Sujet Précédent Sujet Suivant

Infecté par "je ne sais pas quoi"

Résolu/Fermé
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 - 9 nov. 2006 à 17:15
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 18 nov. 2006 à 10:11
Bonjour,

Il y un virus qui a élu domicile dans mon ordi mais je n'arrive pas le trouver et petit a petit il détruit mes fichiers vidéos. Avast ne l'a pas trouvé ni un scan en ligne.
Je ne sais pas quoi faire. quelqu'un pourrait'il m'aider svp?
Merci d'avance

7 réponses

Réponse 1 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
9 nov. 2006 à 18:44
Salut

, télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
15 nov. 2006 à 17:43
Salut

Désolé de ne pas avoir répondu avant.

Voici le log
Logfile of HijackThis v1.99.1
Scan saved at 17:38:16, on 15/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition

Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Alice ADSL
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0

-k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil

Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe

-startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony

Ericsson\Mobile2\Application Launcher\Application Launcher.exe"

/Minimized
O8 - Extra context menu item: Analyser avec LeechGet -

file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger en utilisant l'assistant

LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet -

file://C:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66}

- %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8

- {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

(file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE

Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)

-

http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.co

m/housecall/xscan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file

missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown

owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers

communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Fichiers

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate

Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


Merci encore pour le coup de main.
A+
0
Réponse 2 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 nov. 2006 à 19:55
Salut,

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

A+
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
15 nov. 2006 à 20:02
Re

Voilà le rapport

SmitFraudFix v2.121

Rapport fait à 20:00:36,12, 15/11/2006
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voilà merci et a +
0
Réponse 3 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 nov. 2006 à 20:03
Re,

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
16 nov. 2006 à 17:55
Salut

Ca a été un peu long mais c'était un peu tendu à faire toutefois rien d'impossible quand même :)

Voici le rapport

"Silent Runners.vbs", revision 49, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"(Default)" = "(empty string)" [file not found]
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized" ["Sony Ericsson Mobile Communications AB"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"avast!" = ""C:\Program Files\Alwil Software\Avast4\ashDisp.exe"" [null data]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{780BCB64-0CAF-473c-A9FC-E08C03D75515}" = "Matroska Shell Extension, Properties Page CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Prop Page CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
"{78DC191E-EFC1-4532-9A71-224577A86A7D}" = "Matroska Shell Extension, Thumbnail Handler CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Thumbnail Handler CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
"{794D04CA-70AC-4020-80EB-FFD59DEF8027}" = "Matroska Shell Extension, Tooltip Provider CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Tooltip Provider CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
"{789111D8-68A3-46a3-9663-145A3FF4C9C9}" = "Matroska Shell Extension, ContextMenu CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
"{781395AF-A127-469f-A06F-59B482AF4F3F}" = "Matroska Shell Extension, Column Provider CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Gestionnaire de fichiers Sony Ericsson"
-> {HKLM...CLSID} = "Gestionnaire de fichiers Sony Ericsson"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{781395AF-A127-469f-A06F-59B482AF4F3F}\(Default) = "The Matroska Shell Extension, Column Provider CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\LeechGet 2006\ShellExtension.dll" [null data]
MatroskaContextMenu\(Default) = "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
\InProcServer32\(Default) = "C:\Program Files\Matroska Pack\MSE\MatroskaProp.dll" [" "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\LeechGet 2006\ShellExtension.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\LeechGet 2006\ShellExtension.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

HKLM\Software\Classes\.hta\(Default) = (value not set)


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoWindowsUpdate" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove links and access to Windows Update}

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoFavoritesMenu" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Favorites menu from Start Menu}

"NoSMMyDocs" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Documents menu from Start Menu}

"NoSMMyPictures" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove My Pictures icon from Start Menu}

"NoStartMenuMyMusic" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoUserNameInStartMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoInstrumentation" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoStartMenuPinnedList" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"ForceStartMenuLogoff" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoFavoritesMenu" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSMMyDocs" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSMMyPictures" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoStartMenuMyMusic" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoInstrumentation" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSimpleStartMenu" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\

