Sujet Précédent Sujet Suivant

Aidez moi svp! Analyse hijackthis

nulle en informatique -  
 jorginho67 -
Bonjour,
j'ai un tres gros probleme avec mon ordi depuis qlq temps. Je ne sais plus quoi faire je commence à en avoir marre. Aidez moi svp.
Il rame à fond, et quand je dis il rame c il rame vraiment genre 5 min pour demarrer windows, l'ecran sacade quand je defile.
J'ai telechargé hijackthis et voila ce que ca donne comme analiyse (je remercie deja tout ce qui pourront m'aider) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:15, on 06.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\whekdwjb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\tsitra801.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.33.210.17:3124
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {55910916-8B4E-4C1E-9253-CCE296EA71EB} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra801.exe 61A847B5BBF7281A329A284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\ryrkqyhy.dll",sitypnow
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\RHODON\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\RHODON\Application Data\Microsoft\Windows\igfunf.exe
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Tous Télécharger par ReGet Jr. - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Télécharger avec Re&Get Jr. - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: netfilter.dll
O10 - Unknown file in Winsock LSP: netfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3602FC4E-E008-4BCE-9342-51B4FE9B012B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{67382936-3076-4712-B707-ACBF9DC59EE5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{82C8A6AE-44A6-4D00-B05F-01DE33633218}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: DomainService - - C:\WINDOWS\System32\ylkggfbi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

73 réponses

Précédent
Réponse 41 / 73
nulle en informatique
 
suite ....

