PC infecté help

cedric33 -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,

Mon pc est infecté par pas mal de virus. Je n'arrive plus à me connecter à internet.
J'ai fait un scan avec combofix et hijack. je vous poste les deux rapports si un oeil compétent avait l'amabilité de les consulter ce serait sympa.

Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:44 AM, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system\msrsys32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\ProtectTools\Embedded Security Software\SpTna.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\system\msile.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bem.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bordeaux-bs.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.icservic.com/proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bem.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll - {C5BF40A2-94F3-42BD-F434-1604812C8955} - C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-770459649-142141447-3739184512-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O22 - SharedTaskScheduler: klj3r93iorkemnfaja93riemef - {C5BF40A2-94F3-42BD-F434-1604812C8955} - C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe
O23 - Service: MSR System Service (msrsys) - Unknown owner - C:\WINDOWS\system\msrsys32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Telephony (WindowsTelephony) - Unknown owner - C:\WINDOWS\system\svhost.exe (file missing)
A voir également:

81 réponses

Précédent
Réponse 61 / 81
cedric33
 
Pimprenelle???
0
Réponse 62 / 81
cedric33
 
Ah pardon j'avais pas vu que t'avais répondu en p4.

Non pas de trace de msile dans ajout/suppression de programmes.
0
Réponse 63 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Fais ceci :

Télécharge Toolscleaner sur ton Bureau :

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

puis ceci :

* Télécharger ComboFix (par sUBs) sur le Bureau.
* Double-cliquer combofix.exe.
* Il est vivement recommandé d'installer la Console de récupération !
* Appuyer sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt.
* Refaire un rapport HijackThis, et fixer les lignes correspondantes comme indiqué plus haut.



Le tutoriel officiel


Sous Vista :

* Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
* Aller dans démarrer puis panneau de configuration.
* Double-cliquer sur l'icône Comptes d'utilisateurs.
* Cliquer ensuite sur désactiver et valider.
* Faire un clic-droit sur ComboFix présent sur le Bureau et choisir Exécuter en tant qu'administrateur.
* Double-cliquer sur combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt
o En cas de difficulté à dépouiller les résultats du rapport seul, il est conseillé de le poster en forum afin qu'une personne avertie vous guide dans l'utilisation et l'analyse des rapports. La "puissance" et la difficulté à analyser les résultats des rapports en font un fix à utiliser avec précaution.
0
Réponse 64 / 81
cedric33
 
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\SdFix.exe: trouvé !
C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\SDFIX: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Etudiant\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\Etudiant\Bureau\FindyKill.txt: trouvé !
C:\Documents and Settings\Etudiant\Bureau\Nouveau dossier\Page\GenProc[*].html: trouvé !
C:\Documents and Settings\Etudiant\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\Etudiant\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !


Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\SdFix.exe: supprimé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Etudiant\Bureau\Navilog1.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Etudiant\Bureau\FindyKill.txt: supprimé !
C:\Documents and Settings\Etudiant\Bureau\Nouveau dossier\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\SDFIX: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Etudiant\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !



ComboFix 09-03-06.02 - Etudiant 2009-03-13 20:25:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.390 [GMT 1:00]
Lancé depuis: G:\ComboFix.exe
AV: F-Secure Anti-Virus Client Security 6.02 *On-access scanning enabled* (Outdated)
FW: F-Secure Anti-Virus Client Security 6.02 *enabled*

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))
.