"DisableWindowsUpdateAccess" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Update|
Remove access to use all Windows Update features}

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"HP Usg Daily" -> launches: "C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe" [empty string]
"HPpromotions hp photosmart 7700 series" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe /N "hp photosmart 7700 series" -r" ["hp"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [file not found]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 1368 seconds)


Merci a +
0
Réponse 4 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 nov. 2006 à 19:27
Salut

Rien de tres interressant.
Je vois que tu t en sors, bravo lol

Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

a+
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
16 nov. 2006 à 20:01
Re,

Voici le rapport que tu m'as demandé

11/16/06 19:50:06 [Info]: BlackLight Engine 1.0.47 initialized
11/16/06 19:50:06 [Info]: OS: 5.1 build 2600 (Service Pack 1)
11/16/06 19:50:06 [Note]: 7019 4
11/16/06 19:50:06 [Note]: 7005 0
11/16/06 19:50:12 [Note]: 7006 0
11/16/06 19:50:12 [Note]: 7011 508
11/16/06 19:50:12 [Note]: 7026 0
11/16/06 19:50:12 [Note]: 7026 0
11/16/06 19:50:20 [Note]: FSRAW library version 1.7.1020
11/16/06 19:53:26 [Note]: 2000 1012
11/16/06 19:54:01 [Note]: 7007

Merci encore a+
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8 > ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023
16 nov. 2006 à 20:27
Re
ouais, après avoir télécharger une vidéo, le dossier dans lequel se trouvait le fichier m'affichait un message d'erreur et le dossier se fermer automatiquement. Du coup j'ai vite supprimé ce fichier pensant que c'était un virus. Je pensais que j'avais éradiqué le truc mais même des fichiers vidéos antécédent ont été infectés dans l'autre partition de l'ordi Depuis ca se ballade. Du coup je supprime tout au fur et à mesure car y'a plus moyen d'accéder au fichier sinon. Le pire c'est que j'ai gravé un fichier pour un pote et il apparu la même chose chez lui alors que sur le mien rien (j'ai supprimé ce fichier aussi).

Voilà ce qu'il en est si ca peut t'aider. Merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 nov. 2006 à 20:09
Salut

...

Ce phénomene de disparition de vidéos, tu peux m en dire plus?

a+
0
Réponse 6 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 nov. 2006 à 21:00
Re,

Bizarre ca...

Télécharge Combofix.exe (par sUBs) sur ton Bureau:
http://download.bleepingcomputer.com/sUBs/combofix.exe

* Double clique combofix.exe et suis les invites.

* Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau rapport HijackThis!

@+
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
17 nov. 2006 à 17:01
Salut

Et voici le rapport
Administrateur - 06-11-17 16:54:54,10 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Administrateur\Bureau"

((((((((((((((((((((((((((((((( Files Created from 2006-10-17 to 2006-11-17 ))))))))))))))))))))))))))))))))))


