Toujours trojan

myrpa -  
 V-X -
Bonjour,

désolée de vous embéter , mais moi aussi mon pc à chopé la grippe.

je me permets de vous transmettre le rapport.

si vous pouvez faire quelque chose pour moi, ce serait sympa.

merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:14:39, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\explorer.exe
E:\Program Files\FlashGet\flashget.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [401ae2ab] rundll32.exe "E:\WINDOWS\system32\fghbrpfp.dll",b
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [84110605906631516267167190579841] E:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "E:\WINDOWS\system32\explorer32.exe"
O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: eovrpb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5023 bytes
Configuration: Windows XP
Internet Explorer 6.0

54 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un utilisateur signale une infection sur un PC Windows XP SP2 avec un rapport HijackThis détaillant des processus et des modifications suspectes dans démarrage et modules DLL inhabituels.
Plusieurs éléments recommandent l’utilisation d’outils de nettoyage tels que OTMoveIt3 pour déplacer des fichiers nuisibles, suivis d’un diagnostic avec Malwarebytes et l’emploi de SmitFraudFix, tout en vérifiant les risques liés à Navilog1.
Des conseils insistent sur les mises à jour système et logiciels (Windows XP SP3, Adobe Flash, Reader) car les infections exploitent des vulnérabilités, et les antivirus peuvent sous-diagnostiquer.
Des analyses décrivent des fichiers DLL mémoire et des clés de registre liées à des menaces comme Trojan.Vundo, nécessitant une suppression en mode redémarrage sécurisée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. V-X
     
    Salut,

    commence par sa:

    ▶ Installe - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31)

    Option:1 => Recherche:

    Double cliquer sur SmitfraudFix.exe

    Sélectionner 1 et pressez =>Entrée dans le menu pour créer

    ▶ un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque

    système

    C:\rapport.txt et colle le rapport génèrer sur le forum.

    Ne pas faire l'option 2 sans un avis d'une personne compétente*<=

    Tutoriel Smitfraudix

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  2. myrpa
     
    après avoir suivi vos instructions, voici le rapport
    SmitFraudFix v2.387

    Rapport fait à 12:00:57,59, 30/12/2008
    Executé à partir de E:\Program Files\FlashGet\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\WINDOWS\system32\rundll32.exe
    E:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
    E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
    E:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Applications\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Applications\Microsoft Office\Office10\WINWORD.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\FlashGet\flashget.exe
    E:\Program Files\FlashGet\SmitfraudFix\Policies.exe
    E:\WINDOWS\system32\cmd.exe
    0
  3. V-X
     
    Re,

    Il est pas complet ton rapport "smithfraudix"..
    0
    1. myrpa
       
      désolée, je ne suis pas allée jusqu'au bout. je suis pas blonde mais....
      SmitFraudFix v2.387

      Rapport fait à 12:00:57,59, 30/12/2008
      Executé à partir de E:\Program Files\FlashGet\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\Explorer.EXE
      E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      E:\Program Files\Alwil Software\Avast4\ashServ.exe
      E:\WINDOWS\system32\spoolsv.exe
      E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      E:\WINDOWS\system32\nvsvc32.exe
      E:\WINDOWS\system32\svchost.exe
      E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      E:\Program Files\Alwil Software\Avast4\ashDisp.exe
      E:\WINDOWS\system32\rundll32.exe
      E:\Program Files\Windows Live\Messenger\msnmsgr.exe
      E:\WINDOWS\system32\ctfmon.exe
      E:\WINDOWS\system32\wscntfy.exe
      E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
      E:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Applications\Microsoft Office\Office10\OUTLOOK.EXE
      C:\Applications\Microsoft Office\Office10\WINWORD.EXE
      E:\Program Files\Internet Explorer\IEXPLORE.EXE
      E:\Program Files\FlashGet\flashget.exe
      E:\Program Files\FlashGet\SmitfraudFix\Policies.exe
      E:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» E:\


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrateur


      »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrateur\Application Data

      E:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau

      E:\DOCUME~1\ADMINI~1\Bureau\Antivirus 2009.lnk PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"="eovrpb.dll"


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: IEEE 802.11g USB Adapter - Odyssey Network Services Miniport
      DNS Server Search Order: 212.27.40.240
      DNS Server Search Order: 212.27.40.241

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  4. V-X
     
    Re,

    Maintenant fait ceci:

    2) Nettoyage:

    Redemarrer l'ordinateur en mode sans échec:

    Double cliquer sur smitfraudix:

    ▶ Sélectionner 2 et pressez Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

    ▶ A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et pressez Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection:.

    ▶ Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) et pressez Entrée pour remplacer le fichier corrompu:.

    ▶ Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt:

    Option::

    * Pour effacer la liste des sites de confiance et sensibles, sélectionner 3 et pressez Entrée dans le menu.

    A la question: Réinitialiser la liste des sites de confiance et sensibles ? répondre O (oui) et pressez Entrée afin de restaurer les zones de confiances et sensibles:.

    :FAUX POSITIF::

    process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. MYRPA
       
      voici le nouveau rapport

      maintenant j'ai des fenetres qui s'ouvrent en anglais (pub)


      SmitFraudFix v2.387

      Rapport fait à 16:51:10,00, 30/12/2008
      Executé à partir de E:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: IEEE 802.11g USB Adapter - Odyssey Network Services Miniport
      DNS Server Search Order: 212.27.40.240
      DNS Server Search Order: 212.27.40.241

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. V-X
     
    Re,

    Patience.......

    ▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur ' continue ' à l'écran Disclaimer.