2009-03-13 20:30 . 2009-03-13 20:30 0 ---hs---- c:\windows\system32\drivers\sysdrv32.sys
2009-03-13 20:23 . 2009-03-13 20:23 <REP> d-------- C:\ToolBar SD
2009-03-11 17:55 . 2009-03-11 17:55 94,574 --a------ c:\windows\system32\drivers\ba64caef.sys
2009-03-11 17:55 . 2009-03-11 17:55 33,280 --a------ c:\program files\gkxiulzx.dll
2009-03-11 15:04 . 2008-04-13 19:33 116,736 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-11 15:04 . 2001-08-23 17:47 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2009-03-11 15:04 . 2004-08-05 11:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2009-03-11 15:04 . 2001-08-23 17:47 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-11 15:04 . 2001-08-23 17:47 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-11 15:04 . 2008-04-13 09:34 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-11 15:04 . 2008-04-13 11:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys
2009-03-11 15:04 . 2008-04-13 19:33 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-11 15:04 . 2001-08-17 20:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-11 15:04 . 2008-04-13 09:34 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-11 15:04 . 2008-04-13 19:33 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2009-03-11 15:04 . 2001-08-23 17:47 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-11 15:02 . 2001-08-17 21:28 604,253 --a------ c:\windows\system32\dllcache\vmodem.sys
2009-03-11 15:01 . 2001-08-17 21:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-03-11 15:00 . 2001-08-23 17:47 216,576 --a------ c:\windows\system32\dllcache\um34scan.dll
2009-03-11 14:59 . 2001-08-23 17:47 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll
2009-03-11 14:59 . 2001-08-23 17:46 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll
2009-03-11 14:59 . 2001-08-23 17:46 315,520 --a------ c:\windows\system32\dllcache\trid3d.dll
2009-03-11 14:59 . 2001-08-17 22:02 230,912 --a------ c:\windows\system32\dllcache\tosdvd03.sys
2009-03-11 14:59 . 2001-08-17 20:51 222,336 --a------ c:\windows\system32\dllcache\trid3dm.sys
2009-03-11 14:59 . 2001-08-17 20:51 166,784 --a------ c:\windows\system32\dllcache\tridxpm.sys
2009-03-11 14:59 . 2001-08-17 20:51 159,232 --a------ c:\windows\system32\dllcache\tridkbm.sys
2009-03-11 14:59 . 2008-04-13 19:34 82,944 --a------ c:\windows\system32\dllcache\tp4mon.exe
2009-03-11 14:59 . 2001-08-23 17:46 43,520 --a------ c:\windows\system32\dllcache\tp4res.dll
2009-03-11 14:59 . 2001-08-17 20:12 34,375 --a------ c:\windows\system32\dllcache\tpro4.sys
2009-03-11 14:59 . 2001-08-23 17:47 31,744 --a------ c:\windows\system32\dllcache\tp4.dll
2009-03-11 14:59 . 2004-08-05 11:00 14,336 --a------ c:\windows\system32\dllcache\tsprof.exe
2009-03-11 14:59 . 2001-08-23 17:00 4,992 --a------ c:\windows\system32\dllcache\toside.sys
2009-03-11 14:57 . 2001-08-23 17:46 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2009-03-11 14:56 . 2001-08-23 16:57 286,848 --a------ c:\windows\system32\dllcache\stlnata.sys
2009-03-11 14:55 . 2008-04-13 19:33 466,432 --a------ c:\windows\system32\dllcache\smtpsvc.dll
2009-03-11 14:54 . 2001-08-23 17:47 238,592 --a------ c:\windows\system32\dllcache\sisgrv.dll
2009-03-11 14:53 . 2001-08-23 17:46 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2009-03-11 14:52 . 2001-08-23 17:47 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-03-11 14:51 . 2001-08-23 17:46 182,272 --a------ c:\windows\system32\dllcache\s3mt3d.dll
2009-03-11 14:50 . 2001-08-23 17:18 899,914 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-11 14:49 . 2008-04-13 19:33 482,304 --a------ c:\windows\system32\dllcache\pintlgnt.ime
2009-03-11 14:48 . 2008-04-13 19:32 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-03-11 14:47 . 2001-08-17 22:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-03-11 14:46 . 2008-04-13 19:07 2,067,968 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-11 14:45 . 2001-08-23 17:09 131,072 --a------ c:\windows\system32\dllcache\n100325.sys
2009-03-11 14:44 . 2004-08-05 11:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-03-11 14:43 . 2001-08-23 17:03 320,384 --a------ c:\windows\system32\dllcache\mgaum.sys
2009-03-11 14:42 . 2001-08-17 21:28 802,683 --a------ c:\windows\system32\dllcache\ltsm.sys
2009-03-11 14:41 . 2004-08-05 11:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-03-11 14:40 . 2008-04-13 19:31 811,064 --a------ c:\windows\system32\dllcache\imjp81k.dll
2009-03-11 14:39 . 2008-04-13 19:33 702,845 --a------ c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-11 14:38 . 2008-04-13 19:31 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2009-03-11 14:37 . 2001-08-23 17:47 324,608 --a------ c:\windows\system32\dllcache\hpojwia.dll