2006-11-16 17:25 346,902 C:\Documents and Settings\AdministrateurSilent Runners.vbs
2006-11-15 20:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-15 20:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-15 20:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-15 20:00 2,802 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-15 20:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-09 17:19 86,094 --a------ C:\WINDOWS\BPMNT.dll
2006-11-09 17:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2006-11-09 17:19 176,709 --a------ C:\WINDOWS\tsc.exe
2006-11-09 17:19 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2006-11-09 17:18 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-11-09 17:18 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-11-09 17:18 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-11-03 20:13 979,456 --a------ C:\WINDOWS\system32\PG32.DLL
2006-11-03 20:13 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2006-11-03 20:13 87,040 --a------ C:\WINDOWS\system32\P2BDAO.DLL
2006-11-03 20:13 77,824 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2006-11-03 20:13 710,656 --a------ C:\WINDOWS\system32\CR2C40FR.DLL
2006-11-03 20:13 54,272 --a------ C:\WINDOWS\system32\P2IRDAO.DLL
2006-11-03 20:13 50,176 --a------ C:\WINDOWS\system32\P2CTDAO.DLL
2006-11-03 20:13 430,080 --a------ C:\WINDOWS\system32\MsRepl35.dll
2006-11-03 20:13 40,960 --a------ C:\WINDOWS\system32\FlxGdFR.dll
2006-11-03 20:13 40,374 --a------ C:\WINDOWS\system32\P3S4ODFR.DLL
2006-11-03 20:13 36,352 --a------ C:\WINDOWS\system32\P2BBND.DLL
2006-11-03 20:13 34,816 --a------ C:\WINDOWS\system32\DBGrdFR.dll
2006-11-03 20:13 31,232 --a------ C:\WINDOWS\system32\DBLstFR.dll
2006-11-03 20:13 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2006-11-03 20:13 25,600 --a------ C:\WINDOWS\system32\CC245FR.DLL
2006-11-03 20:13 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2006-11-03 20:13 180,224 --a------ C:\WINDOWS\system32\CO2C40EN.DLL
2006-11-03 20:13 18,944 --a------ C:\WINDOWS\system32\IMPLODE.DLL
2006-11-03 20:13 15,872 --a------ C:\WINDOWS\system32\P3D4BDFR.DLL
2006-11-03 20:13 149,776 --a------ C:\WINDOWS\system32\MSJInt35.dll
2006-11-03 20:13 131,072 --a------ C:\WINDOWS\system32\P2SODBC.DLL
2006-11-03 20:13 12,800 --a------ C:\WINDOWS\system32\P3BDAOFR.DLL
2006-11-03 20:13 12,288 --a------ C:\WINDOWS\system32\P3RDAOFR.DLL
2006-11-03 20:13 12,288 --a------ C:\WINDOWS\system32\P3CDAOFR.DLL
2006-11-03 20:13 1,846,784 --a------ C:\WINDOWS\system32\CRPE32.DLL
2006-11-03 20:13 1,064,960 --a------ C:\WINDOWS\system32\MSJet35.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-17 06:38 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-17 06:35 -------- d-------- C:\Documents and Settings\Administrateur\Application Data\uTorrent
2006-11-15 17:38 6499 --a------ C:\Program Files\hijackthis.log
2006-11-15 17:38 -------- d-------- C:\Program Files\hijackthis
2006-11-13 16:35 -------- d-------- C:\Program Files\K!TV
2006-11-09 18:38 -------- d-------- C:\Program Files\WinRAR
2006-11-09 18:38 -------- d-------- C:\Program Files\eMule
2006-11-03 20:16 -------- d-------- C:\Program Files\GestSante
2006-10-28 08:29 -------- d-------- C:\Program Files\Google
2006-10-08 16:08 -------- d-------- C:\Program Files\iTunes
2006-10-08 16:08 -------- d-------- C:\Program Files\iPod
2006-10-08 16:07 -------- d-------- C:\Program Files\QuickTime
2006-10-08 16:05 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 16:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 16:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 16:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 16:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-23 16:12 -------- d-------- C:\Program Files\Sony Ericsson
2006-09-23 16:10 60416 --a------ C:\Program Files\1036.MST
2006-09-17 08:07 -------- d-------- C:\Program Files\RamBoost XP
2006-09-15 15:12 10022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-15 14:37 422 --a------ C:\mkv.bat
2006-09-15 12:18 8 -r-hs---- C:\WINDOWS\system32\8E3B5D238C.sys
2006-09-14 12:26 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2006-09-13 18:25 4195070 --a------ C:\WINDOWS\AubadeFemme.SCR