----a-w 6,144 2006-06-26 17:48:42 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\sp1qfe\rasadhlp.dll
----a-w 148,480 2006-06-26 17:41:32 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\sp2gdr\dnsapi.dll
----a-w 8,192 2006-06-26 17:41:32 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\sp2gdr\rasadhlp.dll
----a-w 147,456 2006-06-26 17:47:08 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\sp2qfe\dnsapi.dll
----a-w 7,680 2006-06-26 17:47:08 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\sp2qfe\rasadhlp.dll
----a-w 22,752 2005-10-12 23:15:25 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\update\spcustom.dll
----a-w 727,776 2005-10-12 23:15:28 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\update\update.exe
----a-w 394,976 2005-10-12 23:15:45 C:\WINDOWS\SoftwareDistribution\Download\c9781664ee26c3812b79c248accba913\update\updspapi.dll
----a-w 15,072 2005-10-12 23:15:25 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\spmsg.dll
----a-w 216,800 2005-10-12 23:15:26 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\spuninst.exe
----a-w 368,640 2006-03-01 19:45:35 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp1qfe\msdtcprx.dll
----a-w 974,336 2006-03-01 19:45:35 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp1qfe\msdtctm.dll
----a-w 150,528 2006-03-01 19:45:35 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp1qfe\msdtcuiu.dll
----a-w 64,512 2006-03-01 19:45:35 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp1qfe\mtxclu.dll
----a-w 83,456 2006-03-01 19:45:35 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp1qfe\mtxoci.dll
----a-w 11,776 2006-03-01 19:45:35 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp1qfe\xolehlp.dll
----a-w 426,496 2006-03-01 19:43:50 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2gdr\msdtcprx.dll
----a-w 956,416 2006-03-01 19:43:50 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2gdr\msdtctm.dll
----a-w 161,280 2006-03-01 19:43:51 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2gdr\msdtcuiu.dll
----a-w 66,560 2006-03-01 19:43:51 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2gdr\mtxclu.dll
----a-w 91,136 2006-03-01 19:43:51 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2gdr\mtxoci.dll
----a-w 11,776 2006-03-01 19:43:51 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2gdr\xolehlp.dll
----a-w 426,496 2006-03-01 19:42:12 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2qfe\msdtcprx.dll
----a-w 956,416 2006-03-01 19:42:12 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2qfe\msdtctm.dll
----a-w 161,280 2006-03-01 19:42:12 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2qfe\msdtcuiu.dll
----a-w 66,560 2006-03-01 19:42:12 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2qfe\mtxclu.dll
----a-w 91,136 2006-03-01 19:42:12 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2qfe\mtxoci.dll
----a-w 11,776 2006-03-01 19:42:12 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\sp2qfe\xolehlp.dll
----a-w 22,752 2005-10-12 23:15:25 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\update\spcustom.dll
----a-w 727,776 2005-10-12 23:15:28 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\update\update.exe
----a-w 394,976 2005-10-12 23:15:45 C:\WINDOWS\SoftwareDistribution\Download\cef4d84f54fa3cbb88b347e5551b26a8\update\updspapi.dll
----a-w 95,232 2006-05-19 12:14:13 C:\WINDOWS\system32\6to4svc.dll
----a-w 561,664 2006-08-25 15:54:04 C:\WINDOWS\system32\comctl32.dll
----a-w 93,184 2004-10-28 01:31:14 C:\WINDOWS\system32\cscdll.dll
----a-w 104,448 2006-05-19 12:14:13 C:\WINDOWS\system32\dhcpcsvc.dll
----a-w 140,288 2006-06-26 17:48:42 C:\WINDOWS\system32\dnsapi.dll
----a-w 77,824 2005-10-17 21:30:33 C:\WINDOWS\system32\fontsub.dll
----a-w 260,608 2006-01-02 22:39:04 C:\WINDOWS\system32\gdi32.dll
----a-w 31,232 2006-05-19 12:14:13 C:\WINDOWS\system32\inetmib1.dll
----a-w 84,480 2006-05-19 12:14:13 C:\WINDOWS\system32\iphlpapi.dll
----a-w 60,416 2006-05-19 12:02:50 C:\WINDOWS\system32\ipv6.exe
----a-w 54,272 2006-05-19 12:14:14 C:\WINDOWS\system32\ipv6mon.dll
----a-w 458,752 2006-05-18 06:16:58 C:\WINDOWS\system32\jscript.dll
-c--a-w 18,089,592 2007-09-27 20:19:40 C:\WINDOWS\system32\MRT.exe
----a-w 368,640 2006-03-01 19:45:35 C:\WINDOWS\system32\msdtcprx.dll
----a-w 974,336 2006-03-01 19:45:35 C:\WINDOWS\system32\msdtctm.dll
----a-w 150,528 2006-03-01 19:45:35 C:\WINDOWS\system32\msdtcuiu.dll
----a-w 64,512 2006-03-01 19:45:35 C:\WINDOWS\system32\mtxclu.dll
----a-w 83,456 2006-03-01 19:45:35 C:\WINDOWS\system32\mtxoci.dll
----a-w 307,200 2006-07-14 15:56:54 C:\WINDOWS\system32\netapi32.dll
----a-w 163,328 2006-05-19 12:01:26 C:\WINDOWS\system32\netsh.exe
----a-w 6,144 2006-06-26 17:48:42 C:\WINDOWS\system32\rasadhlp.dll
------w 15,072 2005-10-12 23:15:25 C:\WINDOWS\system32\spmsg.dll
----a-w 229,376 2005-10-27 19:07:56 C:\WINDOWS\system32\srrstr.dll
----a-w 293,888 2007-10-05 08:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 414,720 2006-11-29 15:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 256,512 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe
----a-w 111,616 2005-10-17 21:30:33 C:\WINDOWS\system32\t2embed.dll
------w 36,864 2006-03-17 00:49:30 C:\WINDOWS\system32\verclsid.exe
----a-w 196,164 2006-11-27 00:34:46 C:\WINDOWS\system32\VFind.exe
----a-w 70,656 2006-05-19 12:14:14 C:\WINDOWS\system32\ws2_32.dll
----a-w 13,312 2006-05-19 12:14:14 C:\WINDOWS\system32\wship6.dll
----a-w 11,776 2006-03-01 19:45:35 C:\WINDOWS\system32\xolehlp.dll
----a-w 185,856 2006-05-19 08:51:32 C:\WINDOWS\system32\xpob2res.dll
----a-w 262,144 2007-10-11 15:33:38 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
-c--a-w 32,768 2007-10-11 15:39:27 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2007-10-11 15:39:27 C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
-c--a-w 65,536 2007-10-11 15:39:27 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 19,684 2007-10-11 14:58:27 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\adv735[1].exe
