Ouverture de fenêtre intenpestive!! Résolu/Fermé

Question

Bonjour,

Ayant lu les autre posts j'ai téléchargé Navilog1
Et voici le rapport, merci de votre aide : 
Search Navipromo version 3.4.0 commencé le 11/01/2008 à 23:56:04,46

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Gusanodx\application data" *** 

...\MessengerSkinner trouvé !


*** Recherche dossiers dans "C:\Documents and Settings\Gusanodx\MENUDM~1\PROGRA~1" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.dat
C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.exe
C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_nav.dat
C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 

Fichiers trouvés :

paajsbenwg.exe trouvé ! 



*** Recherche fichiers *** 


C:\WINDOWS\system32
vs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" : 

paajsbenwg.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :



*** Analyse terminée le 12/01/2008 à  0:15:12,77 ***

Merci pour votre réponse

ep44 · Answer

Bonsoir 

relance navilog mais cette fois ci tu peux choisir l'option 2

si tu veux ensuite tu peux suivre ceci 

Télecharge http://www.malekal.com/download/clean.zip sur le bureau

=> Dézippe sur le bureau.
=> ouvrir le dossier clean
=> clique sur le symbole roue dentée avec le nom clean
=> choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
=> ensuite colle le rapport 
et

Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

=> Double-clic dessus
=> installe 
=> Clic Do a system scan and save the log
=> coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 
@+

Dangmart · Answer

Merci je vais essayer!!

ep44 · Answer

ok @+

Dangmart · Answer

Voilà ce que ça me met!

Clean Navipromo version 3.4.0 commencé le 16/01/2008 à 21:47:42,61

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique 


*** Creation backups fichiers trouvés par Catchme *** 

Copie vers "C:\Program Files
avilog1\Backupnavi"

Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.dat réalisée avec succès ! 
Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.exe réalisée avec succès ! 
Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_nav.dat réalisée avec succès ! 
Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_navps.dat réalisée avec succès ! 

*** Suppression des fichiers trouvés avec Catchme ***

 
** 2ème passage avec résultats Catchme ** 

* Dans C:\WINDOWS\system32 *


C:\WINDOWS\prefetch\paajsbenwg*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\paajsbenwg*.pf réalisée avec succès !
C:\WINDOWS\prefetch\paajsbenwg*.pf supprimé !

* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Gusanodx\application data" *** 

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "C:\Documents and Settings\Gusanodx\MENUDM~1\PROGRA~1" *** 


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Gusanodx\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *


* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 

lrnnlb.dat trouvé !
Copie lrnnlb.dat réalisée avec succès !
lrnnlb.dat supprimé !

lrnnlb_nav.dat trouvé !
Copie lrnnlb_nav.dat réalisée avec succès !
lrnnlb_nav.dat supprimé !

lrnnlb.exe trouvé !
Copie lrnnlb.exe réalisée avec succès !
lrnnlb.exe supprimé !

lrnnlb_navps.dat trouvé !
Copie lrnnlb_navps.dat réalisée avec succès !
lrnnlb_navps.dat supprimé !

C:\WINDOWS\prefetch\lrnnlb*.pf trouvé !
Copie C:\WINDOWS\prefetch\lrnnlb*.pf réalisée avec succès !
C:\WINDOWS\prefetch\lrnnlb*.pf supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 16/01/2008 à 21:55:42,93 ***

Maintenant j'ai plus d'ouverture intenpestive!!

Merci beaucoup!

ep44 · Answer

ok passe clean  maintenant

Dangmart · Answer

Je n'ai pas essayé les autres programmes car ça marché!
Est-ce nécessaire?

ep44 · Answer

oui

Dangmart · Answer

Ok je le fais!

ep44 · Answer

Bonsoir 

j'attends ton rapport
@+

Dangmart · Answer

Quand je met clean option 1
je n'ai pas de rapport qui s'affiche?

Dangmart · Answer

Comme le clean ne me donne pas de rapport je suis passé à Hijackthis et voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:05, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\ods\OdS.exe
C:\Program Files\SpeedSim\SpeedSim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] C:\DOCUME~1\Gusanodx\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe /skip_all_checks /p  /start /restart /l:fra
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

ep44 · Answer

Bonsoir 
pas d'anti-virus ni de parefeu d'activé !

il faut pour commencer mettre un antivirus 
en voici un gratuit et très efficace  en anglais mais très facile d'utilisation 
https://www.malekal.com/avira-free-security-antivirus-gratuit/

pour le parefeu tu peux utiliser celui-ci au lieu du pare feu de windows 
https://www.malekal.com/tutoriel-zonealarm-firewall/

ensuite le rapport clean se trouve dabs c:

@+ ;-)

Dangmart · Answer

Voila je l'ai trouvé. J'espère que c'est ça!!
Pour l'anti virus j'utilise Nod32

Clean Navipromo version 3.4.0 commencé le 16/01/2008 à 21:47:42,61

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique 


*** Creation backups fichiers trouvés par Catchme *** 

Copie vers "C:\Program Files
avilog1\Backupnavi"

Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.dat réalisée avec succès ! 
Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.exe réalisée avec succès ! 
Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_nav.dat réalisée avec succès ! 
Copie C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_navps.dat réalisée avec succès ! 

*** Suppression des fichiers trouvés avec Catchme ***

 
** 2ème passage avec résultats Catchme ** 

* Dans C:\WINDOWS\system32 *


C:\WINDOWS\prefetch\paajsbenwg*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\paajsbenwg*.pf réalisée avec succès !
C:\WINDOWS\prefetch\paajsbenwg*.pf supprimé !

* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Gusanodx\application data" *** 

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "C:\Documents and Settings\Gusanodx\MENUDM~1\PROGRA~1" *** 


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Gusanodx\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *


* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 

lrnnlb.dat trouvé !
Copie lrnnlb.dat réalisée avec succès !
lrnnlb.dat supprimé !

lrnnlb_nav.dat trouvé !
Copie lrnnlb_nav.dat réalisée avec succès !
lrnnlb_nav.dat supprimé !

lrnnlb.exe trouvé !
Copie lrnnlb.exe réalisée avec succès !
lrnnlb.exe supprimé !

lrnnlb_navps.dat trouvé !
Copie lrnnlb_navps.dat réalisée avec succès !
lrnnlb_navps.dat supprimé !

C:\WINDOWS\prefetch\lrnnlb*.pf trouvé !
Copie C:\WINDOWS\prefetch\lrnnlb*.pf réalisée avec succès !
C:\WINDOWS\prefetch\lrnnlb*.pf supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 16/01/2008 à 21:55:42,93 ***

ep44 · Answer

Bonsoir Dangmart,
non ceci et le raport de naviog 
clean ce trouve dans c: et tu doit avoir un document texte clean 
@+

Dangmart · Answer

Je vais tout recommencer car clean ne marche pas!

Dangmart · Answer

Je crois qu'il a détecté qque choses mais il ne peux pas l'enlever!
J'attends votre réponse avant de faire l'option 2.
Puis je télécharge clean!




Search Navipromo version 3.4.0 commencé le 28/01/2008 à 20:58:22,76

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Gusanodx\application data" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Gusanodx\MENUDM~1\PROGRA~1" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Gusanodx\local settings\application data" * 



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" : 


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32	uvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 28/01/2008 à 21:11:09,35 ***

ep44 · Answer

Bonsoir 

non pas option 2

on va passer à autre choses 

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite une fois ceci fait refais un rapport hijack

et ton rapport de clean  doit ressembler à ceci 
http://www.commentcamarche.net/forum/affich 4059925 cherche avis sur rapport exc clean cmd
@+

Dangmart · Answer

Bonsoir,
Voilà le rapport, mais je crois avoir toujours quelques chose!


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 21:45:38 28/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtrspn.dll
C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\lfdlugwv.dll
C:\WINDOWS\system32
nnljjk.dll
C:\WINDOWS\system32\qomnnnm.dll
C:\WINDOWS\system32\ssqpmnn.dll
C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvwvut.dll
C:\WINDOWS\system32\vtutsrp.dll
C:\WINDOWS\system32\vtuurro.dll
C:\WINDOWS\system32\vwguldfl.ini
C:\WINDOWS\system32\wvutsst.dll
C:\WINDOWS\system32\yayyvtt.dll
C:\WINDOWS\Temp\vid009.exe
C:\WINDOWS\Temp\vid00d.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtrspn.dll
C:\WINDOWS\system32\awtrspn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\lfdlugwv.dll
C:\WINDOWS\system32\lfdlugwv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
nnljjk.dll
C:\WINDOWS\system32
nnljjk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qomnnnm.dll
C:\WINDOWS\system32\qomnnnm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpmnn.dll
C:\WINDOWS\system32\ssqpmnn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvut.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvwvut.dll
C:\WINDOWS\system32	uvwvut.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtutsrp.dll
C:\WINDOWS\system32\vtutsrp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtuurro.dll
C:\WINDOWS\system32\vtuurro.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vwguldfl.ini
C:\WINDOWS\system32\vwguldfl.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wvutsst.dll
C:\WINDOWS\system32\wvutsst.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yayyvtt.dll
C:\WINDOWS\system32\yayyvtt.dll Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid009.exe
C:\WINDOWS\Temp\vid009.exe Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid00d.exe
C:\WINDOWS\Temp\vid00d.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvut.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Dangmart · Answer