    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
    ( log.txt & info.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. myrpa
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Administrateur at 2008-12-30 17:29:03
      Microsoft Windows XP Professionnel Service Pack 2
      System drive E: has 12 GB (40%) free of 31 GB
      Total RAM: 511 MB (25% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:29:12, on 30/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      E:\Program Files\Alwil Software\Avast4\ashServ.exe
      E:\Program Files\Alwil Software\Avast4\ashDisp.exe
      E:\WINDOWS\system32\rundll32.exe
      E:\Program Files\Windows Live\Messenger\msnmsgr.exe
      E:\WINDOWS\system32\ctfmon.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
      E:\WINDOWS\system32\spoolsv.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
      E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      E:\WINDOWS\system32\nvsvc32.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\system32\wscntfy.exe
      E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      E:\Program Files\Windows Live\Messenger\usnsvc.exe
      E:\WINDOWS\explorer.exe
      E:\Program Files\Mozilla Firefox\firefox.exe
      E:\Program Files\Internet Explorer\IEXPLORE.EXE
      E:\Program Files\FlashGet\flashget.exe
      C:\Downloads\RSIT.exe
      C:\Downloads\Administrateur.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {2A03942E-87EF-4BCC-B529-7C126185373E} - E:\WINDOWS\system32\urqolKBu.dll (file missing)
      O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\awtsTNFw.dll
      O2 - BHO: {b83dcfe6-d2ba-4bd9-7bd4-aa06ebf7f54a} - {a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} - E:\WINDOWS\system32\eovrpb.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {C8F3F067-79C3-4757-A705-C52042BA6972} - E:\WINDOWS\system32\mlJDSjiH.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [401ae2ab] rundll32.exe "E:\WINDOWS\system32\fghbrpfp.dll",b
      O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [84110605906631516267167190579841] E:\Program Files\Antivirus 2009\av2009.exe
      O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
      O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
      O20 - AppInit_DLLs: eovrpb.dll
      O20 - Winlogon Notify: awtsTNFw - E:\WINDOWS\SYSTEM32\awtsTNFw.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
      0
    2. myrpa
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Administrateur at 2008-12-30 17:29:03
      Microsoft Windows XP Professionnel Service Pack 2
      System drive E: has 12 GB (40%) free of 31 GB
      Total RAM: 511 MB (25% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:29:12, on 30/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      E:\Program Files\Alwil Software\Avast4\ashServ.exe
      E:\Program Files\Alwil Software\Avast4\ashDisp.exe
      E:\WINDOWS\system32\rundll32.exe
      E:\Program Files\Windows Live\Messenger\msnmsgr.exe
      E:\WINDOWS\system32\ctfmon.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
      E:\WINDOWS\system32\spoolsv.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
      E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      E:\WINDOWS\system32\nvsvc32.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\system32\wscntfy.exe
      E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      E:\Program Files\Windows Live\Messenger\usnsvc.exe
      E:\WINDOWS\explorer.exe
      E:\Program Files\Mozilla Firefox\firefox.exe
      E:\Program Files\Internet Explorer\IEXPLORE.EXE
      E:\Program Files\FlashGet\flashget.exe
      C:\Downloads\RSIT.exe
      C:\Downloads\Administrateur.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {2A03942E-87EF-4BCC-B529-7C126185373E} - E:\WINDOWS\system32\urqolKBu.dll (file missing)
      O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\awtsTNFw.dll
      O2 - BHO: {b83dcfe6-d2ba-4bd9-7bd4-aa06ebf7f54a} - {a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} - E:\WINDOWS\system32\eovrpb.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {C8F3F067-79C3-4757-A705-C52042BA6972} - E:\WINDOWS\system32\mlJDSjiH.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [401ae2ab] rundll32.exe "E:\WINDOWS\system32\fghbrpfp.dll",b
      O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [84110605906631516267167190579841] E:\Program Files\Antivirus 2009\av2009.exe
      O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
      O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
      O20 - AppInit_DLLs: eovrpb.dll
      O20 - Winlogon Notify: awtsTNFw - E:\WINDOWS\SYSTEM32\awtsTNFw.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
      0
  7. V-X
     
    Re,

    Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    Mets le à jour

    ▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

    ▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

    ▶ clique sur Rechercher

    ▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

    Tutoriel pour MalwareByte's
    0
  8. myrpa
     
    et voici la suite

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1577
    Windows 5.1.2600 Service Pack 2

    30/12/2008 19:32:37
    mbam-log-2008-12-30 (19-32-37).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 199264
    Temps écoulé: 1 hour(s), 4 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 171

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    E:\WINDOWS\system32\fghbrpfp.dll (Trojan.Vundo.H) -> Delete on reboot.
    E:\WINDOWS\system32\mlJDSjiH.dll (Trojan.Vundo.H) -> Delete on reboot.
    E:\WINDOWS\system32\eovrpb.dll (Trojan.Vundo) -> Delete on reboot.
    E:\WINDOWS\system32\awtsTNFw.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtstnfw (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8f3f067-79c3-4757-a705-c52042ba6972} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{c8f3f067-79c3-4757-a705-c52042ba6972} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8f3f067-79c3-4757-a705-c52042ba6972} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\IST (Trojan.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\401ae2ab (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84110605906631516267167190579841 (Rogue.Antivirus) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\mljdsjih -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: e:\windows\system32\mljdsjih -> Delete on reboot.

    Dossier(s) infecté(s):
    E:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    E:\WINDOWS\system32\awtsTNFw.dll (Trojan.Vundo.H) -> Delete on reboot.
    E:\WINDOWS\system32\eovrpb.dll (Trojan.Vundo.H) -> Delete on reboot.
    E:\WINDOWS\system32\mlJDSjiH.dll (Trojan.Vundo.H) -> Delete on reboot.
    E:\WINDOWS\system32\HijSDJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\HijSDJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fghbrpfp.dll (Trojan.Vundo.H) -> Delete on reboot.
    E:\WINDOWS\system32\pfprbhgf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP881\A0068379.com (Backdoor.RBot) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP882\A0069017.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP882\A0069084.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP882\A0069096.exe (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP882\A0069099.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP882\A0069115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP883\A0069133.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP883\A0069158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{BD73606E-30DE-405A-B945-0485062239E7}\RP883\A0070183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\cbXOIcaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\cbXPgedb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\cbXQhhEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\cbXqOhIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\cbXRIcAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\cbXRIxUo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccaBrqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccbATlI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccbcaba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccbcbAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccccbxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccccDst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\fccyvULc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnkjIxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnkkliG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnkkllK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnlJaYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnlKBsQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnlMcdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnmKEvU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnnnLFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnomjjI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnooLCt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\opnopqQH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnljJCr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnlkiFW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnlmnOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnMDUkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnMeBQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnMGAqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnmlmll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnnLDUn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnnNfDS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pmnOfDwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\rqRKETml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\rqRkKEwX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\rqRLcDTn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\rqRLdBtU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wbfmoc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vnrmsf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\geBuUnkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtqqpQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtrSiHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtrSjJB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtsRlJD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtTmLfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awttqqOH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awturOEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtuuVPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\awtuVMGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\efcBqpPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\efcBTmJd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\efcCrPfE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\efcYQJbY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\hgGwVNDW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\hgGxWnLF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\hgGxXrSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\hgGyvVpO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifcCsTL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifdbYoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifdCrqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifdcyvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifDwvSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifebCSm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifeeEVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iiffDWMf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\iifFYSMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\lqauqpsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\mlJBSJDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\mlJBSjkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\mlJCUkLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\mlJDtuVL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\tuvSkIYp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\tuvTlKDv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\tuvWnlmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\tuvWPHXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqOGvUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqPgEVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqPgGAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqPJYoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqRIBQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqRLddE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ssqrSMdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\khfCuSlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\khffEuro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\khfFXrQH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\urqOEtur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\urqPggdE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\urqPhgee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\urqPiGVM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\nnnkHaAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\nnnkIyVO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\nnnmmkiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\nnnnOEtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\nnnnOiFv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\nnnoLCvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\byXNeBtU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\byXPJBRH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\byXQHaXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\byXQHYPI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\byXRjhed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\byXrrRLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUlMcAq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUkiFXp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvoaue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvUkLCro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvUliJdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvUmjGVm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvUmkjGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvUnOFvU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\wvUnomjK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\qoMCsRHA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\qoMeDVPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\qoMExVOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\qyrismqw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ljJARHxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ljJCULFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ljJYPgHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\jkkHXqrO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\jkkJaawv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\jkkJawxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\jkkjIbxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\jkkLeDWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\xxyWOihI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\xxywWmkH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\xxyXNhhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\xxyyWPHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayaAtSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayAQGWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayaXPFy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayvTnmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayvWpnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayvWqpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayWQHXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yaywWnOe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\yayxXPFw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\oxpokkiv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\pabwcrjq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcBSLcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcBSMed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddccdArR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcCSIbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcCVOGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcDtRjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcDvwWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcDwvsq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcyaXpN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcYOeBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\ddcYsRHW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUmKCro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUmnMfE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUnnKDT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUOiGaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUoOHbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\WINDOWS\system32\vtUopPjK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  9. V-X
     
    Re,

    Très bien il en a des trucs...

    Redémarre ton pc et tu me refait un log avec RSIT.
    0
  10. myrpa
     
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Administrateur at 2008-12-30 20:22:09
    Microsoft Windows XP Professionnel Service Pack 2
    System drive E: has 12 GB (40%) free of 31 GB
    Total RAM: 511 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:22:10, on 30/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
    E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\Program Files\Windows Live\Messenger\usnsvc.exe
    E:\Program Files\FlashGet\flashget.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Downloads\RSIT.exe
    C:\Downloads\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2A03942E-87EF-4BCC-B529-7C126185373E} - E:\WINDOWS\system32\urqolKBu.dll (file missing)
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
    O20 - AppInit_DLLs: eovrpb.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    0
  11. V-X
     
    Re,

    Il en reste !!

    Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

    Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
    Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    !! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

    ---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    --->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

    Tuto ici : TUTO
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  12. myrpa
     
    j'ai jeté avast est ce que je dois jeter malware et smitfraudfix ?
    0
    1. myrpa
       
      je crois que pour ce soir c'est rapé j'ai pas de disquette ni le cd sur place

      a plus tard bonne soirée
      0
  13. V-X
     
    Re,

    La console de récupératio et recommander mais pas obligatoire.

    Tu désactive tes défences et tu passe combofix.

    Simithfraudix et malwarebyte n'influe pas le passage de combofix.
    0
    1. MYRPA
       
      Merci beaucoup pour ton aide, mon système semble de plus en plus stable :)
      Voici le contenu du fichier combofix.txt:

      ComboFix 08-12-30.02 - Administrateur 2008-12-31 12:08:30.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.181 [GMT 1:00]
      Lancé depuis: e:\documents and settings\Administrateur\Bureau\ComboFix.exe
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      e:\windows\system32\lxlmqenh.ini
      e:\windows\system32\prahbghr.ini
      e:\windows\system32\tmp.reg
      e:\windows\system32\uBKloqru.ini
      e:\windows\system32\uBKloqru.ini2
      e:\windows\system32\upsmegdv.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_BOONTY_GAMES
      -------\Service_Boonty Games


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-30 18:27 . 2008-12-30 18:27 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Malwarebytes
      2008-12-30 18:26 . 2008-12-30 18:26 <REP> d-------- E:\Malwarebytes' Anti-Malware
      2008-12-30 18:26 . 2008-12-30 18:26 <REP> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
      2008-12-30 18:26 . 2008-12-03 19:52 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
      2008-12-30 18:26 . 2008-12-03 19:52 15,504 --a------ e:\windows\system32\drivers\mbam.sys
      2008-12-30 17:29 . 2008-12-30 17:29 <REP> d-------- E:\rsit
      2008-12-27 19:00 . 2008-12-29 16:14 <REP> d-------- E:\MSNFix
      2008-12-27 19:00 . 2008-12-27 19:00 1,695,738 --a------ E:\MSNFix.7z
      2008-12-16 14:43 . 2008-12-16 14:43 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Eyeblaster
      2008-12-02 15:48 . 2008-12-02 15:48 <REP> d-------- e:\documents and settings\All Users\Application Data\GameHouse
      2008-11-26 17:20 . 2008-11-26 17:20 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Playrix Entertainment
      2008-11-26 15:57 . 2008-11-26 16:01 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Ancient Quest of Saqqarah__gamehouse
      2008-11-18 13:03 . 2008-11-18 13:03 <REP> d-------- e:\program files\uTorrent
      2008-11-18 13:03 . 2008-12-24 06:44 <REP> d-------- e:\documents and settings\Administrateur\Application Data\uTorrent
      2008-11-18 09:45 . 2008-11-18 09:45 <REP> d-------- e:\documents and settings\All Users\Application Data\NVIDIA
      2008-11-07 12:41 . 2008-12-22 17:51 81,262 --a------ e:\windows\SGTBox.INI