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /Minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,aa,00,00,00,00,00,00,00,56,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e3,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e3,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoWindowsUpdate"=dword:00000000
"NoRecentDocsMenu"=dword:00000001
"NoFavoritesMenu"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoStartMenuMyMusic"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsNetHood"=dword:00000000
"NoSMHelp"=dword:00000000
"NoRun"=dword:00000000
"NoUserNameInStartMenu"=dword:00000001
"NoInstrumentation"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"ForceStartMenuLogoff"=dword:00000000
"NoSharedDocuments"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoFavoritesMenu"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoStartMenuMyMusic"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"NoRecentDocsNetHood"=dword:00000000
"NoSMHelp"=dword:00000000
"NoRun"=dword:00000000
"NoInstrumentation"=dword:00000000
"NoSimpleStartMenu"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\HPpromotions hp photosmart 7700 series.job

Completion time: 06-11-17 16:55:37.35
C:\ComboFix.txt ... 06-11-17 16:55

Merci a +
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
17 nov. 2006 à 18:21
Re

j'ai essayé de retranscrire tout ce qui était dans ces messages d'erreurs si ça peut t'aider
<gras>
« explorer.exe a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru. »

Après je clique sur « cliquez ici » pour plus d’info voilà ce que ça donne

Signature de l’erreur
AppName: explorer.exe AppVer: 6.0.2800.1106 ModName: libavcodec.dll
ModVer: 0.0.0.0 Offset: 00034c1c
Pour consulter les informations techniques concernant le rapport d’erreurs, Cliquez ici

Puis de nouveau sur « cliquez ici » et ce message apparaît :

Les informations suivantes concernant votre procédure seront signalées :
Exception information
Code : 0xc0000000000000000 Adress : 0x000000006faf4clc

System Information…..
(Désolé mais y’a trop de truc marqué pour tout recopier)

Les fichiers suivants seront inclus dans ce rapport d’erreurs:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER18.tmp.dir00\appcompat.txt