C'est le hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:42, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\vtustqq.dll
O2 - BHO: (no name) - {D1FFF36E-49C8-420F-9088-ADE9E4CD7345} - C:\WINDOWS\system32	uvut.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [384ff639] rundll32.exe "C:\WINDOWS\system32\lfdlugwv.dll",b
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] C:\DOCUME~1\Gusanodx\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe /skip_all_checks /p  /start /restart /l:fra
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtustqq - C:\WINDOWS\SYSTEM32\vtustqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

ep44 · Answer

Relance Vundofix
 =Ne clique pas sur "Scan for a vundo"
 =Clique droit au milieu de la fenêtre
 =Clique sur Add more files ?
 =Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32	uvut.ini 
C:\WINDOWS\system32	uvut.ini2 
 

 =Clique sur Add files
 =Ensuite clique sur Close Windows
 =Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
 =Si l'outil demande un redémarrage, accepte
 =Poste le rapport Vundofix, 

ensuite 

Télécharge Combofix sUBs : http://www.pc-xpress.ca/download/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+

Dangmart · Answer

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 21:45:38 28/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtrspn.dll
C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\lfdlugwv.dll
C:\WINDOWS\system32
nnljjk.dll
C:\WINDOWS\system32\qomnnnm.dll
C:\WINDOWS\system32\ssqpmnn.dll
C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvwvut.dll
C:\WINDOWS\system32\vtutsrp.dll
C:\WINDOWS\system32\vtuurro.dll
C:\WINDOWS\system32\vwguldfl.ini
C:\WINDOWS\system32\wvutsst.dll
C:\WINDOWS\system32\yayyvtt.dll
C:\WINDOWS\Temp\vid009.exe
C:\WINDOWS\Temp\vid00d.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtrspn.dll
C:\WINDOWS\system32\awtrspn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\lfdlugwv.dll
C:\WINDOWS\system32\lfdlugwv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
nnljjk.dll
C:\WINDOWS\system32
nnljjk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qomnnnm.dll
C:\WINDOWS\system32\qomnnnm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpmnn.dll
C:\WINDOWS\system32\ssqpmnn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvut.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvwvut.dll
C:\WINDOWS\system32	uvwvut.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtutsrp.dll
C:\WINDOWS\system32\vtutsrp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtuurro.dll
C:\WINDOWS\system32\vtuurro.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vwguldfl.ini
C:\WINDOWS\system32\vwguldfl.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wvutsst.dll
C:\WINDOWS\system32\wvutsst.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yayyvtt.dll
C:\WINDOWS\system32\yayyvtt.dll Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid009.exe
C:\WINDOWS\Temp\vid009.exe Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid00d.exe
C:\WINDOWS\Temp\vid00d.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvut.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 00:28:31 29/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\hgghgfe.dll
C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\Temp\vid00d.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\hgghgfe.dll
C:\WINDOWS\system32\hgghgfe.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 01:18:12 29/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\vtustqq.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.10

Scan started at 03:19:35 29/01/2008

Listing files found while scanning....

Tout seul il n'arrivait pas à  effacer le vtustqq.dll, alors j'ai mis en safe boot et je l'ai supprimé ; ça a réussie mais en redémarrant des fenetres s'ouvrent, manque des dll et manque le disque??? Aïeeeeeeee

Dangmart · Answer

mon antivirus me détecte adware.virtumonde application?? et le met en quarantine!! je l'ai effacé plusieurs fois mais il revient!!

Dangmart · Answer

Mince  j'avais pas vu un post,, merci bcp!
J'essaie demain car j'y vois + rien.

Dangmart · Answer

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 21:45:38 28/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtrspn.dll
C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\lfdlugwv.dll
C:\WINDOWS\system32
nnljjk.dll
C:\WINDOWS\system32\qomnnnm.dll
C:\WINDOWS\system32\ssqpmnn.dll
C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvwvut.dll
C:\WINDOWS\system32\vtutsrp.dll
C:\WINDOWS\system32\vtuurro.dll
C:\WINDOWS\system32\vwguldfl.ini
C:\WINDOWS\system32\wvutsst.dll
C:\WINDOWS\system32\yayyvtt.dll
C:\WINDOWS\Temp\vid009.exe
C:\WINDOWS\Temp\vid00d.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtrspn.dll
C:\WINDOWS\system32\awtrspn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\lfdlugwv.dll
C:\WINDOWS\system32\lfdlugwv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
nnljjk.dll
C:\WINDOWS\system32
nnljjk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qomnnnm.dll
C:\WINDOWS\system32\qomnnnm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpmnn.dll
C:\WINDOWS\system32\ssqpmnn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvut.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvwvut.dll
C:\WINDOWS\system32	uvwvut.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtutsrp.dll
C:\WINDOWS\system32\vtutsrp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtuurro.dll
C:\WINDOWS\system32\vtuurro.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vwguldfl.ini
C:\WINDOWS\system32\vwguldfl.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wvutsst.dll
C:\WINDOWS\system32\wvutsst.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yayyvtt.dll
C:\WINDOWS\system32\yayyvtt.dll Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid009.exe
C:\WINDOWS\Temp\vid009.exe Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid00d.exe
C:\WINDOWS\Temp\vid00d.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	uvut.dll
C:\WINDOWS\system32	uvut.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini
C:\WINDOWS\system32	uvut.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	uvut.ini2
C:\WINDOWS\system32	uvut.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 00:28:31 29/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\hgghgfe.dll
C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\Temp\vid00d.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxyaxw.dll
C:\WINDOWS\system32\byxyaxw.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\hgghgfe.dll
C:\WINDOWS\system32\hgghgfe.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 01:18:12 29/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\vtustqq.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\vtustqq.dll
C:\WINDOWS\system32\vtustqq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.10

Scan started at 03:19:35 29/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\cbaax.dll
C:\WINDOWS\system32\cbxuvvu.dll
C:\WINDOWS\system32\ljjgffg.dll
C:\WINDOWS\system32\opnkhhf.dll
C:\WINDOWS\system32\xaabc.ini
C:\WINDOWS\system32\xaabc.ini2
C:\WINDOWS\system32\yayvvww.dll
C:\WINDOWS\Temp\vid00d.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\cbaax.dll
C:\WINDOWS\system32\cbaax.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cbxuvvu.dll
C:\WINDOWS\system32\cbxuvvu.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ljjgffg.dll
C:\WINDOWS\system32\ljjgffg.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\opnkhhf.dll
C:\WINDOWS\system32\opnkhhf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xaabc.ini
C:\WINDOWS\system32\xaabc.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xaabc.ini2
C:\WINDOWS\system32\xaabc.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yayvvww.dll
C:\WINDOWS\system32\yayvvww.dll Has been deleted!

 Attempting to delete C:\WINDOWS\Temp\vid00d.exe
C:\WINDOWS\Temp\vid00d.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\cbaax.dll
C:\WINDOWS\system32\cbaax.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ljjgffg.dll
C:\WINDOWS\system32\ljjgffg.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xaabc.ini
C:\WINDOWS\system32\xaabc.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xaabc.ini2
C:\WINDOWS\system32\xaabc.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

Performing Repairs to the registry.
Done!
Bon je l'ai fais en en mettant les noms en plus.
Maintenant je telécharge l'autre prog.

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-01-29 4:37:56.1 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.584 [GMT 1:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Gusanodx\APPLIC~1\addon.dat ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) ------- m ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))) 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-29 04:24 38,400 --a------ C:\WINDOWS\system32\opnkkhf.dll 2008-01-29 04:09 2,138 --ahs---- C:\WINDOWS\system32 stss.ini2 2008-01-29 04:08 334,336 --a------ C:\WINDOWS\system32\sstst.dll 2008-01-29 04:06 38,400 --a------ C:\WINDOWS\system32\ljjhhhh.dll 2008-01-29 01:52 38,400 --------- C:\WINDOWS\system32\ljjgffg.dll 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 37,888 --a------ C:\WINDOWS\system32 ar.exe 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2007-12-30 11:24 d-------- C:\Program Files\%temp& (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-29 10:58 38400 --a------ C:\WINDOWS\system32\yayvtrq.dll 2008-01-29 02:04 --------- d-------- C:\Program Files\eMule 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-28 22:40 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-01-28 21:36 --------- d-------- C:\Program Files\ods 2008-01-27 19:13 40448 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-01-21 21:03 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-30 11:24 --------- d-------- C:\Program Files\%temp& 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-12-05 18:30 --------- d-------- C:\Program Files\IVT Corporation 2007-12-02 14:47 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-01 15:23 --------- d-------- C:\Program Files\Windows Live 2007-12-01 15:21 --------- d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-01 15:13 --------- d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-29 16:26 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++ 2007-11-29 16:25 --------- d-------- C:\Program Files\Notepad++ 2007-11-29 12:18 --------- d-------- C:\Program Files\MSXML 6.0 2007-11-29 12:00 --------- d-------- C:\Program Files\Reference Assemblies 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-10-31 00:23 3590656 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 18:20 360064 --a--c--- C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 23:43 1293824 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-29 23:43 1293824 --a------ C:\WINDOWS\system32\quartz.dll 2004-10-22 16:58 192512 --a------ C:\WINDOWS\inf mSagemCARDoem.exe 2004-03-22 19:16 338176 --a------ C:\WINDOWS\inf\setupinf\bcmwl5.sys 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe 2002-11-14 22:32 55808 --a------ C:\WINDOWS\inf\devconScard.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AB73A29-6A8F-4C73-AB52-D825608601B9}] 2008-01-29 04:09 334336 --a------ C:\WINDOWS\system32\sstst.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}] 2008-01-29 04:06 38400 --a------ C:\WINDOWS\system32\ljjhhhh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A619728A-B690-463A-BECE-8F3CCF88169A}] C:\WINDOWS\system32\ddabx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1FFF36E-49C8-420F-9088-ADE9E4CD7345}] C:\WINDOWS\system32 uvut.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2C70103-65F1-4F3F-AEAF-DC380846CF77}] C:\WINDOWS\system32\cbaax.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "384ff639"="C:\WINDOWS\system32\lfdlugwv.dll" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "NTSpool"=NTSpool.exe "Windows Printing Driver"=WinPrint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] "{98663E21-9CCE-4CF6-863C-911A9523A66F}"= C:\WINDOWS\system32\ljjhhhh.dll [2008-01-29 04:06 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ljjhhhh] ljjhhhh.dll 2008-01-29 04:06 38400 C:\WINDOWS\system32\ljjhhhh.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstst R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s Contents of the 'Scheduled Tasks' folder 2008-01-29 03:59:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-29 10:53:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\Program Files\Internet Explorer\iexplore.exe [3008] 0x8633DC60 scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\yayvtrq.dll scan completed successfully hidden files: 1 ************************************************************************** Completion time: 2008-01-29 11:06:19 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-01-29 11:05 --- E O F --- "384ff639"="C:\WINDOWS\system32\lfdlugwv.dll" [] C'est ce Dll qui s'ouvre lorsque je démarre et qui ne fonctionne pas. Merci pour l'aide. :-)