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-30 20:18 --------- d-----w e:\program files\FlashGet
      2008-12-25 18:09 --------- d-----w e:\program files\eMule
      2008-12-23 11:15 --------- d-----w e:\program files\PCStitch 7
      2008-12-16 13:42 --------- d-----w e:\program files\Zylom Games
      2008-12-14 08:34 --------- d-----w e:\program files\Windows Live Safety Center
      2008-11-26 16:20 --------- d-----w e:\documents and settings\Administrateur\Application Data\Zylom
      2008-11-08 20:44 --------- d--h--w e:\program files\InstallShield Installation Information
      2008-11-08 20:44 --------- d-----w e:\program files\Micro Application
      2008-11-05 19:50 --------- d-----w e:\program files\PCStitch Pro
      2008-09-13 15:20 23,352 ----a-w e:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
      2007-02-07 18:53 81,920 ----a-w e:\documents and settings\Administrateur\Application Data\ezpinst.exe
      2007-02-07 18:53 47,360 ----a-w e:\documents and settings\Administrateur\Application Data\pcouffin.sys
      2007-01-17 09:50 774,144 ----a-w e:\program files\RngInterstitial.dll
      2007-01-08 18:29 54 ----a-w e:\program files\delir.gio
      2004-08-09 21:30 40,960 ----a-w e:\program files\Uninstall_CDS.exe
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
      "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

      e:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      IEEE 802.11g USB Adapter Utility.lnk - e:\program files\Wireless\IEEE802.11g WLAN USB Adapter\Startup.EXE [2007-05-25 24576]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=eovrpb.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.iac2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax
      "VIDC.VP40"= vp4vfw.dll
      "vidc.avrn"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
      "vidc.advj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
      "vidc.mszh"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avimszh.dll
      "vidc.zlib"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avizlib.dll
      "vidc.cscd"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\camcodec.dll
      "vidc.cvid"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\iccvid.dll
      "msacm.trspch"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\tssoft32.acm
      "vidc.em2v"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\etxcodec.dll
      "vidc.mkvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll
      "vidc.hfyu"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\huffyuv.dll
      "msacm.lameacm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\lameacm.acm
      "msacm.lhacm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\lhacm.acm
      "msacm.l3acm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\l3codecp.acm
      "vidc.sjpg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
      "vidc.dmb2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
      "vidc.gepj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
      "vidc.qpeg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
      "vidc.q1.0"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
      "msacm.sl_anet"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\sl_anet.acm
      "vidc.vifp"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\vfcodec.dll
      "vidc.wrpr"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\aviwrap.dll
      "vidc.wnv1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll
      "vidc.advs"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Adaptec\Dvc.dll
      "vidc.aflc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
      "vidc.afli"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
      "vidc.aasc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
      "vidc.aas4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
      "vidc.asv1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll
      "vidc.asv2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
      "vidc.asvx"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
      "vidc.vcr1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll
      "vidc.vcr2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll
      "vidc.yv12"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.DLL
      "vidc.mwv1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll
      "vidc.bt20"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
      "vidc.y41p"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
      "msacm.pcdv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm
      "vidc.cdvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Canopus\CSCCDVC.DLL
      "vidc.ddvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Canopus\CSCdvsd.DLL
      "vidc.png1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll
      "msacm.CoreFLAC_ACM"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm
      "vidc.davc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll
      "vidc.div3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
      "vidc.div5"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
      "vidc.mpg3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
      "vidc.div4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
      "vidc.div6"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
      "vidc.ap41"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
      "vidc.dvx4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\divx4.dll
      "msacm.divxa32"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm
      "vidc.frwd"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
      "vidc.frwt"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
      "vidc.frwa"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll
      "vidc.frwu"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll
      "vidc.glzw"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Gabest\GLZW.dll
      "vidc.gpeg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Gabest\GPEG.dll
      "vidc.i263"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv
      "vidc.iv30"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv31"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv32"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv33"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv34"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv35"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv36"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv37"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv38"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv39"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
      "vidc.iv40"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv41"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv42"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv43"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv44"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv45"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv46"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv47"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv48"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv49"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
      "vidc.iv50"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll
      "vidc.iyuv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll
      "vidc.yvu9"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\Iyvu9_32.dll
      "vidc.ir21"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
      "vidc.rt21"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
      "msacm.imc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\IMC32.ACM
      "vidc.lead"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\LEAD\LCODCCMP.DLL
      "vidc.dvsd"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
      "vidc.dvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
      "vidc.dvcs"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
      "vidc.dcmj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
      "vidc.avi1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
      "vidc.avi2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
      "vidc.dv25"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.dv50"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.msmc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mmjp"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx5"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx6"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx7"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx8"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mtx9"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "vidc.mmes"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
      "msacm.msadpcm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm
      "msacm.imaadpcm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm
      "msacm.msg711"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm
      "msacm.msg723"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm
      "msacm.msgsm610"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm
      "vidc.m261"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv
      "vidc.m263"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
      "vidc.i420"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
      "vidc.mrle"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll
      "vidc.uyvy"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
      "vidc.yuy2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
      "vidc.yvyu"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
      "vidc.msvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
      "vidc.cram"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
      "vidc.mp41"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
      "vidc.mp43"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
      "vidc.mp4s"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
      "vidc.mp4v"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
      "vidc.wmv3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\WMV9VCM.dll
      "msacm.msaudio1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm
      "vidc.vixl"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Miro\miroxl32.dll
      "vidc.nt00"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll
      "msacm.vorbis"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm
      "vidc.vp30"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
      "vidc.vp31"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
      "vidc.vp60"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
      "vidc.vp61"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
      "vidc.pdvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
      "vidc.ipdv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
      "vidc.pvw2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll
      "vidc.pimj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll
      "vidc.mjpx"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll
      "vidc.miro"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
      "vidc.dcap"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
      "vidc.mjpa"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
      "vidc.gpjm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
      "vidc.pim1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll
      "msacm.qmpeg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm
      "vidc.rmp4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll
      "vidc.rud0"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll
      "msacm.at3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm
      "vidc.sony"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
      "vidc.dvcp"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
      "vidc.s422"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll
      "vidc.t420"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
      "vidc.y411"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
      "vidc.vssv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll
      "msacm.voxacm160"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm

      [HKLM\~\startupfolder\E:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
      path=e:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
      backup=e:\windows\pss\Pense-bête.lnkStartup

      [HKLM\~\startupfolder\E:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Personal Player.lnk]
      path=e:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Personal Player.lnk
      backup=e:\windows\pss\Personal Player.lnkStartup

      [HKLM\~\startupfolder\E:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Trillian.lnk]
      path=e:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Trillian.lnk
      backup=e:\windows\pss\Trillian.lnkStartup

      [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
      path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
      backup=e:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=e:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
      path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
      backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      --a------ 2004-08-04 01:54 15360 e:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
      --a------ 2002-12-05 13:43 188416 e:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
      --------- 2004-07-26 18:14 1867776 e:\program files\Ahead\Nero BackItUp\NBJ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      -ra------ 2001-07-09 10:50 155648 e:\windows\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2006-10-22 12:22 7700480 e:\windows\system32\nvcpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2006-10-22 12:22 86016 e:\windows\system32\nvmctray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2008-02-26 02:23 443968 e:\program files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2004-06-28 20:29 32768 e:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2004-06-03 22:05 32881 e:\program files\Java\j2re1.4.2_05\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2006-06-21 18:14 35328 e:\program files\WINAMP\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2006-10-22 12:22 1622016 e:\windows\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
      -ra------ 2005-06-08 01:31 77824 e:\windows\SOUNDMAN.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
      -ra------ 2005-05-13 05:57 53248 e:\windows\system32\VTTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
      -ra------ 2005-05-13 05:57 143360 e:\windows\system32\VTTrayp.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "e:\\WINDOWS\\system32\\sessmgr.exe"=
      "e:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
      "e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\utilitaire\\Applications\\Emule\\emule.exe"=
      "e:\\Program Files\\eMule\\emule.exe"=
      "e:\\Program Files\\uTorrent\\uTorrent.exe"=

      R2 NwSapAgent;Agent SAP;e:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
      R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);e:\windows\system32\DRIVERS\zd1211u.sys [2006-09-18 259584]
      S3 maconfservice;Ma-Config Service;"e:\program files\ma-config.com\maconfservice.exe" [2008-07-25 191656]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
      \Shell\AutoRun\command - K:\Setup.exe
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{2A03942E-87EF-4BCC-B529-7C126185373E} - e:\windows\system32\urqolKBu.dll
      MSConfigStartUp-DAEMON Tools - c:\applications\Utilitaires\DAEMON Tools\daemon.exe
      MSConfigStartUp-ReJf5vH - e:\windows\wulhk.exe
      MSConfigStartUp-SDR6V_Check - e:\program files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
      MSConfigStartUp-SurfAccuracy - e:\program files\SurfAccuracy\SAcc.exe
      MSConfigStartUp-swg - e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      MSConfigStartUp-Uniblue RegistryBooster 2 - e:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
      MSConfigStartUp-WindowsServicesStartup - e:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.exe


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.fr/
      IE: E&xporter vers Microsoft Excel - c:\applications\Microsoft Office\Office10\EXCEL.EXE/3000
      IE: Tout télécharger avec FlashGet - e:\program files\FlashGet\jc_all.htm
      IE: Télécharger avec FlashGet - e:\program files\FlashGet\jc_link.htm
      IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - c:\applications\Poker\mrbookmakerfrMPP\MPPoker.exe

      O16 -: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
      e:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
      FF - ProfilePath - e:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
      FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
      FF - plugin: e:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: e:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
      FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll
      FF - plugin: e:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: e:\program files\Mozilla Firefox\plugins\npgcplug.dll
      FF - plugin: e:\program files\Mozilla Firefox\plugins\npornap.dll
      FF - plugin: e:\program files\Mozilla Firefox\plugins\npracplug.dll
      FF - plugin: e:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
      FF - plugin: e:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
      FF - plugin: e:\program files\Virtools\3D Life Player\npvirtools.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-31 12:13:55
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
      @Security="Inherited"
      "??"=hex:78,c8,53,b4,23,12,41,4e,e5,30,09,d1,77,37,42,36,23,39,d7,f7,a2,23,1d,\
      4a,ad,e1,22,db,28,28,ee,fc,0c,e1,f1,6a,23,7a,11,1e,85,4b,cb,a6,0a,d8,e6,85,\
      86,3d,97,2a,8a,61,bb,85,7e,a9,8f,12,03,9c,fd,94,73,2d,ee,e3,ee,ff,0e,54,68,\
      92,0c,cc,68,fd,b5,d8,83,b4,ba,9d,5d,06,67,55,56,19,53,5b,d0,c8,d6,43,c5,fc,\
      e5,a6,ef,9b,de,93,18,1f,d6,3e,b6,0b,55,53,10,3f,26,30,24,2e,a4,7f,aa,82,6d,\
      4b,35,4a,ba,41,a2,70,d5,5f,b3,e4,af,8a,4b,15,da,63,5c,68,be,86,98,01,c8,16,\
      df,e8,da,ef,5f,90,23,4f,d2,26,24,0e,ee,40,20,d3,f0,34,fe,46,7e,33,79,00,19,\
      a9,73,97,f3,66,a7,14,3a,48,64,98,11,aa,f3,58,2b,17,d2,bc,fb,19,9d,ab,72,b3,\
      0d,37,71,7f,d4,40,55,4f,24,84,87,80,0c,06,08,f3,c5,5f,71,df,46,b5,77,e4,4b,\
      7a,4c,cc,f2,bc,40,ac,30,1a,5b,c4,20,b1,16,a9,f1,9f,8b,8a,99,ac,e4,08,04,77,\
      27,e4,c8,fb,29,60,8f,bc,8e,42,35,f2,dd,55,0a,5f,96,0d,65,72,92,0a,8d,d0,2f,\
      1d,c4,b0,d1,6f,c4,94,26,96,b2,c0,b7,0f,75,99,8c,e3,30,74,f5,3e,cc,27,53,74,\
      57,97,48,ad,ad,86,de,6a,a2,cf,b3,8d,9f,a8,f0,bd,c5,ea,0c,e5,6f,04,c6,8b,70,\
      69,a9,fb,22,82,bf,2d,1b,0c,eb,f4,d4,7d,24,2a,8c,0a,fa,6a,86,dd,66,3f,95,bb,\
      ba,b2,5a,4e,1d,09,1d,ce,9f,49,c3,60,dc,e1,b7,56,ca,52,00,c9,99,ee,45,25,2b,\
      ff,c2,c6,73,69,98,7e,4a,d8,1a,13,d8,f2,52,81,ea,b1,f4,b1,90,2b,1c,0b,a7,e2,\
      1c,c2,44,e1,5f,ee,49,60,6d,c4,5d,80,0c,0a,8a,75,66,48,15,52,f7,34,e5,ed,6f,\
      5c,82,40,10,6c,eb,3e,31,28,e2,a5,60,a9,aa,17,5d,d3,b6,1d,03,2c,85,3b,f3,6b,\
      8d,f3,6a,16,f9,0e,69,40,b3,aa,58,51,4c,ae,5d,3c,cd,b0,c0,79,90,79,a1,78,07,\
      88,de,a0,37,6b,39,d9,b9,cb,60,c3,db,c4,03,b0,7d,2f,a6,cf,e5,32,37,f9,a2,60,\
      58,e9,4d,04,04,95,5c,9b,e6,0b,b5,07,9b,d1,ad,07,bc,26,43,2c,97,9e,8c,3d,a5,\
      bc,fe,5a,02,38,e8,58,ac,89,99,07,f1,e8,e9,eb,e9,96,fc,ad,5a,3d,8c,09,fe,ec,\
      b3,23,1d,e5,5d,4b,e3,68,1d,8b,bf,a3,90,61,e6,7a,f7,7a,2b,77,ee,ab,e1,30,09,\
      8b,8e,10,b3,c3,2b,50,02,91,68,3d,65,e4,40,75,d4,e6,13,f0,c6,38,48,00,5a,9c,\
      c5,be,78,fc,bc,ac,03,db,db,b6,67,f0,b4,75,f7,b6,d7,76,1f,5b,f9,52,46,b2,92,\
      3e,5c,84,dd,82,f0,b8,d0,22,0a,5e,a0,6d,0a,10,cd,0b,82,54,1d,5d,ad,3a,36,12,\
      f1,56,22,40,f3,be,23,65,72,11,21,e1,8f,e0,b5,fe,bf,c6,64,09,d7,b3,b4,d8,c8,\
      72,e5,46,7f,5a,35,3c,03,80,88,ee,24,c5,2b,2b,4f,3a,43,d3,60,37,78,b5,3f,d5,\
      f4,6b,9f,75,4f,17,e0,7d,6c,9d,43,bd,c3,1c,e6,72,89,e4,de,5c,72,8f,6a,01,5b,\
      83,d8,f8,06,90,28,7d,dc,03,0a,88,6a,a8,49,b7,17,37,ce,16,11,f3,5a,a4,5c,2a,\
      ca,8f,96,41,5b,41,8b,49,1b,2f,3f,e5,f5,c4,0e,75,ee,04,fe,8c,02,1d,a4,2e,a1,\
      0a,8a,47,30,d2,a6,bb,d6,0c,ee,f3,c7,bf,19,50,a9,ca,19,ab,ea,a6,dc,4d,57,77,\
      5d,f7,38,7a,5d,62,f9,cf,8e,67,fb,01,ac,86,2f,a8,1a,91,61,67,9e,8f,8f,81,cc,\
      fb,c2,4e,43,44,11,06,ea,80,5e,9c,1b,3d,74,16,4c,de,a2,78,7a,f2,bc,e3,af,5b,\
      51,ee,23,f5,50,20,55,5d,9a,14,9b,93,73,62,7b,18,d5,a2,da,6d,63,fa,86,79,f2,\
      f1,21,fd,be,57,c0,80,ce,c8,25,51,44,62,68,9f,f6,9a,50,4f,b0,44,5c,03,16,dd,\
      e9,16,64,58,da,e0,b9,0f,d6,17,80,54,fd,0c,2f,cd,43,c1,a7,92,68,27,85,de,f1,\
      90,83,10,2e,9b,72,a9,4c,00,1e,7b,48,81,3e,2a,bc,5e,66,d2,5f,20,58,ee,fe,f6,\
      0b,7a,84,b8,93,db,99,2b,87,46,de,99,05,85,cd,78,90,7f,a3,c7,8f,47,64,5b,c7,\
      9f,05,73,8e,fb,b6,05,92,36,95,84,81,98,c2,0f,b1,25,a0,62,61,64,29,8f,03,c2,\
      0e,01,7a,8f,f6,3a,b9,62,e2,7b,fe,07,52,f3,41,8b,82,bd,b1,d7,42,5f,99,10,89,\
      53,d2,74,95,a3,cb,10,d2,19,28,0c,0d,55,89,13,45,ac,f6,22,5a,9a,54,ef,5a,73,\
      8c,45,ea,1b,da,ad,03,f5,1a,03,dd,82,53,5a,57,5b,ef,ec,d8,6f,7f,48,6e,61,08,\
      99,61,d8,3f,4b,9f,c7,49,92,72,91,3f,e8,d3,2b,30,1d,e1,11,c8,41,20,9e,0e,70,\
      54,7f,fd,f9,f7,7d,2b,bb,a3,4c,3e,1b,71,05,93,ba,a9,97,35,f6,96,85,d5,02,a3,\
      65,fa,ec,fd,3f,1a,fc,ba,b0,44,1e,ca,3d,93,04,f0,1e,c7,e1,0b,ed,e1,34,e7,04,\
      5b,79,17,b1,71,23,d9,67,e8,8d,01,50,d7,be,20,be,fd,83,6e,85,71,49,17,86,73,\
      dc,37,91,76,bf,9a,2d,09,2a,31,96,3c,32,46,60,f2,a1,fb,d1,87,13,b1,50,61,d1,\
      a8,f1,88,82,11,23,b2,a3,77,45,8d,1c,0e,c2,85,20,cd,30,83,8e,7d,ec,66,2a,97,\
      82,36,e7,e9,ae,3e,06,36,88,15,7a,04,96,0e,07,ca,1c,8d,fb,da,73,37,eb,26,80,\
      28,ca,93,39,8f,dc,e9,7a,85,08,fc,0c,b9,d4,ae,a3,c8,88,e6,a8,98,8f,8f,a0,98,\
      05,0a,79,a6,24,7d,2d,0c,44,03,9d,0c,a8,73,4c,70,c5,65,cb,34,27,ee,b3,19,d0,\
      f1,db,21,7c,cf,48,45,0f,e0,5c,25,bb,67,35,78,d3,47,66,a6,6a,e7,67,83,31,21,\
      0f,4d,9a,90,3d,62,f2,7a,e4,b9,2e,38,fd,22,e3,b6,44,af,d9,be,0d,ed,e3,35,84,\
      b2,1d,44,f2,53,42,c8,6f,8a,dc,ce,6e,96,ad,6f,f8,e9,a1,74,45,30,06,f3,29,8d,\
      8d,84,d7,81,27,ba,52,1e,92,5c,f6,e0,f6,7d,68,89,92,22,f1,48,c9,6e,5d,7c,c8,\
      96,8c,b7,02,b7,d6,7d,2d,7e,d6,09,da,4b,86,ab,e1,bc,31,34,bc,ab,44,4c,15,e6,\
      39,30,31,ad,03,d5,fc,3e,29,42,05,57,6d,f5,3c,76,31,22,30,79,12,a0,7e,b6,da,\
      91,e5,1a,9e,6f,bc,2a,e0,4b,bc,96,47,47,cf,a2,e5,b8,10,3d,5d,ed,c1,32,7e,f6,\
      b4,60,05,10,fb,0f,bc,a4,e5,d8,e5,aa,b7,70,5f,50,02,d4,79,b1,d9,9d,06,67,fd,\
      4f,8e,46,a0,b5,07,07,16,a7,e3,e8,f0,c1,76,b8,48,8d,3c,9b,42,2b,fa,cb,9a,44,\
      fb,5e,c9,15,09,08,df,3d,0a,bd,d9,53,f6,c4,64,42,7e,c2,dc,e6,a2,3a,17,81,19,\
      f2,69,9c,e6,94,35,13,92,f4,97,e3,54,90,d2,46,35,17,a4,85,54,a6,0f,e9,39,97,\
      45,51,2f,c0,39,e0,a1,22,97,c5,a9,2e,f8,33,c9,28,56,91,0f,06,43,45,30,7f,7c,\
      81,2c,f5,e8,54,30,64,2d,e4,91,ac,67,1b,cd,54,dc,f4,28,2b,07,3e,95,ec,67,c6,\
      27,e1,5f,4c,51,30,69,c6,40,aa,06,69,e7,98,26,bd,08,be,18,5c,1a,cc,e0,95,05,\
      d6,8e,ac,2f,6d,9f,c7,ba,ac,74,ec,46,6d,0b,79,e1,ea,7c,ab,6c,7e,2e,01,dc,e9,\
      8f,07,f6,78,09,7f,99,f3,9d,f0,46,d9,8f,50,6f,1c,82,97,e1,ba,95,89,7e,5c,9e,\
      af,b3,aa,75,e6,c2,6e,98,5d,18,9e,50,1b,85,13,6b,c8,26,2c,a0,7f,2b,1d,9f,c4,\
      13,e9,8e,d0,55,9e,2b,5e,80,97,37,92,b8,79,13,d5,94,d8,fa,5a,84,0a,28,44,44,\
      03,8d,cd,cb,24,fd,ce,d3,79,e6,8b,53,25,de,f1,6b,15,5b,85,91,fb,ca,92,fe,4b,\
      8d,eb,6e,e8,47,89,fe,3c,80,c7,cc,4b,ee,8f,8b,ed,99,95,09,8d,1c,0d,ac,e3,41,\
      fc,df,90,d5,9e,9f,c6,9b,71,43,5b,b0,88,ee,c6,97,f8,e8,20,70,65,31,87,1f,68,\
      d8,f6,49,62,bf,7a,b6,c0,5c,f3,32,fe,4f,84,e5,a6,71,0c,92,9f,d2,c8,5f,93,37,\
      ab,ae,1d,4b,39,33,be,32,06,8e,bb,13,55,53,80,8f,95,c3,6f,5b,c5,e0,45,58,a9,\
      68,6a,d2,a9,78,6a,d2,b9
      "??"=hex:4e,37,0b,d5,d4,34,ac,6b,ea,a7,71,03,a7,20,38,58

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
      @Owner=Administrator
      @Denied: (A 2) (Everyone)
      @Denied: (A 2) (S-1-5-7)
      @="FlashProp Class"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
      @Owner=Administrator
      @="e:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9c.ocx"
      "ThreadingModel"="Apartment"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
      @Owner=Administrator
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1020)
      e:\program files\Funk Software\Odyssey Client\odLogin.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      e:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      e:\windows\system32\nvsvc32.exe
      e:\program files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
      e:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-12-31 12:15:37 - La machine a redémarré
      ComboFix-quarantined-files.txt 2008-12-31 11:15:33

      Avant-CF: 12 887 547 904 octets libres
      Après-CF: 13,730,983,936 octets libres

      WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

      452 --- E O F --- 2008-10-24 19:33:20

      Visiblement des personnes dans mon entourage ont attrapé la même bebête, si je suis les mêmes procédures que celles que tu m'a décrites jusque là, est-ce que cela fonctionnera ? Ou mieux-vaut il passer par le forum pour être sur de ne pas faire de bétises ? :)
      Encore merci !
      0
  14. V-X
     
    Re,

    Pendant que je regarde ton rapport dit leur de venir sur Comment ç a marche .

    CHAQUE PC ET DIFFERENT ET DE MEME POUR LES INFECTIONS

    A++
    0
  15. V-X
     
    Re,

    Redémarre ton pc normalement et tu me refait un rapport avec RSIT.
    0
  16. MYRPA
     
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Administrateur at 2008-12-31 12:42:41
    Microsoft Windows XP Professionnel Service Pack 2
    System drive E: has 13 GB (42%) free of 31 GB
    Total RAM: 511 MB (58% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:42:44, on 31/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Downloads\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
    O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
    O20 - AppInit_DLLs: eovrpb.dll
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    0
  17. V-X
     
    Re,

    ▶ Installe NAVILOG1

    Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

    ▶ Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
    / !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\

    Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe

    (Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

    Une fois l'installation terminé, pour lancer le fix :

    - en utilisant le raccourci crée sur le bureau : Navilog1

    - Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

    Après le choix de la langue et les messages d'avertissement, le menu s'affiche.

    Faite le choix 1

    Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.

    (si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

    Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. MYRPA
       
      Voici le résultat :)

      Search Navipromo version 3.7.0 commencé le 31/12/2008 à 13:04:46,95

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis E:\Program Files\navilog1

      Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
      BIOS : Award Modular BIOS v6.00PG
      USER : Administrateur ( Administrator )
      BOOT : Normal boot




      C:\ (Local Disk) - NTFS - Total:78 Go (Free:33 Go)
      D:\ (Local Disk) - NTFS - Total:78 Go (Free:29 Go)
      E:\ (Local Disk) - NTFS - Total:30 Go (Free:12 Go)
      F:\ (CD or DVD)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)
      J:\ (USB)
      K:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
      L:\ (CD or DVD)


      Recherche executé en mode normal

      *** Recherche Programmes installés ***


      *** Recherche dossiers dans "E:\WINDOWS" ***


      *** Recherche dossiers dans "E:\Program Files" ***


      *** Recherche dossiers dans "E:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Recherche dossiers dans "E:\Documents and Settings\All Users\menudm~1" ***


      *** Recherche dossiers dans "e:\docume~1\alluse~1\applic~1" ***


      *** Recherche dossiers dans "E:\Documents and Settings\Administrateur\applic~1" ***


      *** Recherche dossiers dans "E:\Documents and Settings\Administrateur\locals~1\applic~1" ***


      *** Recherche dossiers dans "E:\Documents and Settings\Administrateur\menudm~1\progra~1" ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "E:\WINDOWS\system32" *

      * Recherche dans "E:\Documents and Settings\Administrateur\locals~1\applic~1" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***
      !! Les clés trouvées ne sont pas forcément infectées !!


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "E:\WINDOWS\system32" :


      * Dans "E:\Documents and Settings\Administrateur\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche autres dossiers et fichiers connus :



      *** Analyse terminée le 31/12/2008 à 13:05:43,18 ***
      0
  18. V-X
     
    Re,

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :files
    :\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. MYRPA
       
      Re,

      petit problème, il ne semble pas reconnaître la commande:

      ========== FILES ==========
      Error: Unable to interpret <:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe > in the current context!

      OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_142153


      (j'ai également tenté en préfixant la commande avec la lettre de ma partition Windows mais il indique alors qu'il ne trouve pas le répertoire).

      Ai-je manqué quelque chose ?
      0
  19. V-X
     
    Re,

    Oui peut être sa.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    :\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. MYRPA
       
      Voici le rapport:

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      Error: Unable to interpret <:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe> in the current context!
      ========== COMMANDS ==========
      File delete failed. E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_32vEg3XoYaZyGX37Ock7 scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_142831

      Files moved on Reboot...
      File E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_32vEg3XoYaZyGX37Ock7 not found!
      File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\XUL.mfl moved successfully.
      0
  20. V-X
     
    Re,

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    E:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. MYRPA
       
      Le voici :)

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder E:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe not found.
      ========== COMMANDS ==========
      File delete failed. E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pdj7ITAVnOadTtN0Kshn scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_144126

      Files moved on Reboot...
      File E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pdj7ITAVnOadTtN0Kshn not found!
      File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ moved successfully.
      E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite moved successfully.
      0
  21. V-X
     
    Re,

    Redémarre ton pc et refait un log avec RSIT.
    0
    1. MYRPA
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Administrateur at 2008-12-31 16:57:35
      Microsoft Windows XP Professionnel Service Pack 2
      System drive E: has 13 GB (42%) free of 31 GB
      Total RAM: 511 MB (58% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:57:38, on 31/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\system32\spoolsv.exe
      E:\WINDOWS\Explorer.EXE
      E:\Program Files\Windows Live\Messenger\msnmsgr.exe
      E:\WINDOWS\system32\ctfmon.exe
      E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      E:\WINDOWS\system32\nvsvc32.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
      E:\WINDOWS\system32\svchost.exe
      E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
      E:\WINDOWS\system32\wscntfy.exe
      E:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\Downloads\Administrateur.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
      O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
      O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
      O20 - AppInit_DLLs: eovrpb.dll
      O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
      0
  • 1
  • 2
  • 3