----a-w 10,240 2007-10-11 15:02:31 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\adv735[2].exe
----a-w 4,608 2007-10-11 15:26:49 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\dl[1].exe
----a-w 4,608 2007-10-11 15:40:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\dl[2].exe
----a-w 4,608 2007-10-11 14:58:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K193GBZT\dl[1].exe
----a-w 10,240 2007-10-11 15:26:41 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[1].exe
----a-w 19,684 2007-10-11 15:40:12 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[2].exe
----a-w 52,224 2007-10-09 21:10:02 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\dl[1].exe
----a-w 23,040 2007-10-09 21:09:59 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\loadadv735[1].exe
----a-w 55,808 2007-10-09 21:43:36 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\loadadv735[3].exe
----a-w 37,888 2007-10-09 22:39:00 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\rename[1].exe
-c--a-w 95,232 2006-05-19 12:14:13 C:\WINDOWS\system32\dllcache\6to4svc.dll
-c--a-w 561,664 2006-08-25 15:54:04 C:\WINDOWS\system32\dllcache\comctl32.dll
-c--a-w 232,448 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\convlog.exe
-c--a-w 93,184 2004-10-28 01:31:14 C:\WINDOWS\system32\dllcache\cscdll.dll
-c--a-w 212,992 2002-08-29 09:45:10 C:\WINDOWS\system32\dllcache\defrag.exe
-c--a-w 104,448 2006-05-19 12:14:13 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
-c--a-w 147,456 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\dllhst3g.exe
-c--a-w 140,288 2006-06-26 17:48:42 C:\WINDOWS\system32\dllcache\dnsapi.dll
-c--a-w 159,232 2002-12-11 23:14:32 C:\WINDOWS\system32\dllcache\dpnsvr.exe
-c--a-w 1,006,592 2005-10-20 22:34:04 C:\WINDOWS\system32\dllcache\esent.dll
-c--a-w 183,296 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\extrac32.exe
-c--a-w 77,824 2005-10-17 21:30:33 C:\WINDOWS\system32\dllcache\fontsub.dll
-c--a-w 260,608 2006-01-02 22:39:04 C:\WINDOWS\system32\dllcache\gdi32.dll
-c--a-w 202,240 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\gpupdate.exe
-c--a-w 188,469 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\imjpuex.exe
-c--a-w 31,232 2006-05-19 12:14:13 C:\WINDOWS\system32\dllcache\inetmib1.dll
-c--a-w 84,480 2006-05-19 12:14:13 C:\WINDOWS\system32\dllcache\iphlpapi.dll
-c--a-w 60,416 2006-05-19 12:02:50 C:\WINDOWS\system32\dllcache\ipv6.exe
-c--a-w 54,272 2006-05-19 12:14:14 C:\WINDOWS\system32\dllcache\ipv6mon.dll
-c--a-w 458,752 2006-05-18 06:16:58 C:\WINDOWS\system32\dllcache\jscript.dll
-c--a-w 254,976 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\makecab.exe
-c--a-w 190,976 2002-08-29 09:45:12 C:\WINDOWS\system32\dllcache\mofcomp.exe
-c----w 433,152 2006-05-05 09:31:04 C:\WINDOWS\system32\dllcache\mrxsmb.sys
-c--a-w 135,168 2006-03-23 06:06:15 C:\WINDOWS\system32\dllcache\msadco.dll
-c--a-w 368,640 2006-03-01 19:45:35 C:\WINDOWS\system32\dllcache\msdtcprx.dll
-c--a-w 974,336 2006-03-01 19:45:35 C:\WINDOWS\system32\dllcache\msdtctm.dll
-c--a-w 150,528 2006-03-01 19:45:35 C:\WINDOWS\system32\dllcache\msdtcuiu.dll
-c--a-w 203,776 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\msoobe.exe
-c--a-w 64,512 2006-03-01 19:45:35 C:\WINDOWS\system32\dllcache\mtxclu.dll
-c--a-w 83,456 2006-03-01 19:45:35 C:\WINDOWS\system32\dllcache\mtxoci.dll
-c--a-w 163,328 2006-05-19 12:01:26 C:\WINDOWS\system32\dllcache\netsh.exe
-c--a-w 271,360 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\nwscript.exe
-c--a-w 184,320 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\osuninst.exe
-c--a-w 6,144 2006-06-26 17:48:42 C:\WINDOWS\system32\dllcache\rasadhlp.dll
-c--a-w 186,880 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\rasautou.exe
-c--a-w 166,656 2006-05-05 09:40:31 C:\WINDOWS\system32\dllcache\rdbss.sys
-c--a-w 190,464 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\register.exe
-c--a-w 517,632 2002-08-29 09:45:14 C:\WINDOWS\system32\dllcache\rstrui.exe
-c--a-w 173,056 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\sethc.exe
----a-w 229,376 2005-10-27 19:07:56 C:\WINDOWS\system32\dllcache\srrstr.dll
-c--a-w 129,024 2002-08-29 09:45:18 C:\WINDOWS\system32\dllcache\ssmarque.scr
-c--a-w 111,616 2005-10-17 21:30:33 C:\WINDOWS\system32\dllcache\t2embed.dll
-c--a-w 249,344 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\tasklist.exe
-c--a-w 340,480 2006-04-20 11:38:44 C:\WINDOWS\system32\dllcache\tcpip.sys
-c--a-w 203,008 2006-05-19 08:46:02 C:\WINDOWS\system32\dllcache\tcpip6.sys
-c--a-w 11,776 2006-05-19 08:44:15 C:\WINDOWS\system32\dllcache\tunmp.sys
-c--a-w 282,112 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\uploadm.exe
-c--a-w 260,096 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\wmiapsrv.exe
-c--a-w 70,656 2006-05-19 12:14:14 C:\WINDOWS\system32\dllcache\ws2_32.dll
-c--a-w 13,312 2006-05-19 12:14:14 C:\WINDOWS\system32\dllcache\wship6.dll
-c--a-w 11,776 2006-03-01 19:45:35 C:\WINDOWS\system32\dllcache\xolehlp.dll
-c----w 608,256 2004-04-11 04:05:30 C:\WINDOWS\system32\dllcache\xpsp2res.dll
----a-w 162,720 2001-08-28 12:00:00 C:\WINDOWS\system32\drivers\beep.sys
----a-w 433,152 2006-05-05 09:31:04 C:\WINDOWS\system32\drivers\mrxsmb.sys
----a-w 166,656 2006-05-05 09:40:31 C:\WINDOWS\system32\drivers\rdbss.sys
----a-w 340,480 2006-04-20 11:38:44 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 203,008 2006-05-19 08:46:02 C:\WINDOWS\system32\drivers\tcpip6.sys
----a-w 11,776 2006-05-19 08:44:15 C:\WINDOWS\system32\drivers\tunmp.sys
----a-w 32,768 2007-09-24 02:29:12 C:\WINDOWS\system32\vMW06a\vMW06a1083.exe
----a-w 921,600 2004-04-16 15:56:04 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll
----a-w 925,184 2006-03-17 05:04:56 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
----a-w 925,184 2006-08-25 15:54:02 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
----a-w 1,638,400 2004-03-02 21:19:47 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll
.
----a-w 135,168 2007-09-28 07:06:08 C:\WINDOWS\catchme.exe
-c--a-w 6,816 2007-10-09 19:02:11 C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.bat
-c--a-w 146,432 2003-08-01 19:15:00 C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe
-c----w 819,712 2002-08-29 09:45:10 C:\WINDOWS\$NtUninstallKB840374$\helpctr.exe
-c--a-w 171,008 2004-04-10 10:24:50 C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
-c----w 37,888 2002-08-29 09:44:52 C:\WINDOWS\$NtUninstallQ810565$\hhsetup.dll
-c--a-w 132,608 2002-11-14 08:04:56 C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
-c----w 99,328 2002-11-14 08:04:56 C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
-c----w 198,144 2002-12-17 11:32:18 C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
------w 392,576 2002-11-18 09:27:40 C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
----a-w 210,944 2007-03-13 08:57:10 C:\WINDOWS\erdnt\subs\ERDNT.EXE
-c--a-w 815,104 2003-02-21 08:20:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
-c--a-w 303,104 2002-08-29 09:45:14 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
-c--a-w 598,016 2002-08-29 09:45:16 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
-c--a-w 155,648 2005-04-27 13:09:02 C:\WINDOWS\Resources\ScreenSavers\Flocks.scr
-c--a-w 108,032 2004-08-19 23:09:51 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\asr_fmt.exe
-c--a-w 110,592 2004-08-19 23:09:51 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\clipsrv.exe
-c--a-w 86,528 2004-08-19 23:09:51 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\comrepl.exe
-c--a-w 176,128 2004-08-19 23:09:51 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\cscript.exe
-c--a-w 160,256 2004-08-19 23:09:51 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\dpvsetup.exe
----a-w 1,113,088 2004-08-19 23:09:53 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
-c--a-w 91,920 2004-08-19 23:09:54 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\fp98sadm.exe
-c--a-w 87,552 2004-08-19 23:09:54 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\hh.exe
-c--a-w 295,424 2004-08-19 23:09:54 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\icwconn1.exe
-c--a-w 162,304 2004-08-19 23:09:54 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\makecab.exe
-c--a-w 221,184 2004-08-19 23:09:56 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\mobsync.exe
-c--a-w 201,728 2004-08-19 23:09:58 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\mplay32.exe
-c--a-w 237,568 2004-08-19 23:09:58 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\msconfig.exe
-c--a-w 1,744,384 2004-08-19 23:09:59 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\msmsgs.exe
-c--a-w 165,376 2004-08-19 23:09:59 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\netsh.exe
-c--a-w 497,664 2004-08-19 23:09:59 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntvdm.exe
-c--a-w 134,144 2004-08-19 23:10:02 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\rasphone.exe
-c--a-w 106,496 2004-07-20 01:54:15 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\regasm.exe
-c--a-w 229,888 2004-08-19 23:10:02 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\regedit.exe
-c--a-w 461,312 2004-08-19 23:10:02 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\rstrui.exe
-c--a-w 102,912 2004-08-19 23:10:02 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\skeys.exe
-c--a-w 95,744 2004-08-19 23:10:07 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ssmyst.scr
-c--a-w 143,425 2004-08-19 23:10:03 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\stub_fpsrvwin.exe
-c--a-w 110,651 2004-08-19 23:10:03 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\tcptest.exe
-c--a-w 121,856 2004-08-19 22:52:05 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\tscupgrd.exe
-c--a-w 286,720 2004-08-19 23:10:03 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\unregmp2.exe
-c--a-w 196,608 2004-08-19 23:10:04 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wbemtest.exe
-c--a-w 583,168 2004-08-19 23:10:04 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
-c--a-w 203,264 2004-08-19 23:10:04 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wmiapsrv.exe
-c--a-w 81,920 2004-08-19 14:09:56 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\update\fixccs.exe
-c--a-w 83,968 2004-08-19 14:10:00 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\update\nv4prep.exe
----a-w 59,392 2002-08-29 09:44:48 C:\WINDOWS\system32\6to4svc.dll
----a-w 557,056 2002-08-29 09:44:50 C:\WINDOWS\system32\comctl32.dll
----a-w 90,624 2001-08-28 12:00:00 C:\WINDOWS\system32\cscdll.dll
----a-w 100,352 2002-08-29 09:44:50 C:\WINDOWS\system32\dhcpcsvc.dll
----a-w 139,264 2002-08-29 09:44:50 C:\WINDOWS\system32\dnsapi.dll
-c--a-w 79,360 2001-08-28 12:00:00 C:\WINDOWS\system32\fontsub.dll
----a-w 260,608 2005-10-06 03:21:29 C:\WINDOWS\system32\gdi32.dll
-c--a-w 31,232 2001-08-28 12:00:00 C:\WINDOWS\system32\inetmib1.dll
----a-w 83,968 2002-08-29 09:44:52 C:\WINDOWS\system32\iphlpapi.dll
-c--a-w 74,240 2002-08-29 09:45:10 C:\WINDOWS\system32\ipv6.exe
-c--a-w 139,264 2002-08-29 09:44:52 C:\WINDOWS\system32\ipv6mon.dll
----a-w 593,948 2001-08-28 12:00:00 C:\WINDOWS\system32\jscript.dll
-c--a-w 17,474,680 2007-09-05 17:50:44 C:\WINDOWS\system32\MRT.exe
----a-w 368,640 2005-07-26 04:38:28 C:\WINDOWS\system32\msdtcprx.dll
----a-w 973,824 2005-07-26 04:38:29 C:\WINDOWS\system32\msdtctm.dll
----a-w 150,528 2005-07-26 04:38:30 C:\WINDOWS\system32\msdtcuiu.dll
----a-w 64,512 2005-07-26 04:38:30 C:\WINDOWS\system32\mtxclu.dll
----a-w 83,456 2005-07-26 04:38:30 C:\WINDOWS\system32\mtxoci.dll
------w 309,248 2002-08-29 09:44:52 C:\WINDOWS\system32\netapi32.dll
-c--a-w 162,304 2001-08-28 12:00:00 C:\WINDOWS\system32\netsh.exe
----a-w 6,144 2001-08-28 12:00:00 C:\WINDOWS\system32\rasadhlp.dll
------w 13,536 2005-06-28 08:20:24 C:\WINDOWS\system32\spmsg.dll
-c--a-w 228,864 2002-08-29 09:45:06 C:\WINDOWS\system32\srrstr.dll