Dangmart · Answer

Re bonjour,

Je cherche un parefeu qui utilise très peu de ressource et de bonne qualité bien sur! Que pouvez-vous me conseiller?

Dangmart · Answer

Je crois que c'(est de pire en pire!!
Mon ordi met 3h à démarrer, Nod détecte et met en quarantaine plusieurs trucs!!

ep44 · Answer

Bonsoir 

oulalala tout un tas de rapport 

si tu ne fait pas ce que je te demande il va être très difficile de t'aider car 
tu balance tout un tas de rapport et on ne sait même plus ou ion en ai 

bonne nouvelle ton rapprt de combofix 
nous montre pas mal de chose à voir 
mais j'aurais quand même préféré procéder par étapes combo fait partit de l'étape 
mais bon...

je te donne réponse à ton rapport tout à l'heure

@+

ep44 · Answer

selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AB73A29-6A8F-4C73-AB52-D825608601B9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A619728A-B690-463A-BECE-8F3CCF88169A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1FFF36E-49C8-420F-9088-ADE9E4CD7345}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C70103-65F1-4F3F-AEAF-DC380846CF77}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ljjhhhh] 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=-

File::

C:\WINDOWS\system32\opnkkhf.dll
C:\WINDOWS\system32	stss.ini2
C:\WINDOWS\system32\sstst.dll
C:\WINDOWS\system32\ljjhhhh.dll
C:\WINDOWS\system32\ljjgffg.dll
C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 
C:\WINDOWS\system32\yayvtrq.dll
C:\DOCUME~1\Gusanodx\APPLIC~1\Skype
C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 
C:\DOCUME~1\Gusanodx\APPLIC~1\U3
C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 
C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++
C:\WINDOWS\infmSagemCARDoem.exe
C:\WINDOWS\inf\setupinf\bcmwl5.sys
C:\WINDOWS\inf\SetScardINF_wxp.ex
C:\WINDOWS\inf\devconScard.exe 

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
+ un nouveau rapport hijack 
@+

Dangmart · Answer

Bonsoir, J'ai exécute normalement tout ce que vous m'avez demandé de faire ; mais au re-démarrage automatique, voilà ça ne marche pas je tombe sur l'écran pour rentré un mot de passe qui normalement comme je n'ai pas de mot de passe, je tape Ok et là une fenêtre s'ouvre et me met " impossible d'ouvrir une session car il y a limitation de compte"!! J'essaie 2 fois mais tjrs la meme chose, donc je decide de redémarer de nouveau, même problème! Donc je démarre avec F8 et je met démarrer avec dernière point de restauration qui fonctionne! Ca marche! l'ordi re démarre et termine le combofix et me donne ce fichier!! ComboFix 07-08-09.3 - "Gusanodx" 2008-01-29 22:56:25.2 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.458 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\opnkkhf.dll C:\WINDOWS\system32 stss.ini2 C:\WINDOWS\system32\sstst.dll C:\WINDOWS\system32\ljjhhhh.dll C:\WINDOWS\system32\ljjgffg.dll C:\DOCUME~1\Gusanodx\APPLIC~1\vlc C:\WINDOWS\system32\yayvtrq.dll C:\DOCUME~1\Gusanodx\APPLIC~1\Skype C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus C:\DOCUME~1\Gusanodx\APPLIC~1\U3 C:\DOCUME~1\Gusanodx\APPLIC~1\SAA C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++ C:\WINDOWS\inf mSagemCARDoem.exe C:\WINDOWS\inf\setupinf\bcmwl5.sys C:\WINDOWS\inf\SetScardINF_wxp.ex C:\WINDOWS\inf\devconScard.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\inf\devconScard.exe C:\WINDOWS\inf mSagemCARDoem.exe C:\WINDOWS\inf\setupinf\bcmwl5.sys C:\WINDOWS\system32\ljjgffg.dll C:\WINDOWS\system32\ljjhhhh.dll C:\WINDOWS\system32\opnkkhf.dll C:\WINDOWS\system32\sstst.dll C:\WINDOWS\system32 stss.ini2 C:\WINDOWS\system32\yayvtrq.dll ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))) 2008-01-29 20:59 37,888 --a------ C:\WINDOWS\system32\opnmlli.dll 2008-01-29 20:38 37,888 --a------ C:\WINDOWS\system32\iifgeeb.dll 2008-01-29 19:42 37,888 --a------ C:\WINDOWS\system32\byxywtt.dll 2008-01-29 18:45 88,640 --a------ C:\WINDOWS\system32\qiproebw.dll 2008-01-29 18:39 69,696 --a------ C:\WINDOWS\system32\iisnojkk.dll 2008-01-29 18:10 38,400 --a------ C:\WINDOWS\system32\xxyaxyy.dll 2008-01-29 16:43 38,400 --a------ C:\WINDOWS\system32\yayyxwt.dll 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 37,888 --a------ C:\WINDOWS\system32 ar.exe 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2007-12-30 11:24 d-------- C:\Program Files\%temp& (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-29 23:13 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-01-29 22:50 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-29 18:49 --------- d-------- C:\Program Files\ods 2008-01-29 17:46 --------- d-------- C:\Program Files\eMule 2008-01-29 17:44 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-27 19:13 40448 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-30 11:24 --------- d-------- C:\Program Files\%temp& 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-12-05 18:30 --------- d-------- C:\Program Files\IVT Corporation 2007-12-02 14:47 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-01 15:23 --------- d-------- C:\Program Files\Windows Live 2007-12-01 15:21 --------- d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-01 15:13 --------- d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-29 16:26 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++ 2007-11-29 16:25 --------- d-------- C:\Program Files\Notepad++ 2007-11-29 12:18 --------- d-------- C:\Program Files\MSXML 6.0 2007-11-29 12:00 --------- d-------- C:\Program Files\Reference Assemblies 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-10-31 00:23 3590656 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 18:20 360064 --a--c--- C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 23:43 1293824 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-29 23:43 1293824 --a------ C:\WINDOWS\system32\quartz.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "BM3b7cc5a5"="C:\WINDOWS\system32\iisnojkk.dll" [2008-01-29 18:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "NTSpool"=NTSpool.exe "Windows Printing Driver"=WinPrint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s Contents of the 'Scheduled Tasks' folder 2008-01-29 22:38:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-29 23:36:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\Program Files\Internet Explorer\iexplore.exe [3856] 0x8633F020 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "OfflineDetectionPending"=dword:00000001 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-01-29 23:44:42 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-01-29 23:43 C:\ComboFix2.txt ... 2008-01-29 11:06 --- E O F --- Merci de l'aide!!