Et voilà ce que j’en sors de ce rapport d’erreur

« <?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="626176" CHECKSUM="0xA17C36E8" BIN_FILE_VERSION="5.1.2600.1106" BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106" FILE_DESCRIPTION="API avancées Windows 32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA15EA" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002 18:44:40" UPTO_LINK_DATE="08/29/2002 18:44:40" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="257536" CHECKSUM="0xD816131F" BIN_FILE_VERSION="5.1.2600.1346" BIN_PRODUCT_VERSION="5.1.2600.1346" PRODUCT_VERSION="5.1.2600.1346" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1346 (xpsp2.040109-1800)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x437B2" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1346" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1346" LINK_DATE="03/30/2004 01:49:43" UPTO_LINK_DATE="03/30/2004 01:49:43" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="995328" CHECKSUM="0x2F94FA32" BIN_FILE_VERSION="5.1.2600.1106" BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106" FILE_DESCRIPTION="DLL du client API BASE Windows NT" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF9EA2" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002 18:44:41" UPTO_LINK_DATE="08/29/2002 18:44:41" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="679424" CHECKSUM="0x3B8A96E0" BIN_FILE_VERSION="5.1.2600.1217" BIN_PRODUCT_VERSION="5.1.2600.1217" PRODUCT_VERSION="5.1.2600.1217" FILE_DESCRIPTION="DLL Couche NT" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.1217 (xpsp2.030429-2131)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAC91C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1217" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1217" LINK_DATE="05/01/2003 23:57:20" UPTO_LINK_DATE="05/01/2003 23:57:20" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1258496" CHECKSUM="0x27F690D9" BIN_FILE_VERSION="5.1.2600.1619" BIN_PRODUCT_VERSION="5.1.2600.1619" PRODUCT_VERSION="5.1.2600.1619" FILE_DESCRIPTION="Microsoft OLE pour Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.1619 (xpsp2.041130-1838)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x14192B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1619" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1619" LINK_DATE="01/14/2005 05:34:50" UPTO_LINK_DATE="01/14/2005 05:34:50" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="OLEAUT32.DLL" SIZE="569344" CHECKSUM="0xBEBB6F05" BIN_FILE_VERSION="3.50.5016.0" BIN_PRODUCT_VERSION="3.50.5016.0" PRODUCT_VERSION="3.50.5016.0" FILE_DESCRIPTION="Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems" FILE_VERSION="3.50.5016.0" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-1999." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8F0DD" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.50.5016.0" UPTO_BIN_PRODUCT_VERSION="3.50.5016.0" LINK_DATE="08/29/2002 18:44:36" UPTO_LINK_DATE="08/29/2002 18:44:36" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8405504" CHECKSUM="0x17E1CBF8" BIN_FILE_VERSION="6.0.2800.1643" BIN_PRODUCT_VERSION="6.0.2800.1643" PRODUCT_VERSION="6.00.2800.1643" FILE_DESCRIPTION="DLL commune du shell Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="6.00.2800.1643 (xpsp2.050311-1242)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x80F5A3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2800.1643" UPTO_BIN_PRODUCT_VERSION="6.0.2800.1643" LINK_DATE="03/12/2005 01:52:10" UPTO_LINK_DATE="03/12/2005 01:52:10" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="user32.dll" SIZE="562176" CHECKSUM="0x828BEADF" BIN_FILE_VERSION="5.1.2600.1634" BIN_PRODUCT_VERSION="5.1.2600.1634" PRODUCT_VERSION="5.1.2600.1634" FILE_DESCRIPTION="DLL client de l'API Utilisateur de Windows XP" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.1634 (xpsp2.050301-1526)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8F4DF" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1634" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1634" LINK_DATE="03/02/2005 18:21:36" UPTO_LINK_DATE="03/02/2005 18:21:36" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="WININET.DLL" SIZE="580608" CHECKSUM="0xF234B671" BIN_FILE_VERSION="6.0.2800.1505" BIN_PRODUCT_VERSION="6.0.2800.1505" PRODUCT_VERSION="6.00.2800.1505" FILE_DESCRIPTION="Extensions Internet pour Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="6.00.2800.1505" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9C668" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2800.1505" UPTO_BIN_PRODUCT_VERSION="6.0.2800.1505" LINK_DATE="04/27/2005 17:54:19" UPTO_LINK_DATE="04/27/2005 17:54:19" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows(TM) Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
</EXE>
<EXE NAME="libavcodec.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="libavcodec.dll" SIZE="2675712" CHECKSUM="0xEF0879A8" MODULE_TYPE="WIN32" PE_CHECKSUM="0x28DD5D" LINKER_VERSION="0x10000" LINK_DATE="11/29/2005 20:14:41" UPTO_LINK_DATE="11/29/2005 20:14:41" />
</EXE>
</DATABASE>

Et pareil avec BS player si je clique vite sur le fichier video, un message d’erreur et rebelote les mêmes messages </gras>

Signature de l’erreur
AppName: bsplayer.exe AppVer: 1.3.6.824 ModName: libavcodec.dll
ModVer: 0.0.0.0 Offset: 00034c1c
Pour consulter les informations techniques concernant le rapport d’erreurs, Cliquez ici



Voilà, j'aurais peut-être du commencer par là ça t'aurais éviter de perdre du temps. désolé
A plus
0
ptitgibus3000 Messages postés 177 Date d'inscription samedi 1 octobre 2005 Statut Membre Dernière intervention 29 juillet 2023 8
17 nov. 2006 à 21:07
RE

Après avoir supprimer emule (dossier source qui avait contracté le problème) et le dernier fichier et dossier infecté avec "chaos shreeder" ainsi qu'un petit nettoyage avec "ccleaner", on dirait (enfin je prie pour) qu'il n'y a plus de problème pour l'instant. Un fichier qui apparaissait avec ce message n'apparait plus du tout.

Merci pour ton aide, c'est cool de trouver des personnes comme toi qui prennent du temps pour aider les autres.

Merci encore bon week end et a plus

Tchao ;)
0
Réponse 7 / 7
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
18 nov. 2006 à 10:11
Salut

Ok tiens moi au courant en fin de week end alors

merci

a+
0

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses