1\Adrien\APPLIC~1\Adobe
[04/02/2008|23:28] C:\DOCUME~1\Adrien\APPLIC~1\Apple Computer
[15/04/2008|19:30] C:\DOCUME~1\Adrien\APPLIC~1\ATI
[29/04/2008|18:06] C:\DOCUME~1\Adrien\APPLIC~1\DAEMON Tools
[04/11/2007|19:55] C:\DOCUME~1\Adrien\APPLIC~1\desktop.ini
[26/01/2008|20:42] C:\DOCUME~1\Adrien\APPLIC~1\DivX
[04/11/2007|19:09] C:\DOCUME~1\Adrien\APPLIC~1\Identities
[27/01/2008|15:00] C:\DOCUME~1\Adrien\APPLIC~1\InstallShield
[16/04/2008|16:12] C:\DOCUME~1\Adrien\APPLIC~1\LimeWire
[04/11/2007|19:47] C:\DOCUME~1\Adrien\APPLIC~1\Macromedia
[15/04/2008|21:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft
[11/11/2007|15:42] C:\DOCUME~1\Adrien\APPLIC~1\Microsoft Games
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Mozilla
[04/11/2007|19:41] C:\DOCUME~1\Adrien\APPLIC~1\MSNInstaller
[21/06/2008|10:48] C:\DOCUME~1\Adrien\APPLIC~1\OpenOffice.org2
[16/12/2007|01:52] C:\DOCUME~1\Adrien\APPLIC~1\Sun
[10/11/2007|15:44] C:\DOCUME~1\Adrien\APPLIC~1\Talkback
[13/11/2007|19:22] C:\DOCUME~1\Adrien\APPLIC~1\WinRAR
[10/11/2007|01:43] C:\DOCUME~1\Adrien\APPLIC~1\Yahoo!
[28/11/2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/11/2007|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[30/04/2008|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[04/11/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[07/06/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[10/11/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/11/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/11/2007|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/02/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[27/11/2007|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/11/2007|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[02/04/2008|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[10/11/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[04/11/2007|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[04/11/2007|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/11/2007|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[13/06/2008 15:04][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[10/05/2008 17:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[21/06/2008 10:51][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[21/06/2008 10:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[18/06/2008|18:56] C:\Program Files\Alwil Software
[28/11/2007|16:59] C:\Program Files\Apple Software Update
[17/06/2008|10:13] C:\Program Files\AskTBar
[30/04/2008|01:46] C:\Program Files\ATI Technologies
[21/01/2008|18:30] C:\Program Files\CamStudio
[03/05/2008|16:58] C:\Program Files\Cenega
[04/11/2007|19:02] C:\Program Files\ComPlus Applications
[29/04/2008|19:38] C:\Program Files\DAEMON Tools Lite
[21/06/2008|01:28] C:\Program Files\Diablo II
[08/06/2008|11:49] C:\Program Files\DivX
[17/06/2008|11:30] C:\Program Files\Dofus
[12/06/2008|12:16] C:\Program Files\DofusArena2
[15/04/2008|20:17] C:\Program Files\Electronic Arts
[18/06/2008|18:37] C:\Program Files\eMule
[15/06/2008|20:17] C:\Program Files\ENPC_PersoTEST1
[15/04/2008|19:23] C:\Program Files\Fichiers communs
[25/05/2008|10:35] C:\Program Files\InstallShield Installation Information
[27/01/2008|15:11] C:\Program Files\Internet Explorer
[28/11/2007|17:00] C:\Program Files\iPod
[28/11/2007|17:00] C:\Program Files\iTunes
[16/06/2008|08:33] C:\Program Files\Java
[11/11/2007|19:46] C:\Program Files\LimeWire
[07/11/2007|03:36] C:\Program Files\Messenger
[13/01/2008|23:11] C:\Program Files\Messenger Plus! Live
[04/11/2007|19:49] C:\Program Files\MessengerPlus! 3