2009-03-11 14:36 . 2001-08-23 17:46 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-03-11 14:35 . 2001-08-23 17:16 596,319 --a------ c:\windows\system32\dllcache\es56cvmp.sys
2009-03-11 14:34 . 2001-08-23 17:13 634,166 --a------ c:\windows\system32\dllcache\el656ct5.sys
2009-03-11 14:33 . 2001-08-17 20:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-03-11 14:32 . 2001-08-23 17:47 422,429 --a------ c:\windows\system32\dllcache\dgconfig.dll
2009-03-11 14:31 . 2004-08-05 11:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-03-11 14:30 . 2001-08-17 21:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2009-03-11 14:29 . 2001-08-17 20:19 747,392 --a------ c:\windows\system32\dllcache\adm8830.sys
2009-03-11 14:28 . 2008-04-13 19:08 2,191,104 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-11 14:27 . 2008-04-13 19:33 876,653 --a------ c:\windows\system32\dllcache\fp4awel.dll
2009-03-11 00:03 . 2009-03-11 00:03 995,328 --a------ c:\windows\system32\11.scr
2009-03-10 16:33 . 2009-03-13 20:22 <REP> d-------- c:\windows\ERUNT
2009-03-10 16:33 . 2009-03-10 16:49 <REP> d-------- C:\Backups
2009-03-10 13:55 . 2009-03-10 13:55 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-10 13:55 . 2009-03-10 13:55 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-10 13:55 . 2009-03-10 13:55 <REP> d-------- c:\documents and settings\Etudiant\Application Data\SUPERAntiSpyware.com
2009-03-10 13:55 . 2009-03-10 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-10 00:09 . 2009-03-10 00:09 33,280 --a------ c:\program files\Fichiers communs\omsishuj.dll
2009-03-09 23:24 . 2009-03-09 23:24 22,304 --a------ c:\windows\system32\drivers\eioa243.sys
2009-03-09 10:07 . 2009-03-09 10:07 995,328 --a------ c:\windows\system32\64.scr
2009-03-09 03:29 . 2009-03-09 03:29 995,328 --a------ c:\windows\system32\77.scr
2009-03-09 03:03 . 2009-03-09 03:03 995,328 --a------ c:\windows\system32\63.scr
2009-03-09 01:50 . 2009-03-09 01:50 995,328 --a------ c:\windows\system32\25.scr
2009-03-09 01:39 . 2009-03-09 01:39 <REP> d--h----- c:\windows\PIF
2009-03-09 00:30 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00001_.tmp
2009-03-08 20:59 . 2009-03-08 23:08 113,902 --a------ c:\windows\system32\drivers\c1a49346.sys
2009-03-07 14:26 . 2009-03-13 20:25 <REP> d-------- c:\windows\system32\CatRoot2
2009-03-07 12:34 . 2009-03-07 12:34 41,987 -r-hs---- c:\windows\system\msile.exe
2009-03-07 11:48 . 2009-03-07 11:47 995,328 -r-hs---- c:\windows\system\msrsys32.exe
2009-02-21 19:39 . 2009-03-07 15:58 <REP> d-------- c:\documents and settings\Etudiant\Application Data\The Creative Assembly
2009-02-21 12:09 . 2009-02-23 19:16 <REP> d-------- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 19:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-13 19:22 --------- d-----w c:\program files\Trend Micro
2009-03-10 20:45 --------- d-----w c:\documents and settings\Etudiant\Application Data\uTorrent
2009-03-10 01:21 1,062 ----a-w c:\program files\rblcqek.txt
2009-03-09 09:17 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-08 14:33 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-07 14:28 --------- d-----w c:\program files\bwin
2009-02-18 22:29 --------- d-----w c:\program files\eMule
2009-02-15 11:51 --------- d-----w c:\documents and settings\Etudiant\Application Data\MeeLive
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-04 23:52 --------- d-----w c:\documents and settings\Etudiant\Application Data\2K Sports
2009-01-26 17:35 --------- d-----w c:\program files\WinamaxPoker
2007-06-13 00:19 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-06-13 00:19 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-13 00:19 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-14 140696]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 684032]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-23 180269]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [15/02/2006 15:16:02 581693]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [22/08/2006 17:41:36 184320]
F-Secure Automatic Update.lnk - c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [23/08/2006 13:01:35 32807]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-08-19 14:52 389120 c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ AsWlnPkg scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WindowsTelephony]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-02-22 07:03 40960 c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
--a------ 2005-10-24 10:32 40960 c:\windows\system32\iprntctl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-12 14:00 88203 c:\windows\AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Program files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17040:TCP"= 17040:TCP:NortonAV