----a-w 279,552 2007-10-05 08:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 15:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 198,656 2001-08-28 12:00:00 C:\WINDOWS\system32\t2embed.dll
----a-w 65,092 2006-11-27 00:34:46 C:\WINDOWS\system32\VFind.exe
----a-w 75,264 2001-08-28 12:00:00 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 13,312 2002-08-29 09:45:08 C:\WINDOWS\system32\wship6.dll
----a-w 11,776 2005-07-26 04:38:32 C:\WINDOWS\system32\xolehlp.dll
-c----w 185,344 2004-06-30 15:00:00 C:\WINDOWS\system32\xpob2res.dll
----a-w 262,144 2007-10-09 19:51:38 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
-c--a-w 32,768 2007-10-09 19:58:33 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2007-10-09 19:58:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
-c--a-w 65,536 2007-10-09 19:58:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 59,392 2002-08-29 09:44:48 C:\WINDOWS\system32\dllcache\6to4svc.dll
-c--a-w 557,056 2002-08-29 09:44:50 C:\WINDOWS\system32\dllcache\comctl32.dll
-c--a-w 166,912 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\convlog.exe
-c--a-w 90,624 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\cscdll.dll
-c--a-w 180,224 2002-08-29 09:45:10 C:\WINDOWS\system32\dllcache\defrag.exe
-c--a-w 100,352 2002-08-29 09:44:50 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
-c--a-w 114,688 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\dllhst3g.exe
-c--a-w 139,264 2002-08-29 09:44:50 C:\WINDOWS\system32\dllcache\dnsapi.dll
-c--a-w 126,464 2002-12-11 23:14:32 C:\WINDOWS\system32\dllcache\dpnsvr.exe
-c--a-w 1,034,240 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\esent.dll
-c--a-w 150,528 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\extrac32.exe
-c--a-w 79,360 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\fontsub.dll
-c--a-w 260,608 2005-10-06 03:21:29 C:\WINDOWS\system32\dllcache\gdi32.dll
-c--a-w 169,472 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\gpupdate.exe
-c--a-w 155,701 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\imjpuex.exe
-c--a-w 31,232 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\inetmib1.dll
-c--a-w 83,968 2002-08-29 09:44:52 C:\WINDOWS\system32\dllcache\iphlpapi.dll
-c--a-w 74,240 2002-08-29 09:45:10 C:\WINDOWS\system32\dllcache\ipv6.exe
-c--a-w 139,264 2002-08-29 09:44:52 C:\WINDOWS\system32\dllcache\ipv6mon.dll
-c--a-w 593,948 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\jscript.dll
-c--a-w 189,440 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\makecab.exe
-c--a-w 125,440 2002-08-29 09:45:12 C:\WINDOWS\system32\dllcache\mofcomp.exe
-c--a-w 131,072 2002-08-29 09:44:52 C:\WINDOWS\system32\dllcache\msadco.dll
-c--a-w 368,640 2005-07-26 04:38:28 C:\WINDOWS\system32\dllcache\msdtcprx.dll
-c--a-w 973,824 2005-07-26 04:38:29 C:\WINDOWS\system32\dllcache\msdtctm.dll
-c--a-w 150,528 2005-07-26 04:38:30 C:\WINDOWS\system32\dllcache\msdtcuiu.dll
-c--a-w 138,240 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\msoobe.exe
-c--a-w 64,512 2005-07-26 04:38:30 C:\WINDOWS\system32\dllcache\mtxclu.dll
-c--a-w 83,456 2005-07-26 04:38:30 C:\WINDOWS\system32\dllcache\mtxoci.dll
-c--a-w 96,768 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\netsh.exe
-c--a-w 238,592 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\nwscript.exe
-c--a-w 151,552 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\osuninst.exe
-c--a-w 6,144 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\rasadhlp.dll
-c--a-w 121,344 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\rasautou.exe
-c--a-w 163,328 2002-08-28 23:58:50 C:\WINDOWS\system32\dllcache\rdbss.sys
-c--a-w 124,928 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\register.exe
-c--a-w 484,864 2002-08-29 09:45:14 C:\WINDOWS\system32\dllcache\rstrui.exe
-c--a-w 140,288 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\sethc.exe
-c--a-w 228,864 2002-08-29 09:45:06 C:\WINDOWS\system32\dllcache\srrstr.dll
-c--a-w 96,256 2002-08-29 09:45:18 C:\WINDOWS\system32\dllcache\ssmarque.scr
-c--a-w 198,656 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\t2embed.dll
-c--a-w 183,808 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\tasklist.exe
-c--a-w 332,928 2002-08-28 23:58:12 C:\WINDOWS\system32\dllcache\tcpip.sys
-c--a-w 196,288 2002-08-28 23:37:54 C:\WINDOWS\system32\dllcache\tcpip6.sys
-c--a-w 9,856 2002-08-29 10:17:04 C:\WINDOWS\system32\dllcache\tunmp.sys
-c--a-w 249,344 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\uploadm.exe
-c--a-w 227,328 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\wmiapsrv.exe
-c--a-w 75,264 2001-08-28 12:00:00 C:\WINDOWS\system32\dllcache\ws2_32.dll
-c--a-w 13,312 2002-08-29 09:45:08 C:\WINDOWS\system32\dllcache\wship6.dll
-c--a-w 11,776 2005-07-26 04:38:32 C:\WINDOWS\system32\dllcache\xolehlp.dll
----a-w 4,224 2001-08-28 12:00:00 C:\WINDOWS\system32\drivers\beep.sys
----a-w 392,576 2002-11-18 09:27:40 C:\WINDOWS\system32\drivers\mrxsmb.sys
----a-w 163,328 2002-08-28 23:58:50 C:\WINDOWS\system32\drivers\rdbss.sys
----a-w 332,928 2002-08-28 23:58:12 C:\WINDOWS\system32\drivers\tcpip.sys
-c--a-w 196,288 2002-08-28 23:37:54 C:\WINDOWS\system32\drivers\tcpip6.sys
-c--a-w 9,856 2002-08-29 10:17:04 C:\WINDOWS\system32\drivers\tunmp.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" []
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-03 10:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-31 13:54]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []
"Steam"="e:\program files\steam\steam.exe" [2007-10-06 19:20]
"NetAppel"="C:\Program Files\NetAppel\NetAppel.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07]
"FreeFr"="C:\WINDOWS\FreeFrMail.exe" [2007-10-11 17:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*FreeFr"=C:\WINDOWS\FreeFrMail.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"FreeFr"=C:\WINDOWS\FreeFrMail.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"system"="lsass.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\(xà]
(xà