Dangmart · Answer

Voià le rapport... Je n'ai fais ni touché entre et je ne fais rien avant votre réponse.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:20, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM3b7cc5a5] Rundll32.exe "C:\WINDOWS\system32\iisnojkk.dll",s
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

Dangmart · Answer

Est ce que je peux avoir des explications sur ce qui se passe dans l'ordi? Virus, trojan ou autre chose!!
Pourquoi windefendeur et Nod ne font rien, ils les bloques et les mettent en quarantaine et c'est tout!!??

ep44 · Answer

Bonsoir 

en effet la suppression ce fait mais ca reviens :-(
windefendeur et Nod ne font pas la suppression 
car très difficile à supprimer 

refais la manip avec combofix mais en mode sans échec 
donc copie ce texte dans le bloc note 
et tu le nomme 
ensuite démarre en mode sans échec et fait la manip

C:\WINDOWS\system32\opnmlli.dll
C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\byxywtt.dll
C:\WINDOWS\system32\qiproebw.dll
C:\WINDOWS\system32\iisnojkk.dll
C:\WINDOWS\system32\xxyaxyy.dll
C:\WINDOWS\system32\yayyxwt.dll
C:\WINDOWS
ircmd.exe 


ensuite en mode normal
fait  un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
https://kerio.probb.fr/

@+

Dangmart · Answer

je copie ce texte :
C:\WINDOWS\system32\opnmlli.dll
C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\byxywtt.dll
C:\WINDOWS\system32\qiproebw.dll
C:\WINDOWS\system32\iisnojkk.dll
C:\WINDOWS\system32\xxyaxyy.dll
C:\WINDOWS\system32\yayyxwt.dll
C:\WINDOWS
ircmd.exe 

et je le nomme comment? CFScript.txt?

ep44 · Answer

oui  
CFScript.txt

Dangmart · Answer

Excusez moi je préférais une confirmation? DSL.

ep44 · Answer

pas de soucis ;-)

Dangmart · Answer

Je n'arrive pas à démarrer en mode sans echec, il faut que je re démarre en mode dernière bonne configuration sinon il me dit que il y a une limitation de compte!!
Que fais -je?

ep44 · Answer

essaye en mode normal 

ensuite pense à faire le scan en ligne 
@+

Dangmart · Answer

Ok merci, mais pourquoi cette limitation? A cause des vir/troj?
@+

Dangmart · Answer

Voici le rapport de combo! et je fais maintenat le scan en ligne. ComboFix 07-08-09.3 - "Gusanodx" 2008-01-30 22:59:13.3 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.503 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) 2008-01-30 22:27 37,376 --a------ C:\WINDOWS\system32\xxyayxv.dll 2008-01-30 19:02 37,888 --a------ C:\WINDOWS\system32\ljjjife.dll 2008-01-30 18:47 37,888 --a------ C:\WINDOWS\system32\qommmjh.dll 2008-01-30 13:59 37,888 --a------ C:\WINDOWS\system32\fccayvv.dll 2008-01-30 13:31 37,888 --a------ C:\WINDOWS\system32\xxyayxy.dll 2008-01-30 12:23 37,888 --a------ C:\WINDOWS\system32\ljjklif.dll 2008-01-30 12:05 90,176 --a------ C:\WINDOWS\system32 edghfgl.dll 2008-01-30 05:59 37,888 --a------ C:\WINDOWS\system32\ssqnmli.dll 2008-01-30 03:42 37,888 --a------ C:\WINDOWS\system32\vturrrr.dll 2008-01-29 23:59 399,902 --ahs---- C:\WINDOWS\system32\wxbay.ini2 2008-01-29 23:58 332,288 --a------ C:\WINDOWS\system32\yabxw.dll 2008-01-29 23:52 37,888 --a------ C:\WINDOWS\system32\urqqpol.dll 2008-01-29 20:59 37,888 --a------ C:\WINDOWS\system32\opnmlli.dll 2008-01-29 20:38 37,888 --a------ C:\WINDOWS\system32\iifgeeb.dll 2008-01-29 19:42 37,888 --a------ C:\WINDOWS\system32\byxywtt.dll 2008-01-29 18:45 88,640 --a------ C:\WINDOWS\system32\qiproebw.dll 2008-01-29 18:39 69,696 --a------ C:\WINDOWS\system32\iisnojkk.dll 2008-01-29 18:10 38,400 --a------ C:\WINDOWS\system32\xxyaxyy.dll 2008-01-29 16:43 38,400 --a------ C:\WINDOWS\system32\yayyxwt.dll 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 37,888 --a------ C:\WINDOWS\system32 ar.exe 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2007-12-30 11:24 d-------- C:\Program Files\%temp& 2007-12-27 19:40 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys 2007-12-27 19:40 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys 2007-12-26 12:54 d-------- C:\WINDOWS\system32\NtmsData 2007-12-21 21:00 d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 21:00 d-------- C:\bin 2007-12-21 20:58 d-------- C:\Program Files\Hewlett-Packard 2007-12-21 20:47 131,348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-20 14:19 d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 d-------- C:\Program Files\SAA 2007-12-18 15:13 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft 2007-12-17 21:38 d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 20:44 d-------- C:\Program Files\MediaCoder 2007-12-13 17:10 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET 2007-12-05 22:05 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-12-05 22:05 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-12-05 18:38 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth 2007-12-05 18:30 d-------- C:\Program Files\IVT Corporation 2007-12-02 14:47 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-02 04:23 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-02 04:23 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-01 15:24 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-01 15:21 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-01 15:07 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-30 16:34 --------- d-------- C:\Program Files\ods 2008-01-29 23:13 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-01-29 22:50 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-29 17:46 --------- d-------- C:\Program Files\eMule 2008-01-29 17:44 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-27 19:13 40448 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-30 11:24 --------- d-------- C:\Program Files\%temp& 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-12-01 15:23 --------- d-------- C:\Program Files\Windows Live 2007-11-29 16:26 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++ 2007-11-29 16:25 --------- d-------- C:\Program Files\Notepad++ 2007-11-29 12:18 --------- d-------- C:\Program Files\MSXML 6.0 2007-11-29 12:00 --------- d-------- C:\Program Files\Reference Assemblies 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-10-31 00:23 3590656 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 18:20 360064 --a--c--- C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 23:43 1293824 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-29 23:43 1293824 --a------ C:\WINDOWS\system32\quartz.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35468C33-B904-4260-9B8C-FFB953B2A270}] 2008-01-29 23:53 37888 --a------ C:\WINDOWS\system32\urqqpol.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1066123-33C3-4028-A8BB-BF15E3FE3712}] 2008-01-29 23:59 332288 --a------ C:\WINDOWS\system32\yabxw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "384ff639"="C:\WINDOWS\system32 edghfgl.dll" [2008-01-30 12:05] "BM3b7cc5a5"="C:\WINDOWS\system32\iisnojkk.dll" [2008-01-29 18:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "NTSpool"=NTSpool.exe "Windows Printing Driver"=WinPrint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] "{35468C33-B904-4260-9B8C-FFB953B2A270}"= C:\WINDOWS\system32\urqqpol.dll [2008-01-29 23:53 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\urqqpol] urqqpol.dll 2008-01-29 23:53 37888 C:\WINDOWS\system32\urqqpol.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\yabxw R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s Contents of the 'Scheduled Tasks' folder 2008-01-30 21:35:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 23:10:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-01-30 23:20:00 C:\ComboFix-quarantined-files.txt ... 2008-01-30 23:19 C:\ComboFix2.txt ... 2008-01-29 23:44 C:\ComboFix3.txt ... 2008-01-29 11:06 --- E O F ---

ep44 · Answer

Une chose me dépasse je demande de l'aide 
@+

Dangmart · Answer

J'arrive pas à poster le rapport de bit defender! Il doit être trop long!

Dangmart · Answer

J'ai fais une autre  petite analyse avec bitdef car il me mettais qu'il n'arrivait pas à enlever qque choses, et quand je lui ai demandé de réanalyser uniquement le windows/system32: il trouve Trojan.Vundo.DXH!
Il ne peut pas le supprimer!!

Dangmart · Answer

Que faire?Merci.