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [23/08/2006 13:01:39 70896]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [25/08/2006 08:37:10 34671]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [25/10/2005 19:10:44 35488]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2009 11:43:28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 11:43:28 55024]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 13:00:00 14336]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [23/08/2006 13:01:35 32807]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [23/08/2006 13:01:10 48816]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [23/08/2006 13:01:10 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [23/08/2006 13:01:10 16720]
R2 msrsys;MSR System Service;c:\windows\system\msrsys32.exe [07/03/2009 11:48:10 995328]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [01/02/2008 03:02:26 65536]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/11/2008 09:42:48 356920]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [22/08/2006 17:25:35 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/06/2005 14:26:00 35968]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 11:43:30 7408]
S0 eiob;eiob;c:\windows\system32\drivers\dwhy.sys --> c:\windows\system32\drivers\dwhy.sys [?]
S0 lcdwk;lcdwk;c:\windows\system32\drivers\rbpwga.sys --> c:\windows\system32\drivers\rbpwga.sys [?]
S2 FbyedS;FbyedS;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 13:00:00 14336]
S2 msile;microsoft install le;c:\windows\system\msile.exe [07/03/2009 12:34:16 41987]
S2 WindowsTelephony;Windows Telephony;"c:\windows\system\svhost.exe" --> c:\windows\system\svhost.exe [?]
S3 eioa243;eioa243;c:\windows\system32\drivers\eioa243.sys [09/03/2009 23:24:55 22304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
FbyedS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19be1942-0dc8-11dc-a690-001302801d21}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6be3ed7f-039a-11dc-a67c-001560c7b544}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fabdce0-af9e-11dc-a819-001302801d21}]
\Shell\AutoRun\command - G:\euromed.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ba07754-17f5-11dc-a6bc-001302801d21}]
\Shell\AutoRun\command - H:\EXPLORER.EXE
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a92ce6de-1468-11dc-a6aa-001302801d21}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f0214a-e2af-11db-a62d-001302801d21}]
\Shell\AutoRun\command - F:\euromed.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b3deef-fa51-11db-a665-001560c7b544}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-c:\windows\system32\kdglr.exe - c:\windows\system32\kdglr.exe
Notify-OneCard - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.bem.edu/
uInternet Connection Wizard,ShellNext = hxxp://www.bordeaux-bs.edu/
uInternet Settings,ProxyServer = proxy.bem.edu:8080
uInternet Settings,ProxyOverride = *.local
IE: &Block this popup - c:\program files\F-Secure\Anti-Spyware\blockpopups.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
Trusted Zone: microsoft.com\www
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
FF - ProfilePath - c:\documents and settings\Etudiant\Application Data\Mozilla\Firefox\Profiles\wx6gb9oa.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.fr
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 20:30:04
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-770459649-142141447-3739184512-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,b1,89,4f,dd,da,e1,e3,c8,32,e6,7e,6b,09,53,28,60,02,f4,5d,9c,
98,57,cf,0c,21,1c,0f,5e,f4,bb,b9,b0,3d,10,58,02,ca,1e,d9,c4,d7,cf,e4,f6,18,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'lsass.exe'(816)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\IFXTCS.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\fsgk32.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
c:\program files\F-Secure\common\FSMA32.EXE
c:\program files\F-Secure\common\FSMB32.EXE
c:\windows\system32\IFXSPMGT.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\F-Secure\common\FCH32.EXE
c:\program files\F-Secure\common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Anti-Virus\FSRW.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\F-Secure\Anti-Virus\FSAV32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\program files\ProtectTools\Embedded Security Software\SpTNA.exe
c:\program files\F-Secure\common\FNRB32.exe
c:\program files\F-Secure\FWES\program\fsdfwd.exe
c:\program files\F-Secure\common\FIH32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\F-Secure\ANTI-S~1\FSAW.exe
c:\program files\HPQ\HP ProtectTools Security Manager\PTServs.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\F-Secure\FSGUI\fsguidll.exe
.
**************************************************************************
.
Heure de fin: 2009-03-13 20:38:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-13 19:38:03