[04/11/2007|19:05] C:\Program Files\microsoft frontpage
[11/11/2007|15:39] C:\Program Files\Microsoft Games
[04/11/2007|19:03] C:\Program Files\Movie Maker
[21/06/2008|10:51] C:\Program Files\Mozilla Firefox
[04/11/2007|19:01] C:\Program Files\MSN Gaming Zone
[13/01/2008|23:11] C:\Program Files\MSN Messenger
[12/11/2007|14:33] C:\Program Files\MSXML 4.0
[12/05/2008|18:47] C:\Program Files\MTA San Andreas
[20/06/2008|20:32] C:\Program Files\Navilog1
[04/11/2007|19:03] C:\Program Files\NetMeeting
[13/06/2008|15:00] C:\Program Files\Norton Security Scan
[04/11/2007|19:01] C:\Program Files\Online Services
[16/06/2008|08:34] C:\Program Files\OpenOffice.org 2.4
[20/06/2008|21:10] C:\Program Files\outlook
[07/11/2007|03:35] C:\Program Files\Outlook Express
[28/11/2007|17:00] C:\Program Files\QuickTime
[25/05/2008|10:35] C:\Program Files\Rockstar Games
[04/11/2007|19:03] C:\Program Files\Services en ligne
[27/01/2008|15:05] C:\Program Files\Sierra
[20/06/2008|15:40] C:\Program Files\Trend Micro
[04/11/2007|19:09] C:\Program Files\Uninstall Information
[10/03/2008|23:39] C:\Program Files\Universal Interactive
[28/11/2007|20:43] C:\Program Files\Veoh Networks
[07/02/2008|21:37] C:\Program Files\Windows Live
[30/11/2007|14:12] C:\Program Files\Windows Live Favorites
[30/11/2007|14:12] C:\Program Files\Windows Live Toolbar
[27/11/2007|12:48] C:\Program Files\Windows Media Connect 2
[27/11/2007|12:52] C:\Program Files\Windows Media Player
[04/11/2007|19:01] C:\Program Files\Windows NT
[04/11/2007|19:03] C:\Program Files\WindowsUpdate
[28/01/2008|13:51] C:\Program Files\WinRAR
[04/11/2007|19:05] C:\Program Files\xerox
[10/11/2007|00:11] C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[28/11/2007|16:58] C:\Program Files\Fichiers communs\Apple
[15/04/2008|19:23] C:\Program Files\Fichiers communs\ATI Technologies
[15/04/2008|19:23] C:\Program Files\Fichiers communs\InstallShield
[11/11/2007|19:45] C:\Program Files\Fichiers communs\Java
[04/11/2007|19:56] C:\Program Files\Fichiers communs\Microsoft Shared
[04/11/2007|19:03] C:\Program Files\Fichiers communs\MSSoap
[04/11/2007|19:55] C:\Program Files\Fichiers communs\ODBC
[04/11/2007|19:03] C:\Program Files\Fichiers communs\Services
[04/11/2007|19:55] C:\Program Files\Fichiers communs\SpeechEngines
[07/11/2007|03:35] C:\Program Files\Fichiers communs\System
[07/02/2008|21:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 41
IEXPLORE.EXE ~ [2340]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 10:55:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Adrien\Recent\Diablo_2_Lord_of_Destruction_v1.10_No-CD_Crack.lnk
[F:3][D:4]-> C:\DOCUME~1\Adrien\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Adrien\Cookies
[F:7][D:5]-> C:\DOCUME~1\Adrien\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 10:56:05,14 ]----------------------
Re ,
voila le rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:09, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7348 bytes
voila le rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:09, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 7348 bytes
Re,
Télécharge ComboFix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Télécharge ComboFix (de sUBs) sur ton Bureau.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Re ,
voilà le rapport de combofix
ComboFix 08-06-20.4 - Adrien 2008-06-21 14:50:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
Endroit: C:\Documents and Settings\Adrien\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\WINDOWS\system32\bszip.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.