Dangmart · Answer

Je suis arrivé à passer en mode sans échec et j'ai refait toutes les manipulations. VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 21:45:38 28/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\awtrspn.dll C:\WINDOWS\system32\byxyaxw.dll C:\WINDOWS\system32\lfdlugwv.dll C:\WINDOWS\system32 nnljjk.dll C:\WINDOWS\system32\qomnnnm.dll C:\WINDOWS\system32\ssqpmnn.dll C:\WINDOWS\system32 uvut.dll C:\WINDOWS\system32 uvut.ini C:\WINDOWS\system32 uvut.ini2 C:\WINDOWS\system32 uvwvut.dll C:\WINDOWS\system32\vtutsrp.dll C:\WINDOWS\system32\vtuurro.dll C:\WINDOWS\system32\vwguldfl.ini C:\WINDOWS\system32\wvutsst.dll C:\WINDOWS\system32\yayyvtt.dll C:\WINDOWS\Temp\vid009.exe C:\WINDOWS\Temp\vid00d.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\awtrspn.dll C:\WINDOWS\system32\awtrspn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\byxyaxw.dll C:\WINDOWS\system32\byxyaxw.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\lfdlugwv.dll C:\WINDOWS\system32\lfdlugwv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32 nnljjk.dll C:\WINDOWS\system32 nnljjk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qomnnnm.dll C:\WINDOWS\system32\qomnnnm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpmnn.dll C:\WINDOWS\system32\ssqpmnn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32 uvut.dll C:\WINDOWS\system32 uvut.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32 uvut.ini C:\WINDOWS\system32 uvut.ini Has been deleted! Attempting to delete C:\WINDOWS\system32 uvut.ini2 C:\WINDOWS\system32 uvut.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32 uvwvut.dll C:\WINDOWS\system32 uvwvut.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtutsrp.dll C:\WINDOWS\system32\vtutsrp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtuurro.dll C:\WINDOWS\system32\vtuurro.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vwguldfl.ini C:\WINDOWS\system32\vwguldfl.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\wvutsst.dll C:\WINDOWS\system32\wvutsst.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yayyvtt.dll C:\WINDOWS\system32\yayyvtt.dll Has been deleted! Attempting to delete C:\WINDOWS\Temp\vid009.exe C:\WINDOWS\Temp\vid009.exe Has been deleted! Attempting to delete C:\WINDOWS\Temp\vid00d.exe C:\WINDOWS\Temp\vid00d.exe Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\byxyaxw.dll C:\WINDOWS\system32\byxyaxw.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32 uvut.dll C:\WINDOWS\system32 uvut.dll Has been deleted! Attempting to delete C:\WINDOWS\system32 uvut.ini C:\WINDOWS\system32 uvut.ini Has been deleted! Attempting to delete C:\WINDOWS\system32 uvut.ini2 C:\WINDOWS\system32 uvut.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 00:28:31 29/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\byxyaxw.dll C:\WINDOWS\system32\ddabx.dll C:\WINDOWS\system32\hgghgfe.dll C:\WINDOWS\system32\vtustqq.dll C:\WINDOWS\system32\xbadd.ini C:\WINDOWS\system32\xbadd.ini2 C:\WINDOWS\Temp\vid00d.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\byxyaxw.dll C:\WINDOWS\system32\byxyaxw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabx.dll C:\WINDOWS\system32\ddabx.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\hgghgfe.dll C:\WINDOWS\system32\hgghgfe.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtustqq.dll C:\WINDOWS\system32\vtustqq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xbadd.ini C:\WINDOWS\system32\xbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xbadd.ini2 C:\WINDOWS\system32\xbadd.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ddabx.dll C:\WINDOWS\system32\ddabx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtustqq.dll C:\WINDOWS\system32\vtustqq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xbadd.ini C:\WINDOWS\system32\xbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xbadd.ini2 C:\WINDOWS\system32\xbadd.ini2 Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 01:18:12 29/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\vtustqq.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\vtustqq.dll C:\WINDOWS\system32\vtustqq.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vtustqq.dll C:\WINDOWS\system32\vtustqq.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.10 Scan started at 03:19:35 29/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\cbaax.dll C:\WINDOWS\system32\cbxuvvu.dll C:\WINDOWS\system32\ljjgffg.dll C:\WINDOWS\system32\opnkhhf.dll C:\WINDOWS\system32\xaabc.ini C:\WINDOWS\system32\xaabc.ini2 C:\WINDOWS\system32\yayvvww.dll C:\WINDOWS\Temp\vid00d.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\cbaax.dll C:\WINDOWS\system32\cbaax.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\cbxuvvu.dll C:\WINDOWS\system32\cbxuvvu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjgffg.dll C:\WINDOWS\system32\ljjgffg.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\opnkhhf.dll C:\WINDOWS\system32\opnkhhf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xaabc.ini C:\WINDOWS\system32\xaabc.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xaabc.ini2 C:\WINDOWS\system32\xaabc.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\yayvvww.dll C:\WINDOWS\system32\yayvvww.dll Has been deleted! Attempting to delete C:\WINDOWS\Temp\vid00d.exe C:\WINDOWS\Temp\vid00d.exe Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\cbaax.dll C:\WINDOWS\system32\cbaax.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjgffg.dll C:\WINDOWS\system32\ljjgffg.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xaabc.ini C:\WINDOWS\system32\xaabc.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xaabc.ini2 C:\WINDOWS\system32\xaabc.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Beginning removal... Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.10 Scan started at 04:11:21 31/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\byxywtt.dll C:\WINDOWS\system32\fccayvv.dll C:\WINDOWS\system32\iifgeeb.dll C:\WINDOWS\system32\iisnojkk.dll C:\WINDOWS\system32\lgfhgdet.ini C:\WINDOWS\system32\ljjjife.dll C:\WINDOWS\system32\ljjklif.dll C:\WINDOWS\system32\opnllmn.dll C:\WINDOWS\system32\opnmlli.dll C:\WINDOWS\system32\qiproebw.dll C:\WINDOWS\system32\qommmjh.dll C:\WINDOWS\system32\ssqnmli.dll C:\WINDOWS\system32 edghfgl.dll C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32\vturrrr.dll C:\WINDOWS\system32\wbeorpiq.ini C:\WINDOWS\system32\xxyayxv.dll C:\WINDOWS\system32\xxyayxy.dll C:\WINDOWS\system32\yabxw.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\byxywtt.dll C:\WINDOWS\system32\byxywtt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccayvv.dll C:\WINDOWS\system32\fccayvv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iifgeeb.dll C:\WINDOWS\system32\iifgeeb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iisnojkk.dll C:\WINDOWS\system32\iisnojkk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\lgfhgdet.ini C:\WINDOWS\system32\lgfhgdet.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjjife.dll C:\WINDOWS\system32\ljjjife.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjklif.dll C:\WINDOWS\system32\ljjklif.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\opnllmn.dll C:\WINDOWS\system32\opnllmn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\opnmlli.dll C:\WINDOWS\system32\opnmlli.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qiproebw.dll C:\WINDOWS\system32\qiproebw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qommmjh.dll C:\WINDOWS\system32\qommmjh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqnmli.dll C:\WINDOWS\system32\ssqnmli.dll Has been deleted! Attempting to delete C:\WINDOWS\system32 edghfgl.dll C:\WINDOWS\system32 edghfgl.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32\urqqpol.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\vturrrr.dll C:\WINDOWS\system32\vturrrr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wbeorpiq.ini C:\WINDOWS\system32\wbeorpiq.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyayxv.dll C:\WINDOWS\system32\xxyayxv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyayxy.dll C:\WINDOWS\system32\xxyayxy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yabxw.dll C:\WINDOWS\system32\yabxw.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\iisnojkk.dll C:\WINDOWS\system32\iisnojkk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32\urqqpol.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yabxw.dll C:\WINDOWS\system32\yabxw.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Beginning removal... Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.10 Scan started at 11:38:50 31/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini2 C:\WINDOWS\system32\gebca.dll C:\WINDOWS\system32\urqqpol.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\acbeg.ini2 C:\WINDOWS\system32\acbeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\gebca.dll C:\WINDOWS\system32\gebca.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32\urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32\urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:/windows/system32/urqqpol.dll c:/windows/system32/urqqpol.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... ____________________________________________________________________________________________________________ ComboFix 07-08-09.3 - "Gusanodx" 2008-01-31 14:46:57.5 - NTFSx86 MINIMAL Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.787 [GMT 1:00] ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))) 2008-01-31 13:26 451 --ahs---- C:\WINDOWS\system32 qtss.ini2 2008-01-31 13:26 336,896 --a------ C:\WINDOWS\system32\sstqr.dll 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 23:59 410,789 --ahs---- C:\WINDOWS\system32\wxbay.ini2 2008-01-29 23:52 37,888 --------- C:\WINDOWS\system32\urqqpol.dll 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 37,888 --a------ C:\WINDOWS\system32 ar.exe 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2007-12-30 11:24 d-------- C:\Program Files\%temp& 2007-12-27 19:40 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys 2007-12-27 19:40 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys 2007-12-26 12:54 d-------- C:\WINDOWS\system32\NtmsData 2007-12-21 21:00 d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 21:00 d-------- C:\bin 2007-12-21 20:58 d-------- C:\Program Files\Hewlett-Packard 2007-12-21 20:47 131,348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-20 14:19 d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 d-------- C:\Program Files\SAA 2007-12-18 15:13 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft 2007-12-17 21:38 d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 20:44 d-------- C:\Program Files\MediaCoder 2007-12-13 17:10 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET 2007-12-05 22:05 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-12-05 22:05 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-12-05 18:38 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth 2007-12-05 18:30 d-------- C:\Program Files\IVT Corporation 2007-12-02 14:47 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-02 04:23 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-02 04:23 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-01 15:24 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-01 15:21 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-01 15:07 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-30 16:34 --------- d-------- C:\Program Files\ods 2008-01-29 23:13 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-01-29 22:50 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-29 17:46 --------- d-------- C:\Program Files\eMule 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-30 11:24 --------- d-------- C:\Program Files\%temp& 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-12-01 15:23 --------- d-------- C:\Program Files\Windows Live 2007-11-29 16:26 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++ 2007-11-29 16:25 --------- d-------- C:\Program Files\Notepad++ 2007-11-29 12:18 --------- d-------- C:\Program Files\MSXML 6.0 2007-11-29 12:00 --------- d-------- C:\Program Files\Reference Assemblies 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-10-31 00:23 3590656 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 18:20 360064 --a--c--- C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 23:43 1293824 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-29 23:43 1293824 --a------ C:\WINDOWS\system32\quartz.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0218AB7E-A0A7-4FF9-9A81-7A6D0ABD297E}] C:\WINDOWS\system32\yabxw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0847F084-37D5-4C58-82FA-2BBB74F04986}] 2008-01-31 13:26 336896 --a------ C:\WINDOWS\system32\sstqr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35468C33-B904-4260-9B8C-FFB953B2A270}] 2008-01-29 23:53 37888 --------- C:\WINDOWS\system32\urqqpol.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C51D889-0668-4EA1-A8C7-E6BB017906EB}] C:\WINDOWS\system32\gebca.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "BM3b7cc5a5"="C:\WINDOWS\system32\iisnojkk.dll" [] "384ff639"="C:\WINDOWS\system32 edghfgl.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "NTSpool"=NTSpool.exe "Windows Printing Driver"=WinPrint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] "{35468C33-B904-4260-9B8C-FFB953B2A270}"= C:\WINDOWS\system32\urqqpol.dll [2008-01-29 23:53 37888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqr R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys S2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys S2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" S2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s Contents of the 'Scheduled Tasks' folder 2008-01-31 13:47:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-31 14:54:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-01-31 14:58:48 C:\ComboFix-quarantined-files.txt ... 2008-01-31 14:57 C:\ComboFix2.txt ... 2008-01-31 05:51 C:\ComboFix3.txt ... 2008-01-30 23:20 --- E O F --- ____________________________________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:26:38, on 31/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\Scanneur.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {0218AB7E-A0A7-4FF9-9A81-7A6D0ABD297E} - C:\WINDOWS\system32\yabxw.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {27179C3E-676A-422C-BE40-046C078A151F} - C:\WINDOWS\system32\sstqr.dll O2 - BHO: (no name) - {35468C33-B904-4260-9B8C-FFB953B2A270} - C:\WINDOWS\system32\urqqpol.dll O2 - BHO: (no name) - {3C51D889-0668-4EA1-A8C7-E6BB017906EB} - C:\WINDOWS\system32\gebca.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BM3b7cc5a5] Rundll32.exe "C:\WINDOWS\system32\iisnojkk.dll",s O4 - HKLM\..\Run: [384ff639] rundll32.exe "C:\WINDOWS\system32 edghfgl.dll",b O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

ep44 · Answer

Bonsoir  Dangmart,
désolé de ne pas avoir répondu plus tôt, mais j'étais dans l'attente d'une aide 

selectionne ceci


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0218AB7E-A0A7-4FF9-9A81-7A6D0ABD297E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0847F084-37D5-4C58-82FA-2BBB74F04986}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35468C33-B904-4260-9B8C-FFB953B2A270}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C51D889-0668-4EA1-A8C7-E6BB017906EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM3b7cc5a5"=-
"384ff639"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"NTSpool"=-
"Windows Printing Driver"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35468C33-B904-4260-9B8C-FFB953B2A270}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

File::
C:\WINDOWS\system32qtss.ini2
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\urqqpol.dll
C:\WINDOWS\system32ar.exe

Folder::
C:\Program Files\\%temp&
C:\bin 



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

Dangmart · Answer

Ok, je le fais!

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-01-31 22:33:54.6 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.536 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32 qtss.ini2 C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\wxbay.ini2 C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32 ar.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\bin C:\Program Files\\%temp& C:\Program Files\\%temp&\bat.bat C:\Program Files\\%temp&\server.km92.reg C:\WINDOWS\system32 ar.exe C:\WINDOWS\system32 qtss.ini2 C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\urqqpol.dll C:\WINDOWS\system32\wxbay.ini2 ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))) 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2007-12-27 19:40 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys 2007-12-27 19:40 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys 2007-12-26 12:54 d-------- C:\WINDOWS\system32\NtmsData 2007-12-21 21:00 d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 d-------- C:\Program Files\Hewlett-Packard 2007-12-21 20:47 131,348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-20 14:19 d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 d-------- C:\Program Files\SAA 2007-12-18 15:13 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft 2007-12-17 21:38 d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 20:44 d-------- C:\Program Files\MediaCoder 2007-12-13 17:10 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET 2007-12-05 22:05 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-12-05 22:05 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-12-05 18:38 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth 2007-12-05 18:30 d-------- C:\Program Files\IVT Corporation 2007-12-02 14:47 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-02 04:23 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-02 04:23 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-01 15:24 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-01 15:21 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-01 15:07 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-31 20:49 --------- d-------- C:\Program Files\ods 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-29 23:13 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-01-29 22:50 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-29 17:46 --------- d-------- C:\Program Files\eMule 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-12-01 15:23 --------- d-------- C:\Program Files\Windows Live 2007-11-29 16:26 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Notepad++ 2007-11-29 16:25 --------- d-------- C:\Program Files\Notepad++ 2007-11-29 12:18 --------- d-------- C:\Program Files\MSXML 6.0 2007-11-29 12:00 --------- d-------- C:\Program Files\Reference Assemblies 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-10-31 00:23 3590656 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 18:20 360064 --a--c--- C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 23:43 1293824 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-29 23:43 1293824 --a------ C:\WINDOWS\system32\quartz.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s Contents of the 'Scheduled Tasks' folder 2008-01-31 21:48:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-31 22:47:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\Program Files\Internet Explorer\iexplore.exe [3692] 0x8758A790 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-01-31 22:52:46 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-01-31 22:52 C:\ComboFix2.txt ... 2008-01-31 14:58 C:\ComboFix3.txt ... 2008-01-31 05:51 --- E O F --- Et voilà!!

ep44 · Answer

Bonsoir refais un hijacvk stp
@+

Dangmart · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:18:30, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Scanneur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

ep44 · Answer

Bonjour 

relance hijack et coche ceci
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
	O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
ensuite clic sur fix checked 

ensuite 
Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport


dit moi aussi ou en sont tes soucis 
@+

Dangmart · Answer

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:27:30 02/02/2008

 + Résultat de l'analyse:	



C:\Documents and Settings\Gusanodx\Bureau\Download\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Aucune action entreprise.
:mozilla.531:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.532:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.310:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.311:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.312:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.313:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.316:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.317:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.318:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.319:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.320:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.321:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.322:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.323:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.324:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.325:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.326:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.327:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.328:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.329:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.330:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.331:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.332:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.333:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.334:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.335:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.336:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.337:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.338:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.339:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.340:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.341:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.342:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.343:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.344:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.345:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.346:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.347:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.740:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.817:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@112.2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@arpu.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.453:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.454:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.455:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.800:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adjuggler : Aucune action entreprise.
:mozilla.801:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adjuggler : Aucune action entreprise.
:mozilla.484:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.485:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.486:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.488:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.489:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.490:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@adrevolver[1].txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.201:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.202:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.141:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.142:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.143:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.682:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.230:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.130:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.131:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.132:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.133:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.134:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.296:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.297:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.298:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.299:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.300:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.301:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.699:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@ehg-citenumerique.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.314:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.315:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.386:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.388:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.637:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.98:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.192:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.814:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@questionmarket[2].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@revsci[1].txt -> TrackingCookie.Revsci : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@edge.ru4[2].txt -> TrackingCookie.Ru4 : Aucune action entreprise.
:mozilla.493:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.494:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.495:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.496:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.497:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.498:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.499:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.10:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.11:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.12:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.734:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.744:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@skype[2].txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.118:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.119:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.120:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.121:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.200:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.203:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.204:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.412:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.413:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.414:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.415:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.416:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.417:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.418:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.419:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.420:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.421:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.422:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.423:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.424:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.425:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.426:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.427:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.428:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.429:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.430:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.431:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.432:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.433:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.434:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.435:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.436:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.437:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.438:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.439:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.440:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.441:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.442:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.443:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.444:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.445:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.446:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.447:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.448:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@statcounter[2].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.866:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.867:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@tacoda[2].txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.101:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.102:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.462:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.180:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.181:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.182:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.227:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.220:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.221:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.222:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.223:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.224:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.225:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.226:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.6:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.7:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.8:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.9:C:\Program Files\MediaCoder\xulapp\Application Data\Mozilla\Firefox\Profiles\MediaCoder.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP422\A0094990.exe -> Trojan.Autoit.bg : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Bureau\TUTO-www.Jaxx21.com.rar/TUTO-www.Jaxx21.com\[TUTO] Downgrader 2.0 en 1.5\TEST-OK-JAXX21-DOWNGRADER1.50.rar/TEST-OK-JAXX21-DOWNGRADER1.50\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Bureau\TUTO-www.Jaxx21.com.rar/TUTO-www.Jaxx21.com\[TUTO] Downgrader 2.0 en 1.5\TEST-OK-JAXX21-DOWNGRADER1.50\TEST-OK-JAXX21-DOWNGRADER1.50\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Aucune action entreprise.
C:\Documents and Settings\Gusanodx\Bureau\TUTO-www.Jaxx21.com.rar/TUTO-www.Jaxx21.com\[TUTO] MPH_SXT Downgrader 1.0\-MPH_SXT-Downgrader1.0.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Aucune action entreprise.


Fin du rapport


Voilà, dis moi si tout est bon maintenant!
Aurais tu un conseil à me donner pour prendre un firewall qui prend peu de ressource?
Qu'est ce que je fait d'AVG et de Windefender?

ep44 · Answer

regarde ton rapport tu as aucune action entreprise 

tu dois le refaire et choisir supprimer 
poste le rapport

Dangmart · Answer

Je me remet en mode sans échec et en mettant quarantaine ou directement supprimé?
Et je refais un scan?

ep44 · Answer

oui refais un scan 
Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine

Dangmart · Answer

ok
Merci

Dangmart · Answer

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	16:26:47 02/02/2008

 + Résultat de l'analyse:	



C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP431\A0101795.exe -> Not-A-Virus.Hacktool.EvID : Nettoyé.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.33:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.30:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Gusanodx\Cookies\gusanodx@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.52:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.53:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.54:C:\Documents and Settings\Gusanodx\Application Data\Mozilla\Firefox\Profiles\uhjkhr94.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

Voilà le nouveau, je viens de penser que tout à l'heure, j'ai sauvegardé le rapport avant d'appliquer les actions!!


Tu ne pas pas répondu pour mes autres questions?

Merci d'avance!

ep44 · Answer

Désolé de ne pas t'avoir répondu :-)

pour le parefeu je te conseil zonealarm
https://www.malekal.com/tutoriel-zonealarm-firewall/

avg tu peux le garder 
windefender pas besoin si tu garde avg

maintenant on va faire un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
https://kerio.probb.fr/

@+

Dangmart · Answer

Ok très bien

Dangmart · Answer

BitDefender Online Scanner -Scan Report

BitDefender Online Scanner

Scan report generated at: Sat, Feb 02, 2008 - 20:35:27

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

Statistics
Time	02:07:42
Files	250139
Folders	9783
Boot Sectors	2
Archives	1771
Packed Files	12329

Results
Identified Viruses	5
Infected Files	10
Suspect Files	0
Warnings	0
Disinfected	0
Deleted Files	10

Engines Info
Virus Definitions	978731
Engine build	AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins	16
Archive plugins	41
Unpack plugins	7
E-mail plugins	6
System plugins	5

Scan Settings
First Action	Disinfect
Second Action	Delete
Heuristics	Yes
Enable Warnings	Yes
Scanned Extensions	*;
Exclude Extensions
Scan Emails	Yes
Scan Archives	Yes
Scan Packed	Yes
Scan Files	Yes
Scan Boot	Yes

Scanned File	Status
C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe=>(RAR Sfx o)	Infected with: Trojan.Bat.Sdel.B
C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe=>(RAR Sfx o)	Deleted
C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe	Update failed
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097412.exe	Infected with: DeepScan:Generic.Malware.SI!Bdldg.90D0490D
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097412.exe	Disinfection failed
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097412.exe	Deleted
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097440.dll	Infected with: Trojan.Vundo.DXQ
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097440.dll	Deleted
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097448.dll	Infected with: Trojan.Vundo.DXQ
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097448.dll	Deleted
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097454.dll	Infected with: Trojan.Vundo.DXH
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097454.dll	Deleted
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097508.dll	Infected with: Trojan.Vundo.DXO
C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097508.dll	Deleted
C:\VundoFix Backups\gebca.dll.bad	Infected with: Trojan.Vundo.DXO
C:\VundoFix Backups\gebca.dll.bad	Deleted
C:\VundoFix Backups\iisnojkk.dll.bad	Infected with: Trojan.Vundo.DXH
C:\VundoFix Backups\iisnojkk.dll.bad	Deleted
C:\VundoFix Backups\opnllmn.dll.bad	Infected with: Trojan.Vundo.DXQ
C:\VundoFix Backups\opnllmn.dll.bad	Deleted
C:\VundoFix Backups\xxyayxv.dll.bad	Infected with: Trojan.Vundo.DXQ
C:\VundoFix Backups\xxyayxv.dll.bad	Deleted

Dangmart · Answer

C'est pas très lisible!!

ep44 · Answer

C'est bon refais hijack stp

Dangmart · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:55, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\Scanneur.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

ep44 · Answer

est-ce que ceci te dit quelques chose?

Dangmart · Answer

Ceci quoi?
J'ai l'impression qu'il est revenu!

Mon ordi au démarrage à ralenti de nouveau, et il me dit qu'il y a pas de disque.
Que fais je?
Merci

ep44 · Answer

Bonjour excuse moi ceci
geca.cf.minaz.cu

si non relance hijack et coche ceci
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
	O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
	O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
	O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
	O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
ensuite clic sur fix checked 

regarde aussi ce lien et essaye de suivre les étapes 
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier



ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite
@+

Dangmart · Answer

Voilà j'ai tout fait mais en redémarrant Nod a détecté Virtumonde!! Il l'a mis en quarantaine!
Que se passe t'il? est ce version nouvelle de virtumonde ?
Ou dois je tout refaire?

Merci

ep44 · Answer

* Télécharge VirtumundoBeGone  sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 
* double-clic sur VirtumundoBeGone.exe
* Suis les instructions à l'écran
* Quand le scan est terminé, enregistre le rapport.
* Copie/Colle le ici
@+

Dangmart · Answer

[02/04/2008, 18:28:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gusanodx\Bureau\VirtumundoBeGone.exe" )
[02/04/2008, 18:28:47] - Detected System Information:
[02/04/2008, 18:28:47] -  Windows Version: 5.1.2600, Service Pack 2
[02/04/2008, 18:28:47] -  Current Username: Gusanodx (Admin)
[02/04/2008, 18:28:47] -  Windows is in NORMAL mode.
[02/04/2008, 18:28:48] - Searching for Browser Helper Objects:
[02/04/2008, 18:28:48] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/04/2008, 18:28:48] -  BHO 2: {20E3F852-9F8D-4DB9-8075-364F4929843B} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] -  Checking for HKLM\...\Winlogon\Notify\urqpp
[02/04/2008, 18:28:48] -  Key not found: HKLM\...\Winlogon\Notify\urqpp, continuing.
[02/04/2008, 18:28:48] -  BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/04/2008, 18:28:48] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/04/2008, 18:28:48] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/04/2008, 18:28:48] -  BHO 6: {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] -  Checking for HKLM\...\Winlogon\Notify\rqrrrsr
[02/04/2008, 18:28:48] -  Found: HKLM\...\Winlogon\Notify\rqrrrsr - This is probably Virtumundo.
[02/04/2008, 18:28:48] -  Assigning {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6} MSEvents Object
[02/04/2008, 18:28:48] - BHO list has been changed! Starting over...
[02/04/2008, 18:28:48] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/04/2008, 18:28:48] -  BHO 2: {20E3F852-9F8D-4DB9-8075-364F4929843B} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] -  Checking for HKLM\...\Winlogon\Notify\urqpp
[02/04/2008, 18:28:48] -  Key not found: HKLM\...\Winlogon\Notify\urqpp, continuing.
[02/04/2008, 18:28:48] -  BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/04/2008, 18:28:48] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/04/2008, 18:28:48] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/04/2008, 18:28:48] -  BHO 6: {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6} (MSEvents Object)
[02/04/2008, 18:28:48] - ALERT: Found MSEvents Object!
[02/04/2008, 18:28:48] -  BHO 7: {f66b36a0-d308-4397-9126-dcb6ad2f5220} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] -  Checking for HKLM\...\Winlogon\Notify\ocywekqt
[02/04/2008, 18:28:48] -  Key not found: HKLM\...\Winlogon\Notify\ocywekqt, continuing.
[02/04/2008, 18:28:48] - Finished Searching Browser Helper Objects
[02/04/2008, 18:28:48] - *** Detected MSEvents Object
[02/04/2008, 18:28:48] - Trying to remove MSEvents Object...
[02/04/2008, 18:28:49] -    Terminating Process: IEXPLORE.EXE
[02/04/2008, 18:28:50] -    Terminating Process: RUNDLL32.EXE
[02/04/2008, 18:28:51] -    Disabling Automatic Shell Restart
[02/04/2008, 18:28:51] -    Terminating Process: EXPLORER.EXE
[02/04/2008, 18:28:52] -    Suspending the NT Session Manager System Service
[02/04/2008, 18:28:53] -    Terminating Windows NT Logon/Logoff Manager
[02/04/2008, 18:28:54] -    Re-enabling Automatic Shell Restart
[02/04/2008, 18:28:54] -   File to disable: C:\WINDOWS\system32\rqrrrsr.dll
[02/04/2008, 18:28:54] -  Renaming C:\WINDOWS\system32\rqrrrsr.dll -> C:\WINDOWS\system32\rqrrrsr.dll.vir
[02/04/2008, 18:29:08] -  File successfully renamed!
[02/04/2008, 18:29:08] -   Removing HKLM\...\Browser Helper Objects\{A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}
[02/04/2008, 18:29:08] -   Removing HKCR\CLSID\{A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}
[02/04/2008, 18:29:08] -   Adding Kill Bit for ActiveX for GUID: {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}
[02/04/2008, 18:29:08] -   Deleting ATLEvents/MSEvents Registry entries
[02/04/2008, 18:29:08] -   Removing HKLM\...\Winlogon\Notify\rqrrrsr
[02/04/2008, 18:29:08] - Searching for Browser Helper Objects:
[02/04/2008, 18:29:08] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/04/2008, 18:29:08] -  BHO 2: {20E3F852-9F8D-4DB9-8075-364F4929843B} ()
[02/04/2008, 18:29:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:29:08] -  Checking for HKLM\...\Winlogon\Notify\urqpp
[02/04/2008, 18:29:08] -  Key not found: HKLM\...\Winlogon\Notify\urqpp, continuing.
[02/04/2008, 18:29:08] -  BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/04/2008, 18:29:08] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/04/2008, 18:29:08] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/04/2008, 18:29:08] -  BHO 6: {f66b36a0-d308-4397-9126-dcb6ad2f5220} ()
[02/04/2008, 18:29:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:29:08] -  Checking for HKLM\...\Winlogon\Notify\ocywekqt
[02/04/2008, 18:29:08] -  Key not found: HKLM\...\Winlogon\Notify\ocywekqt, continuing.
[02/04/2008, 18:29:08] - Finished Searching Browser Helper Objects
[02/04/2008, 18:29:08] - Finishing up...
[02/04/2008, 18:29:08] - A restart is needed.
[02/04/2008, 18:33:12] - Attempting to Restart via STOP error (Blue Screen!)