Avant-CF: 10,863,767,552 octets libres
Après-CF: 10,843,213,824 octets libres

Current=3 Default=3 Failed=6 LastKnownGood=7 Sets=1,2,3,4,5,6,7
366
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Essaye de me faire un free scan avec Remove It Pro
http://209.85.227.132/translate_c?hl=fr&sl=en&u=http://www.incodesolutions.com/removeitent.php&prev=/search%3Fq%3Dmsile.exe%26hl%3Dfr%26client%3Dfirefox-a%26rls%3Dorg.mozilla:fr:official%26hs%3DMmv&usg=ALkJrhirTPk1lkUy1qalTuq9g0vcDvi_Zg


0
Réponse 66 / 81
cedric33
 
RemoveIT Pro v7 Enterprise (Build date: 11.11.2008) log.
Generated at: 03/14/2009 on 12:25:09 AM
Microsoft Windows XP Professional Service Pack 3 (Build 2600)

12:25:09 AM: Scanning, please wait...
12:28:47 AM: Infected file (Sys32.11) C:\WINDOWS\system32\11.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.25) C:\WINDOWS\system32\25.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.63) C:\WINDOWS\system32\63.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.64) C:\WINDOWS\system32\64.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.77) C:\WINDOWS\system32\77.scr -> No action taken.
12:31:02 AM: Infected file (Sys32.tmp) C:\WINDOWS\system32\tmp.txt -> No action taken.
12:32:18 AM: Infected file (Sys32.msile) C:\WINDOWS\system\msile.exe -> No action taken.
12:32:19 AM: Infected file (Sys32.nircmd) C:\WINDOWS\nircmd.exe -> No action taken.
12:33:32 AM: 8 Dangerous files has been found on your computer.
Click on "Fix" button to fix selected tasks.
12:37:23 AM: Scanning, please wait...
12:41:14 AM: Infected file (Sys32.11) C:\WINDOWS\system\msrsys32.exe -> No action taken.
12:42:15 AM: 9 Dangerous files has been found on your computer.
Click on "Fix" button to fix selected tasks.
Finished...
0
Réponse 67 / 81
cedric33
 
UP
0
Réponse 68 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
tu peux supprimer tout cela et me faire un nouvel hijackthis.
0
Réponse 69 / 81
cedric33
 
J'ai recherché un msile. Il se lance dans les processus Je l'ai fermé. Je l'efface du DD mais revient dans c:\windows\system32\prefecth




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:47, on 03/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bem.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bordeaux-bs.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.icservic.com/proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bem.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0
Réponse 70 / 81
cedric33
 
J'ai recherché un msile. Il se lance dans les processus Je l'ai fermé. Je l'efface du DD mais revient dans c:\windows\system32\prefecth




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:47, on 03/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bem.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bordeaux-bs.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.icservic.com/proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bem.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0
Réponse 71 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
12:25:09 AM: Scanning, please wait...
12:28:47 AM: Infected file (Sys32.11) C:\WINDOWS\system32\11.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.25) C:\WINDOWS\system32\25.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.63) C:\WINDOWS\system32\63.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.64) C:\WINDOWS\system32\64.scr -> No action taken.
12:28:47 AM: Infected file (Sys32.77) C:\WINDOWS\system32\77.scr -> No action taken.
12:31:02 AM: Infected file (Sys32.tmp) C:\WINDOWS\system32\tmp.txt -> No action taken.
12:32:18 AM: Infected file (Sys32.msile) C:\WINDOWS\system\msile.exe -> No action taken.
12:32:19 AM: Infected file (Sys32.nircmd) C:\WINDOWS\nircmd.exe -> No action taken.
12:33:32 AM: 8 Dangerous files has been found on your computer.
Click on "Fix" button to fix selected tasks.
12:37:23 AM: Scanning, please wait...
12:41:14 AM: Infected file (Sys32.11) C:\WINDOWS\system\msrsys32.exe -> No action taken.
12:42:15 AM: 9 Dangerous files has been found on your computer.
Click on "Fix" button to fix selected tasks.


Tu na pas supprimé ça avec remove it pro il l'avait trouvé?
0
Réponse 72 / 81
Escaflowne14850 Messages postés 231 Statut Membre
 
salut!!! primprenelle

j'ai un nouveau forum qui s'appelle "problème virux Trojan-Dropper:W32/Agent.JRI.

merci de m'aider.

Escaflowne
0
Réponse 73 / 81
cedric33
 
Remove IT pro est payant pour corriger les problèmes donc je ne l'ai pas corrigé.
0
Réponse 74 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
non non non il faut faire fix comme demandé par le logiciel y en à plein qui l'on déjà fait. peux tu me le refaire STP pour enfin le supprimer.

Télécharger RemoveIT Pro

Fais un scan et poste moi le full rapport log.


0
Réponse 75 / 81
cedric33
 
Je re téléchagre remove it à partir de ton lien parce que dans ma version je clique sur fix et il me marque purchase now it is just a demonstration...
0
Réponse 76 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
ah bon bizarre.
0
Réponse 77 / 81
cedric33
 
J'ai retéléchargé j'avais la version pro. Par contre pas moyen de faire un log il me dit error writting log file.
En tout cas msile.exe a été supprimé
0
Réponse 78 / 81
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
enfin c'est pas trop tôt.
0
Réponse 79 / 81
cedric33
 
Oui et j'en profite pour te remercier de toute ton aide. T'as été super merci beaucoup!!!!
0
Réponse 80 / 81
cedric33
 
Internet a l'air de refonctionner normalement. Je testerai plus longtemps demain. Merci encore pour ton aide.
0