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\08(ÿ]
08(ÿ

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\0˜(ÿ]
0˜(ÿ

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\`p8ÿ]
`p8ÿ

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\èÈÈÿ]
èÈÈÿ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

*Newly Created Service* - 738B0907.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7DE0E8C7-C508-10A9-B862-0AB789CDCB90}]
C:\Program Files\NetMeeting\netmeet32.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D3B522E6-15EE-2C56-25F6-AA164D1335D}]
C:\WINDOWS\FreeFrMail.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-08-30 07:16:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-10 20:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 17:40:43
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 17:44:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-11 17:44
C:\ComboFix2.txt ... 2007-10-09 22:03
.
--- E O F ---
0
Réponse 42 / 73
nulle en informatique
 
rapport hijackthis (j'ai renommé hijackthis en nulle en informatique.exe kom tu m'avait demander)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:22, on 11.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.33.210.17:3124
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [*FreeFr] C:\WINDOWS\FreeFrMail.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [FreeFr] C:\WINDOWS\FreeFrMail.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Tous Télécharger par ReGet Jr. - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Télécharger avec Re&Get Jr. - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: netfilter.dll
O10 - Unknown file in Winsock LSP: netfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3602FC4E-E008-4BCE-9342-51B4FE9B012B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{67382936-3076-4712-B707-ACBF9DC59EE5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{82C8A6AE-44A6-4D00-B05F-01DE33633218}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: (xà - (xà (file missing)
O20 - Winlogon Notify: 08(ÿ - 08(ÿ (file missing)
O20 - Winlogon Notify: 0˜(ÿ - 0˜(ÿ (file missing)
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: `p8ÿ - `p8ÿ (file missing)
O20 - Winlogon Notify: èÈÈÿ - èÈÈÿ (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 43 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

ça m'a l'air pas trop mal, on continue à nettoyer

lance hijackthis puis coche ces lignes

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O20 - Winlogon Notify: (xà - (xà (file missing)
O20 - Winlogon Notify: 08(ÿ - 08(ÿ (file missing)
O20 - Winlogon Notify: 0˜(ÿ - 0˜(ÿ (file missing)
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: `p8ÿ - `p8ÿ (file missing)
O20 - Winlogon Notify: èÈÈÿ - èÈÈÿ (file missing)

toutes applications fermées et HORS CONNEXION, clique sur "fix checked"

puis

redémarre en mode sans échec
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

et fait un scan complet avec ANTIVIR
poste le rapport ici ensuite.

0
Réponse 44 / 73
nulle en informatique
 
J'ai "antivir-personal-edition-7_antivir_personal_edition_classic" je peux scanner avec?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
oui remarque tu peux aussi avec antivir. En mode sans échec si tu sais le faire
0
Réponse 46 / 73
nulle en informatique
 
ou pourrai je telecharger ANTIVIR? oui je sais comment faire en mode sans echec (avec ou sans reseau?)
0
Réponse 47 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
alors franchement là je comprends plus rien, y a 2 minutes tu me dis 
J'ai "antivir-personal-edition-7_antivir_personal_edition_classic" je peux scanner avec?


maintenant tu me demandes où le télécharger.
0
Réponse 48 / 73
nulle en informatique
 
ya un probleme. Antivir personnal Edition ne veut pas demarrer. Et quand je le reinstalle: une fenetre s'affiche:

The CRC sum of
C:\DOCUME~1\RHODON\LOCALS~1\Temps\RarSFX0\basic\setup.exe
has been changed! This could be due to a virus!
Do you want to shut down Setup?