2008-06-21 01:12 . 2008-06-21 10:56 <REP> d-------- C:\Lop SD
2008-06-20 21:00 . 2008-06-20 21:00 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-20 17:16 . 2008-06-20 20:32 <REP> d-------- C:\Program Files\Navilog1
2008-06-20 16:43 . 2008-06-20 21:16 <REP> d-------- C:\SDFix
2008-06-20 16:29 . 2008-06-20 16:32 <REP> d-------- C:\fixwareout
2008-06-20 15:40 . 2008-06-20 15:40 <REP> d-------- C:\Program Files\Trend Micro
2008-06-17 13:57 . 2008-06-17 20:48 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-17 13:56 . 2008-06-17 13:56 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-17 13:56 . 2008-06-17 13:56 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-17 13:56 . 2008-06-17 13:56 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-17 13:48 . 2008-06-17 13:48 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-17 13:48 . 2008-06-17 20:48 37,009 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-17 13:48 . 2008-06-17 13:48 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-17 13:38 . 2008-06-21 13:41 <REP> d-------- C:\Program Files\Diablo II
2008-06-16 08:45 . 2008-06-21 10:48 <REP> d-------- C:\Documents and Settings\Adrien\Application Data\OpenOffice.org2
2008-06-16 08:33 . 2008-06-16 08:34 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:17 . 2008-06-15 20:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-06-15 20:16 . 2008-06-15 20:17 <REP> d-------- C:\Program Files\ENPC_PersoTEST1
2008-06-12 12:13 . 2008-06-12 12:16 <REP> d-------- C:\Program Files\DofusArena2
2008-06-07 11:21 . 2008-06-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Droppix
2008-06-07 11:10 . 2008-06-17 10:13 <REP> d-------- C:\Program Files\AskTBar
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 16:56 --------- d-----w C:\Program Files\Alwil Software
2008-06-18 16:37 --------- d-----w C:\Program Files\eMule
2008-06-17 09:30 --------- d-----w C:\Program Files\Dofus
2008-06-16 06:33 --------- d-----w C:\Program Files\Java
2008-06-13 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-08 09:49 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-25 08:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 08:35 --------- d-----w C:\Program Files\Rockstar Games
2008-05-23 11:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 11:30 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-23 11:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 16:47 --------- d-----w C:\Program Files\MTA San Andreas
2008-05-03 14:58 --------- d-----w C:\Program Files\Cenega
2008-05-02 12:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-29 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-29 23:46 --------- d-----w C:\Program Files\ATI Technologies
2008-04-29 17:38 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-29 16:06 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 16:06 --------- d-----w C:\Documents and Settings\Adrien\Application Data\DAEMON Tools
2004-08-04 04:54 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-11-04 19:49 190024]
"Tok-Cirrhatus-1398"="C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"WanadooMail"="C:\WINDOWS\system32\WanadooMail.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\Adrien\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-16 01:20]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
C:\WINDOWS\system32\WanadooMail.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-10 15:53:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 13:04:10 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-21 12:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 14:52:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 14:55:17
ComboFix-quarantined-files.txt 2008-06-21 12:54:27
Pre-Run: 51,771,015,168 octets libres
Post-Run: 51,763,474,432 octets libres
152 --- E O F --- 2007-12-12 21:57:50
voilà le rapport de combofix
ComboFix 08-06-20.4 - Adrien 2008-06-21 14:50:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
Endroit: C:\Documents and Settings\Adrien\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\WINDOWS\system32\bszip.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.
2008-06-21 01:12 . 2008-06-21 10:56 <REP> d-------- C:\Lop SD
2008-06-20 21:00 . 2008-06-20 21:00 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-20 17:16 . 2008-06-20 20:32 <REP> d-------- C:\Program Files\Navilog1
2008-06-20 16:43 . 2008-06-20 21:16 <REP> d-------- C:\SDFix
2008-06-20 16:29 . 2008-06-20 16:32 <REP> d-------- C:\fixwareout
2008-06-20 15:40 . 2008-06-20 15:40 <REP> d-------- C:\Program Files\Trend Micro
2008-06-17 13:57 . 2008-06-17 20:48 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-17 13:56 . 2008-06-17 13:56 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-17 13:56 . 2008-06-17 13:56 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-17 13:56 . 2008-06-17 13:56 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-17 13:48 . 2008-06-17 13:48 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-17 13:48 . 2008-06-17 20:48 37,009 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-17 13:48 . 2008-06-17 13:48 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-17 13:38 . 2008-06-21 13:41 <REP> d-------- C:\Program Files\Diablo II
2008-06-16 08:45 . 2008-06-21 10:48 <REP> d-------- C:\Documents and Settings\Adrien\Application Data\OpenOffice.org2
2008-06-16 08:33 . 2008-06-16 08:34 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:17 . 2008-06-15 20:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-06-15 20:16 . 2008-06-15 20:17 <REP> d-------- C:\Program Files\ENPC_PersoTEST1
2008-06-12 12:13 . 2008-06-12 12:16 <REP> d-------- C:\Program Files\DofusArena2
2008-06-07 11:21 . 2008-06-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Droppix
2008-06-07 11:10 . 2008-06-17 10:13 <REP> d-------- C:\Program Files\AskTBar
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 16:56 --------- d-----w C:\Program Files\Alwil Software
2008-06-18 16:37 --------- d-----w C:\Program Files\eMule
2008-06-17 09:30 --------- d-----w C:\Program Files\Dofus
2008-06-16 06:33 --------- d-----w C:\Program Files\Java
2008-06-13 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-08 09:49 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-25 08:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 08:35 --------- d-----w C:\Program Files\Rockstar Games
2008-05-23 11:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 11:30 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-23 11:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 16:47 --------- d-----w C:\Program Files\MTA San Andreas
2008-05-03 14:58 --------- d-----w C:\Program Files\Cenega
2008-05-02 12:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-29 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-29 23:46 --------- d-----w C:\Program Files\ATI Technologies
2008-04-29 17:38 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-29 16:06 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 16:06 --------- d-----w C:\Documents and Settings\Adrien\Application Data\DAEMON Tools
2004-08-04 04:54 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-11-04 19:49 190024]
"Tok-Cirrhatus-1398"="C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"WanadooMail"="C:\WINDOWS\system32\WanadooMail.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\Adrien\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-16 01:20]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
C:\WINDOWS\system32\WanadooMail.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-10 15:53:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 13:04:10 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-21 12:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 14:52:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 14:55:17
ComboFix-quarantined-files.txt 2008-06-21 12:54:27
Pre-Run: 51,771,015,168 octets libres
Post-Run: 51,763,474,432 octets libres
152 --- E O F --- 2007-12-12 21:57:50
Re,
Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider.
************
Sélectionne l'intégralité du cadre ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
************
Sélectionne l'intégralité du cadre ci-dessous :
Collect::
C:\WINDOWS\system32\WanadooMail.exe
D:\Info.exe
F:\SETUP.EXE
C:\Program Files\AskTBar
Folder::
C:\Program Files\AskTBar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"Tok-Cirrhatus-1398"=-
"WanadooMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
C:\WINDOWS\system32\WanadooMail.exe
D:\Info.exe
F:\SETUP.EXE
C:\Program Files\AskTBar
Folder::
C:\Program Files\AskTBar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"Tok-Cirrhatus-1398"=-
"WanadooMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
je pense que c'est celui la il correspond plus au heure car j'ai posté directement après
ComboFix 08-06-20.4 - Adrien 2008-06-21 14:50:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
Endroit: C:\Documents and Settings\Adrien\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\WINDOWS\system32\bszip.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.
2008-06-21 01:12 . 2008-06-21 10:56 <REP> d-------- C:\Lop SD
2008-06-20 21:00 . 2008-06-20 21:00 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-20 17:16 . 2008-06-20 20:32 <REP> d-------- C:\Program Files\Navilog1
2008-06-20 16:43 . 2008-06-20 21:16 <REP> d-------- C:\SDFix
2008-06-20 16:29 . 2008-06-20 16:32 <REP> d-------- C:\fixwareout
2008-06-20 15:40 . 2008-06-20 15:40 <REP> d-------- C:\Program Files\Trend Micro
2008-06-17 13:57 . 2008-06-17 20:48 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-17 13:56 . 2008-06-17 13:56 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-17 13:56 . 2008-06-17 13:56 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-17 13:56 . 2008-06-17 13:56 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-17 13:48 . 2008-06-17 13:48 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-17 13:48 . 2008-06-17 20:48 37,009 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-17 13:48 . 2008-06-17 13:48 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-17 13:38 . 2008-06-21 13:41 <REP> d-------- C:\Program Files\Diablo II
2008-06-16 08:45 . 2008-06-21 10:48 <REP> d-------- C:\Documents and Settings\Adrien\Application Data\OpenOffice.org2
2008-06-16 08:33 . 2008-06-16 08:34 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:17 . 2008-06-15 20:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-06-15 20:16 . 2008-06-15 20:17 <REP> d-------- C:\Program Files\ENPC_PersoTEST1
2008-06-12 12:13 . 2008-06-12 12:16 <REP> d-------- C:\Program Files\DofusArena2
2008-06-07 11:21 . 2008-06-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Droppix
2008-06-07 11:10 . 2008-06-17 10:13 <REP> d-------- C:\Program Files\AskTBar
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 16:56 --------- d-----w C:\Program Files\Alwil Software
2008-06-18 16:37 --------- d-----w C:\Program Files\eMule
2008-06-17 09:30 --------- d-----w C:\Program Files\Dofus
2008-06-16 06:33 --------- d-----w C:\Program Files\Java
2008-06-13 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-08 09:49 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-25 08:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 08:35 --------- d-----w C:\Program Files\Rockstar Games
2008-05-23 11:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 11:30 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-23 11:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 16:47 --------- d-----w C:\Program Files\MTA San Andreas
2008-05-03 14:58 --------- d-----w C:\Program Files\Cenega
2008-05-02 12:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-29 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-29 23:46 --------- d-----w C:\Program Files\ATI Technologies
2008-04-29 17:38 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-29 16:06 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 16:06 --------- d-----w C:\Documents and Settings\Adrien\Application Data\DAEMON Tools
2004-08-04 04:54 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-11-04 19:49 190024]
"Tok-Cirrhatus-1398"="C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"WanadooMail"="C:\WINDOWS\system32\WanadooMail.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\Adrien\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-16 01:20]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
C:\WINDOWS\system32\WanadooMail.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-10 15:53:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 13:04:10 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-21 12:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 14:52:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 14:55:17
ComboFix-quarantined-files.txt 2008-06-21 12:54:27
Pre-Run: 51,771,015,168 octets libres
Post-Run: 51,763,474,432 octets libres
152 --- E O F --- 2007-12-12 21:57:50
ComboFix 08-06-20.4 - Adrien 2008-06-21 14:50:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
Endroit: C:\Documents and Settings\Adrien\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\WINDOWS\system32\bszip.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.
2008-06-21 01:12 . 2008-06-21 10:56 <REP> d-------- C:\Lop SD
2008-06-20 21:00 . 2008-06-20 21:00 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-20 17:16 . 2008-06-20 20:32 <REP> d-------- C:\Program Files\Navilog1
2008-06-20 16:43 . 2008-06-20 21:16 <REP> d-------- C:\SDFix
2008-06-20 16:29 . 2008-06-20 16:32 <REP> d-------- C:\fixwareout
2008-06-20 15:40 . 2008-06-20 15:40 <REP> d-------- C:\Program Files\Trend Micro
2008-06-17 13:57 . 2008-06-17 20:48 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-17 13:56 . 2008-06-17 13:56 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-17 13:56 . 2008-06-17 13:56 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-17 13:56 . 2008-06-17 13:56 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-17 13:48 . 2008-06-17 13:48 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-17 13:48 . 2008-06-17 20:48 37,009 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-17 13:48 . 2008-06-17 13:48 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-17 13:38 . 2008-06-21 13:41 <REP> d-------- C:\Program Files\Diablo II
2008-06-16 08:45 . 2008-06-21 10:48 <REP> d-------- C:\Documents and Settings\Adrien\Application Data\OpenOffice.org2
2008-06-16 08:33 . 2008-06-16 08:34 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:17 . 2008-06-15 20:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-06-15 20:16 . 2008-06-15 20:17 <REP> d-------- C:\Program Files\ENPC_PersoTEST1
2008-06-12 12:13 . 2008-06-12 12:16 <REP> d-------- C:\Program Files\DofusArena2
2008-06-07 11:21 . 2008-06-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Droppix
2008-06-07 11:10 . 2008-06-17 10:13 <REP> d-------- C:\Program Files\AskTBar
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 16:56 --------- d-----w C:\Program Files\Alwil Software
2008-06-18 16:37 --------- d-----w C:\Program Files\eMule
2008-06-17 09:30 --------- d-----w C:\Program Files\Dofus
2008-06-16 06:33 --------- d-----w C:\Program Files\Java
2008-06-13 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-08 09:49 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-25 08:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 08:35 --------- d-----w C:\Program Files\Rockstar Games
2008-05-23 11:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 11:30 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-23 11:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 16:47 --------- d-----w C:\Program Files\MTA San Andreas
2008-05-03 14:58 --------- d-----w C:\Program Files\Cenega
2008-05-02 12:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-29 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-29 23:46 --------- d-----w C:\Program Files\ATI Technologies
2008-04-29 17:38 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-29 16:06 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 16:06 --------- d-----w C:\Documents and Settings\Adrien\Application Data\DAEMON Tools
2004-08-04 04:54 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-11-04 19:49 190024]
"Tok-Cirrhatus-1398"="C:\Documents and Settings\Adrien\Local Settings\Application Data\br3819on.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"WanadooMail"="C:\WINDOWS\system32\WanadooMail.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\Adrien\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-16 01:20]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
C:\WINDOWS\system32\WanadooMail.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-10 15:53:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 13:04:10 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-21 12:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 14:52:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 14:55:17
ComboFix-quarantined-files.txt 2008-06-21 12:54:27
Pre-Run: 51,771,015,168 octets libres
Post-Run: 51,763,474,432 octets libres
152 --- E O F --- 2007-12-12 21:57:50
Trouvé , mais comme je ne l'avais pas vue du 1er coup j'ai recommencé les même manip donc je te mets les 2 rapport :s
celui que j'ai fait en 1er
Collect::
C:\WINDOWS\system32\WanadooMail.exe
D:\Info.exe
F:\SETUP.EXE
C:\Program Files\AskTBar
Folder::
C:\Program Files\AskTBar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"Tok-Cirrhatus-1398"=-
"WanadooMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4
et celui que j'ai fait en 2em ( je n'aurais peut être pas du :s )
Collect::
C:\WINDOWS\system32\WanadooMail.exe
D:\Info.exe
F:\SETUP.EXE
C:\Program Files\AskTBar
Folder::
C:\Program Files\AskTBar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"Tok-Cirrhatus-1398"=-
"WanadooMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
Voilà michoux , je suis sur que se sont heu le nom du bloc note ou été le rapport s'apelle CFScrip_used_2008-06-23@21-28
celui que j'ai fait en 1er
Collect::
C:\WINDOWS\system32\WanadooMail.exe
D:\Info.exe
F:\SETUP.EXE
C:\Program Files\AskTBar
Folder::
C:\Program Files\AskTBar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"Tok-Cirrhatus-1398"=-
"WanadooMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4
et celui que j'ai fait en 2em ( je n'aurais peut être pas du :s )
Collect::
C:\WINDOWS\system32\WanadooMail.exe
D:\Info.exe
F:\SETUP.EXE
C:\Program Files\AskTBar
Folder::
C:\Program Files\AskTBar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"Tok-Cirrhatus-1398"=-
"WanadooMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]
Voilà michoux , je suis sur que se sont heu le nom du bloc note ou été le rapport s'apelle CFScrip_used_2008-06-23@21-28
re ,
erf ok , bon voila le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57, on 2008-06-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 6306 bytes
erf ok , bon voila le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57, on 2008-06-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 6306 bytes
Apparemment c'est bon ![:)]( ":)")
On continue !
Télécharge Clean (de Malekal) sur ton Bureau.
Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport qui se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
**********
Désinstalle via Ajout/Suppression de Programmes (si présents) :
Avast!
Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html
Télécharge Ccleaner sur ton Bureau.
Clique sur "download the latest version"
Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
Lance le Nettoyage
Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
***************
Télécharge AntiVir sur ton Bureau.
Double clique sur l'exécutable téléchargé pour lancer l'installation.
A la fin de l'installation, clique sur Finish.
Ouvre Antivir, assure-toi qu’il soit bien à jour !
Dans l'onglet Local Protection, choisis Scanner.
Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir.
Aide : Comment installer et utiliser AntiVir.
On continue !
Télécharge Clean (de Malekal) sur ton Bureau.
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
**********
Désinstalle via Ajout/Suppression de Programmes (si présents) :
Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html
Télécharge Ccleaner sur ton Bureau.
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
Aide : Comment utiliser CCleaner.
***************
Télécharge AntiVir sur ton Bureau.
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir.
Aide : Comment installer et utiliser AntiVir.
Re , rapport de clean :
2008-06-24 a 20:12:38.17
*** Recherche des fichiers dans C:
C:\autorun.inf FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Je renvoi un message pour les autres
2008-06-24 a 20:12:38.17
*** Recherche des fichiers dans C:
C:\autorun.inf FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Je renvoi un message pour les autres
il y a eu ce rapport a la fin de installation , je poursuis
Avira AntiVir Personal- Free AntiVirus
*************************************
Copyright © 2008 Avira GmbH.
All rights reserved.
Inhalt
******
0 Important information
1 System requirements
2 Important requirements for an installation
3 Support service
4 Contact address
0 Important information
***********************
Users who have up to now installed an ANSI version of the Avira
AntiVir Personal software pack on a Microsoft Windows NT, Microsoft
Windows 2000 or Microsoft Windows XP operating system, receive
update information when attempting to update.
When updating, please proceed as follows:
1. Deinstall the installed version of the Avira AntiVir
Personal.
2. Download a current software pack from the downoad section of the
Avira AntiVir Personal website
http://www.free-av.com.
3. Install this software pack on your computer.
1 System requirements
*********************
In order for Avira AntiVir Personal to run properly, the computer
system must fulfill the following requirements:
- Computer: Pentium or higher, at least 133 MHz
- Operating system
- Microsoft Windows Vista (32 or 64 bit) or
- Microsoft Windows XP Home or Professional (32 or 64 bit), SP 2 recommended or
- Microsoft Windows 2000, SP 4 recommended
The display of the program interfaces can differ, depending on the
operating system used.