Et voila je peux plus avancer.
0
Réponse 49 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
je ne comprends vraiment pas tout.

Tu as fait quoi exactement ? tenté de le ré installer ?

antivir c'est bien ton antivirus non ? tu as bien le parapluie rouge dans la barre à côté de l'horloge
0
Réponse 50 / 73
nulle en informatique
 
il est tard philae je vais dodo. Bonne nuit à toi. Je suis naze c normal c la fin de semaine.
a demain si tu veux. a titre d'information: mon ordi va de mieux en mieux, grace à toi. je t'en remercie. il faut que je te laisse maintenant.
Salut a demain.
0
Réponse 51 / 73
nulle en informatique
 
en fait je n'ai pas antivir, j'ai AVG c tout. Alors que toi t'as bien precisé et fait un scan complet avec ANTIVIR
0
Réponse 52 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

dans ton dernier rapport Hijackthis, j'ai vu ANTIVIR ligne 04

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

je ne l'ai pas rêvé tout de même
0
Réponse 53 / 73
nulle en informatique
 
salut,

ok j'ai fait le scan, le rapport:

AntiVir PersonalEdition Classic
Report file date: vendredi, 12. octobre 2007 21:30

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: RHODON
Computer name: RODMAN

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi, 12. octobre 2007 21:30

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mgrs.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\mgrs.exe'
Scan process 'win1E.tmp.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\TEMP\win1E.tmp.exe'
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOME.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'LckFldService.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'mgrs.exe' has been terminated
Process 'win1E.tmp.exe' has been terminated
C:\WINDOWS\mgrs.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4781cbd8.qua'!
C:\WINDOWS\TEMP\win1E.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[INFO] The file was moved to '477dcbda.qua'!

39 processes with 37 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\drvrap.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '4785cbf3.qua'!
C:\WINDOWS\system32\drvrap.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen

The registry was scanned ( '30' files ).

Starting the file scan:

Begin scan in 'C:\WINDOWS\System32'
C:\WINDOWS\System32\4XT3M.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4763cbdc.qua'!
C:\WINDOWS\System32\DSndUp.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '477dcbed.qua'!
C:\WINDOWS\System32\HCGBP.exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4756cbe4.qua'!
C:\WINDOWS\System32\HPZinw12.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4769cbf2.qua'!
C:\WINDOWS\System32\lights.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '4776cc13.qua'!
C:\WINDOWS\System32\PlgEnabler.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4776cc2c.qua'!
C:\WINDOWS\System32\QD479.exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4743cc06.qua'!
C:\WINDOWS\System32\regedt32.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '4776cc2a.qua'!
C:\WINDOWS\System32\swreg.exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4781cc47.qua'!
C:\WINDOWS\System32\VFind.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4778cc1e.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AR9Y1GLR\zdfyax[1].htm
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4775cc4b.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\adv735[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4785cc4c.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\dl[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '476acc54.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\dl[2].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '45076735.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\tsitra[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4778cc5c.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\xvydwpm[1].htm
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4788cc5f.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JFO69CNK\zdfyax[2].htm
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4775cc4d.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K193GBZT\dl[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '476acc56.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K193GBZT\rcexqwcu[2].htm
[DETECTION] Is the Trojan horse TR/Tiny.705
[INFO] The file was moved to '4774cc4d.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4785cc4e.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4785cc4f.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[3].exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '45e86730.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[4].exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4785cc51.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\adv735[5].exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4785cc50.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\dl[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '476acc58.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\dl[2].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '45076739.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\dl[3].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '476acc59.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\dl[4].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4507673a.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\dl[5].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '476acc5b.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\gyntmvohn[2].htm
[DETECTION] Is the Trojan horse TR/Tiny.705
[INFO] The file was moved to '477dcc66.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\loadadv735[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4770cc5d.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\loadadv735[3].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '451d673e.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\rename[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477dcc53.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\utbdjp[1].txt
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4771cc63.qua'!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KG3WWH99\vgjohlebd[1].htm
[DETECTION] Is the Trojan horse TR/Tiny.705
[INFO] The file was moved to '4779cc56.qua'!
C:\WINDOWS\System32\dllcache\cplexe.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '477bcc6d.qua'!
C:\WINDOWS\System32\dllcache\imepadsv.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4774cc7d.qua'!
C:\WINDOWS\System32\dllcache\imjpdadm.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4779cc7e.qua'!
C:\WINDOWS\System32\dllcache\imjpdct.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4779cc7f.qua'!
C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4779cc80.qua'!
C:\WINDOWS\System32\dllcache\imjpinst.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '451d0c99.qua'!
C:\WINDOWS\System32\dllcache\imjpmig.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4779cc82.qua'!
C:\WINDOWS\System32\dllcache\imjpuex.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4779cc81.qua'!
C:\WINDOWS\System32\dllcache\imjputy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '451d0c9a.qua'!
C:\WINDOWS\System32\dllcache\usrmlnka.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4781ccc2.qua'!
C:\WINDOWS\System32\dllcache\usrprbda.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4781ccc3.qua'!
C:\WINDOWS\System32\dllcache\usrshuta.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '45e50cdc.qua'!
C:\WINDOWS\System32\drivers\19ad154d.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '4770cc93.qua'!
C:\WINDOWS\System32\drivers\36db2d02.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '4773cc91.qua'!
C:\WINDOWS\System32\drivers\62c5e075.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '4772cc8d.qua'!
C:\WINDOWS\System32\drivers\66dde653.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '45170c8a.qua'!
C:\WINDOWS\System32\drivers\a3007d0f.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '473fcc8f.qua'!
C:\WINDOWS\System32\drivers\b71f27ea.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '4740cc94.qua'!
C:\WINDOWS\System32\drivers\f26ff4e8.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ddl
[INFO] The file was moved to '4745cc91.qua'!
C:\WINDOWS\System32\drivers\SCTray.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4763cca6.qua'!
C:\WINDOWS\System32\g34\guwer12.exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was moved to '4786ccdd.qua'!
C:\WINDOWS\System32\Macromed\Shockwave 8\QuitRemote.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Cholera
[INFO] The file was moved to '4778ccde.qua'!
C:\WINDOWS\System32\xp3\dnwldr131.exe
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[INFO] The file was moved to '4786ccea.qua'!