- 30 MB free memory on the hard disk (more if quarantine is used)
- Min. 100 MB temporary memory on the hard disk
- Min. 192 MB RAM (Windows XP or Professional)
- Min. 512 MB RAM (Windows Vista)
- For the installation of Avira AntiVir Personal:
administrator rights
2 Important requirements for an installation
********************************************
Ensure that the following requirements are fulfilled so that Avira
AntiVir Personal works properly on your computer:
- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited
3 Support service
*****************
If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at http://forum.avira.de or
to call our Support-Hotline.
Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir Personal to this
Bulletin Board.
Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.
Support-Forum
-------------
...our forum is available for you at any time!
The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...
http://forum.avira.de
Support-Hotline
---------------
Germany: 0900 10 11 333 (1,99 Euro/Min* for calls from the local
network)
Austria: 0900 51 03 61 121 (2,16 Euro/Min* for calls from the local
network)
Switzerland: 0900 51 03 61 (4,23 CHF/Min* for calls from the local
network)
* Prices are subject to change.
Mo - Fr between 10 a.m. and 7 p.m.
4 Contact
*********
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Internet: http://www.free-av.com
Avira AntiVir Personal- Free AntiVirus
*************************************
Copyright © 2008 Avira GmbH.
All rights reserved.
Inhalt
******
0 Important information
1 System requirements
2 Important requirements for an installation
3 Support service
4 Contact address
0 Important information
***********************
Users who have up to now installed an ANSI version of the Avira
AntiVir Personal software pack on a Microsoft Windows NT, Microsoft
Windows 2000 or Microsoft Windows XP operating system, receive
update information when attempting to update.
When updating, please proceed as follows:
1. Deinstall the installed version of the Avira AntiVir
Personal.
2. Download a current software pack from the downoad section of the
Avira AntiVir Personal website
http://www.free-av.com.
3. Install this software pack on your computer.
1 System requirements
*********************
In order for Avira AntiVir Personal to run properly, the computer
system must fulfill the following requirements:
- Computer: Pentium or higher, at least 133 MHz
- Operating system
- Microsoft Windows Vista (32 or 64 bit) or
- Microsoft Windows XP Home or Professional (32 or 64 bit), SP 2 recommended or
- Microsoft Windows 2000, SP 4 recommended
The display of the program interfaces can differ, depending on the
operating system used.
- 30 MB free memory on the hard disk (more if quarantine is used)
- Min. 100 MB temporary memory on the hard disk
- Min. 192 MB RAM (Windows XP or Professional)
- Min. 512 MB RAM (Windows Vista)
- For the installation of Avira AntiVir Personal:
administrator rights
2 Important requirements for an installation
********************************************
Ensure that the following requirements are fulfilled so that Avira
AntiVir Personal works properly on your computer:
- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited
3 Support service
*****************
If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at http://forum.avira.de or
to call our Support-Hotline.
Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir Personal to this
Bulletin Board.
Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.
Support-Forum
-------------
...our forum is available for you at any time!
The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...
http://forum.avira.de
Support-Hotline
---------------
Germany: 0900 10 11 333 (1,99 Euro/Min* for calls from the local
network)
Austria: 0900 51 03 61 121 (2,16 Euro/Min* for calls from the local
network)
Switzerland: 0900 51 03 61 (4,23 CHF/Min* for calls from the local
network)
* Prices are subject to change.
Mo - Fr between 10 a.m. and 7 p.m.
4 Contact
*********
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Internet: http://www.free-av.com
re , et voilà le rapport de antivir ,
Avira AntiVir Personal
Report file date: 2008-06-24 21:14
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Adrien
Computer name: ADD-F67D71
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 2008-06-24 21:14
Starting search for hidden objects.
'271309' objects were checked, '0' hidden objects were found.
End of the scan: 2008-06-24 21:17
Used time: 03:43 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
271309 Objects were scanned with rootkit scan
0 Hidden objects were found
Avira AntiVir Personal
Report file date: 2008-06-24 21:14
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Adrien
Computer name: ADD-F67D71
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 2008-06-24 21:14
Starting search for hidden objects.
'271309' objects were checked, '0' hidden objects were found.
End of the scan: 2008-06-24 21:17
Used time: 03:43 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
271309 Objects were scanned with rootkit scan
0 Hidden objects were found
voila j'ai refait mais c'est toujours maigre ,
Avira AntiVir Personal
Report file date: 2008-06-25 13:34
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Adrien
Computer name: ADD-F67D71
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 2008-06-25 13:34
Starting search for hidden objects.
'271659' objects were checked, '0' hidden objects were found.
End of the scan: 2008-06-25 13:38
Used time: 03:31 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
271659 Objects were scanned with rootkit scan
0 Hidden objects were found
Avira AntiVir Personal
Report file date: 2008-06-25 13:34
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Adrien
Computer name: ADD-F67D71
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 2008-06-25 13:34
Starting search for hidden objects.
'271659' objects were checked, '0' hidden objects were found.
End of the scan: 2008-06-25 13:38
Used time: 03:31 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
271659 Objects were scanned with rootkit scan
0 Hidden objects were found
je crois que c'est bon !
Avira AntiVir Personal
Report file date: 2008-06-25 14:28
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Adrien
Computer name: ADD-F67D71
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, A:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-06-25 14:28
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '26' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ADD-F67D71.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/catchme2008-06-21_145238,92.zip
[2] Archive type: ZIP
--> narqwe.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> qoobox/Quarantine/D/Info.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48ce3a60.qua'!
C:\Documents and Settings\Adrien\Mes documents\Mes images\about.Brontok.A.html
[DETECTION] Contains detection pattern of the worm WORM/Bro.1
[NOTE] The file was moved to '48d13c05.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\mqxrshmi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48da3c63.qua'!
C:\QooBox\Quarantine\catchme2008-06-21_145238,92.zip
[0] Archive type: ZIP
--> narqwe.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48d640db.qua'!
C:\QooBox\Quarantine\D\Info.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48c840e9.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/p.zip
[1] Archive type: ZIP
--> Setup.exe
--> Object
[3] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/Rbot.174080
[NOTE] The file was moved to '48c540e1.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
D:\System Volume Information\_restore{34FB467E-546D-4CEF-B262-D23E365560DD}\RP219\A0149639.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489343f3.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\' <Expansion>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: 2008-06-25 15:10
Used time: 42:41 min
The scan has been done completely.
6553 Scanning directories
355288 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
355280 Files not concerned
7450 Archives were scanned
3 Warnings
7 Notes
Avira AntiVir Personal
Report file date: 2008-06-25 14:28
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Adrien
Computer name: ADD-F67D71
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, A:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-06-25 14:28
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '26' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ADD-F67D71.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/catchme2008-06-21_145238,92.zip
[2] Archive type: ZIP
--> narqwe.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> qoobox/Quarantine/D/Info.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48ce3a60.qua'!
C:\Documents and Settings\Adrien\Mes documents\Mes images\about.Brontok.A.html
[DETECTION] Contains detection pattern of the worm WORM/Bro.1
[NOTE] The file was moved to '48d13c05.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\Adrien\APPLIC~1\STOPGR~1\mqxrshmi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48da3c63.qua'!
C:\QooBox\Quarantine\catchme2008-06-21_145238,92.zip
[0] Archive type: ZIP
--> narqwe.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '48d640db.qua'!
C:\QooBox\Quarantine\D\Info.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48c840e9.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/p.zip
[1] Archive type: ZIP
--> Setup.exe
--> Object
[3] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/Rbot.174080
[NOTE] The file was moved to '48c540e1.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
D:\System Volume Information\_restore{34FB467E-546D-4CEF-B262-D23E365560DD}\RP219\A0149639.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489343f3.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\' <Expansion>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: 2008-06-25 15:10
Used time: 42:41 min
The scan has been done completely.
6553 Scanning directories
355288 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
355280 Files not concerned
7450 Archives were scanned
3 Warnings
7 Notes
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Supprime C:\WINDOWS\ALCXMNTR.EXE
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Supprime C:\WINDOWS\ALCXMNTR.EXE
michoux le site et tout tout en anglais et je ne comprend quasiment rien ,e dois cliqué ou pour le télécharger merci.
Edite , c'est bon n'avez pas vue le tuto dsl
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 890
18:04:38 2008-06-25
mbam-log-6-25-2008 (18-04-33).txt
Type de recherche: Examen rapide
Eléments examinés: 38290
Temps écoulé: 5 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Edite , c'est bon n'avez pas vue le tuto dsl
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 890
18:04:38 2008-06-25
mbam-log-6-25-2008 (18-04-33).txt
Type de recherche: Examen rapide
Eléments examinés: 38290
Temps écoulé: 5 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
dysfonctionnement je c'est pas se que sa veut dire ![:/]( ":/")
voila rapprot hijac
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19, on 2008-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 6291 bytes
voila rapprot hijac
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19, on 2008-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b658d62dcabd428fa86a1f6837af9e21
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b658d62dcabd428fa86a1f6837af9e21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://activite.nodns.netavous.net/stream/films/images/...
--
End of file - 6291 bytes
Lassé par la pub ? Créez un compte