End of the scan: vendredi, 12. octobre 2007 21:35
Used time: 04:54 min

The scan has been done completely.

212 Scanning directories
6850 Files were scanned
54 viruses and/or unwanted programs were found
9 Files were classified as suspicious:
0 files were deleted
0 files were repaired
61 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
6796 Files not concerned
6 Archives were scanned
0 Warnings
0 Notes
0
Réponse 54 / 73
nulle en informatique
 
oops j'ai oublié de choisir le mode sans echec, je dois recommencer?
0
Réponse 55 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

bon antivir a bien travaillé

Relance AVG anti spyware stp, et poste le rapport
n'oublie pas de le paramétrer correctement

tu pourras recommencer en mode sans échec éventuellement, cela pourrait être intéressant également

0
Réponse 56 / 73
nulle en informatique
 
re, le rapport

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:09:24 13.10.2007

+ Résultat de l'analyse:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFCFW3QV\installer[1].exe -> Adware.CommAd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\temp\cmdinst.exe -> Adware.CommAd : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\smgr -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1801674531-162531612-682003330-1003\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\temp\i10.tmp -> Adware.SurfSide : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NetworkService\Local Settings\temp\i16.tmp -> Adware.SurfSide : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\TEMP\i11.tmp -> Adware.SurfSide : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\TEMP\stdrun4.exe -> Adware.SurfSide : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{87E1230F-DB28-4142-8044-DD1DB4875C67}\RP829\A0455512.dll -> Downloader.Small.dxm : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\system32\ldcore.dll.vir -> Downloader.Small.dxm : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\TEMP\exe4.exe -> Downloader.Small.exx : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\RHODON\Local Settings\Temporary Internet Files\Content.IE5\UQQKBHOX\srvoew[1].exe -> Heuristic.Win32.Dialer : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\TEMP\win20.tmp -> Heuristic.Win32.Dialer : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\TEMP\win31.tmp.exe -> Heuristic.Win32.Dialer : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\folder.js -> Hijacker.Small.jf : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.201:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.66:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.29:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.36:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.37:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.38:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.149:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.27:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.203:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.204:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.205:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.25:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.189:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.26:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.28:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.30:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.31:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.32:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.33:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.34:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.35:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.17:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.18:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.213:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.24:C:\Documents and Settings\RHODON\Application Data\Mozilla\Firefox\Profiles\n79daaq0.Utilisateur par défaut\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\RHODON\Local Settings\Temporary Internet Files\Content.IE5\0P2RGTU7\utbdjp[1].txt -> Trojan.Agent.bwl : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\RHODON\Local Settings\Temporary Internet Files\Content.IE5\SB3TWEOC\utbdjp[1].txt -> Trojan.Agent.bwl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{87E1230F-DB28-4142-8044-DD1DB4875C67}\RP829\A0457884.dll -> Trojan.Agent.qt : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\TEMP\mst12.tmp -> Trojan.Agent.qt : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport
0
Réponse 57 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
ok

refait un scan avec antivir en mode sans échec,

et également

relance combofix, poste le nouveau rapport

je pense qu'on verra la suite demain maintenant
0
Réponse 58 / 73
nulle en informatique
 
ok, je ferai ca demain.

bonne nuit à toi.
0
Réponse 59 / 73
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
oui il se fait tard

à demain

bonne nuit
0
Réponse 60 / 73
nulle en informatique
 
Bonjour philae,

y a un tres gros probleme (pour moi), le windows de mon pci ne veut plus demarrer. Je suis sur mon portbale en ce moment.
J'ai tout essayé les mode de demarrage mais rien. Quand je fais le mot de passe (ouverture de session) il met un peu de temps (environ 10 a 15 secondes) pour reflechir, sans les icones (bureau vide) mais ya quand meme la souri. Et tout d'un coup il s'affiche "deconexion windows", enregistrement de votre parametre etc.
Et la fenetre d'ouverture de session windows reapparait.

voila ce qui se passe. Trouves tu une solution philae? Ce soir je serai pas la, je suis invité a une mariage, je te rejoin ici demain.

Je te souhaite une agreable soirée, et bonne match (demi final)
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Page qui s’ouvre toute seule
Dolphie -
Manon -

5 réponses