Voilà j'espère que c'est bon! parce ça a rebooté tout de suite!

ep44 · Answer

pour vérif refais combofix stp
@+

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-02-05 15:10:21.7 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.373 [GMT 1:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Gusanodx\APPLIC~1\addon.dat ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))) 2008-02-04 19:45 88,128 --a------ C:\WINDOWS\system32\lcoaffui.dll 2008-02-04 19:43 93,248 --a------ C:\WINDOWS\system32\fbrrscgj.dll 2008-02-04 18:24 41,984 --a------ C:\WINDOWS\system32\xxyyawt.dll 2008-02-04 17:49 41,984 --a------ C:\WINDOWS\system32\mljgedc.dll 2008-02-04 01:09 88,640 --------- C:\WINDOWS\system32\udbgoaxk.dll 2008-02-04 01:06 92,736 --a------ C:\WINDOWS\system32\ocywekqt.dll 2008-02-04 01:03 372,073 --ahs---- C:\WINDOWS\system32\ppqru.ini2 2008-02-04 01:03 343,040 --a------ C:\WINDOWS\system32\urqpp.dll 2008-02-04 00:59 37,888 --a------ C:\WINDOWS\system32 ar.exe 2008-02-04 00:59 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe 2008-02-04 00:57 41,984 --a------ C:\WINDOWS\system32\cbxyvus.dll 2008-02-04 00:56 41,984 --a------ C:\WINDOWS\system32 qrrrsr.dll.vir 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-05 15:21 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-05 12:29 --------- d-------- C:\Program Files\eMule 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-02-04 00:56 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe 2008-02-02 16:51 --------- d-------- C:\Program Files\ods 2008-02-02 10:28 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-12-05 18:30 --------- d-------- C:\Program Files\IVT Corporation 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6257a84b-6690-475e-b020-c2516b70c94a}] 2008-02-04 19:43 93248 --a------ C:\WINDOWS\system32\fbrrscgj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6646DFB3-3CCC-4C15-8AB7-56E77282F081}] 2008-02-04 01:03 343040 --a------ C:\WINDOWS\system32\urqpp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "384ff639"="C:\WINDOWS\system32\lcoaffui.dll" [2008-02-04 19:46] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "WinUpdating"=WinUpdating.exe "Windows Printing Driver"=WinSpooler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqpp R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-05 15:25:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000056a scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-05 15:32:20 C:\ComboFix-quarantined-files.txt ... 2008-02-05 15:31 C:\ComboFix2.txt ... 2008-01-31 22:52 C:\ComboFix3.txt ... 2008-01-31 14:58 --- E O F --- Voilà Docteur!!LOL Est-ce grave!

ep44 · Answer

Bonsoir 

décidément très coriace :-(

sélectionne ceci 

Registry::


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6257a84b-6690-475e-b020-c2516b70c94a}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6646DFB3-3CCC-4C15-8AB7-56E77282F081}] 



File::

C:\WINDOWS\system32\lcoaffui.dll 
C:\WINDOWS\system32\fbrrscgj.dll 
C:\WINDOWS\system32\xxyyawt.dll 
C:\WINDOWS\system32\mljgedc.dll 
C:\WINDOWS\system32\udbgoaxk.dll 
C:\WINDOWS\system32\ocywekqt.dll 
C:\WINDOWS\system32\ppqru.ini2
C:\WINDOWS\system32\urqpp.dll
C:\WINDOWS\system32\WinSpooler.exe 
C:\WINDOWS\system32\cbxyvus.dll
C:\WINDOWS\system32\rqrrrsr.dll.vir 
C:\WINDOWS\system32\rar.exe 

   

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-02-06 1:19:24.8 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.446 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\lcoaffui.dll C:\WINDOWS\system32\fbrrscgj.dll C:\WINDOWS\system32\xxyyawt.dll C:\WINDOWS\system32\mljgedc.dll C:\WINDOWS\system32\udbgoaxk.dll C:\WINDOWS\system32\ocywekqt.dll C:\WINDOWS\system32\ppqru.ini2 C:\WINDOWS\system32\urqpp.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\cbxyvus.dll C:\WINDOWS\system32 qrrrsr.dll.vir C:\WINDOWS\system32 ar.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\cbxyvus.dll C:\WINDOWS\system32\fbrrscgj.dll C:\WINDOWS\system32\lcoaffui.dll C:\WINDOWS\system32\mljgedc.dll C:\WINDOWS\system32\ocywekqt.dll C:\WINDOWS\system32\ppqru.ini2 C:\WINDOWS\system32 ar.exe C:\WINDOWS\system32 qrrrsr.dll.vir C:\WINDOWS\system32\urqpp.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\xxyyawt.dll ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) 2008-02-05 21:51 39,424 --a------ C:\WINDOWS\system32\byxxywu.dll 2008-02-05 20:31 90,688 --a------ C:\WINDOWS\system32\hygtcdrd.dll 2008-02-05 20:28 94,272 --a------ C:\WINDOWS\system32\bhpqpesn.dll 2008-02-05 19:43 39,424 --a------ C:\WINDOWS\system32\jkkljhi.dll 2008-02-05 19:11 276,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-05 18:56 39,424 --a------ C:\WINDOWS\system32\hgghhgd.dll 2008-02-05 18:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-05 18:40 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-05 18:38 d-------- C:\WINDOWS\Internet Logs 2008-02-05 17:05 39,424 --a------ C:\WINDOWS\system32\pmnmnop.dll 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-06 02:00 4244 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-05 12:29 --------- d-------- C:\Program Files\eMule 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-02-04 00:56 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe 2008-02-02 16:51 --------- d-------- C:\Program Files\ods 2008-02-02 10:28 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a9a3128a-3777-4f02-81bc-d5503d8a6146}] 2008-02-05 20:29 94272 --a------ C:\WINDOWS\system32\bhpqpesn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5D55A23-DBA5-4055-A53D-550462125BDE}] 2008-02-05 17:05 39424 --a------ C:\WINDOWS\system32\pmnmnop.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "WinUpdating"=WinUpdating.exe "Windows Printing Driver"=WinSpooler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] "{F5D55A23-DBA5-4055-A53D-550462125BDE}"= C:\WINDOWS\system32\pmnmnop.dll [2008-02-05 17:05 39424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\pmnmnop] pmnmnop.dll 2008-02-05 17:05 39424 C:\WINDOWS\system32\pmnmnop.dll R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 02:07:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000223 "TracesSuccessful"=dword:00000062 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-06 2:37:52 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-02-06 02:36 C:\ComboFix2.txt ... 2008-02-05 15:32 C:\ComboFix3.txt ... 2008-01-31 22:52 --- E O F --- Bonjour, est ce que le trojan revient car j'ai 2 disques dur externe, une clè USB, et un lecteur Mp3? Je ne les ai pas scaner!

ep44 · Answer

Bonsoir 

incroyable il revient 
mais surement de ma faute j'ai oublié une ligne 
désolé on recommence 

selectionne ceci 

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a9a3128a-3777-4f02-81bc-d5503d8a6146}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5D55A23-DBA5-4055-A53D-550462125BDE}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\pmnmnop] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F5D55A23-DBA5-4055-A53D-550462125BDE}"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



File::

C:\WINDOWS\system32\byxxywu.dll 
C:\WINDOWS\system32\hygtcdrd.dll 
C:\WINDOWS\system32\bhpqpesn.dll
C:\WINDOWS\system32\jkkljhi.dll 
C:\WINDOWS\system32\hgghhgd.dl
C:\WINDOWS\system32\pmnmnop.dll



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-02-07 20:39:48.9 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.390 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\byxxywu.dll C:\WINDOWS\system32\hygtcdrd.dll C:\WINDOWS\system32\bhpqpesn.dll C:\WINDOWS\system32\jkkljhi.dll C:\WINDOWS\system32\hgghhgd.dl C:\WINDOWS\system32\pmnmnop.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bhpqpesn.dll C:\WINDOWS\system32\byxxywu.dll C:\WINDOWS\system32\hygtcdrd.dll C:\WINDOWS\system32\jkkljhi.dll C:\WINDOWS\system32\pmnmnop.dll ((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))) 2008-02-07 10:47 88,640 --a------ C:\WINDOWS\system32\ccqxcloe.dll 2008-02-07 10:45 92,224 --a------ C:\WINDOWS\system32\lcffshdl.dll 2008-02-06 10:44 94,272 --a------ C:\WINDOWS\system32\xuivolyp.dll 2008-02-06 10:43 394,335 --ahs---- C:\WINDOWS\system32\ehkkj.ini2 2008-02-06 10:42 263,168 --a------ C:\WINDOWS\system32\jkkhe.dll 2008-02-05 19:11 815,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-05 18:56 39,424 --a------ C:\WINDOWS\system32\hgghhgd.dll 2008-02-05 18:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-05 18:40 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-05 18:38 d-------- C:\WINDOWS\Internet Logs 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-07 21:00 11648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-07 09:03 --------- d-------- C:\Program Files\eMule 2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-02-04 00:56 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe 2008-02-02 16:51 --------- d-------- C:\Program Files\ods 2008-02-02 10:28 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works 2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild 2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c0e8b9b-c62c-4c3e-8b3a-c5a75deacb7a}] 2008-02-07 10:46 92224 --a------ C:\WINDOWS\system32\lcffshdl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F2EA671-3DB0-4849-81C9-CBA6376AE75F}] 2008-02-06 10:43 263168 --a------ C:\WINDOWS\system32\jkkhe.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27] "384ff639"="C:\WINDOWS\system32\ccqxcloe.dll" [2008-02-07 10:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "WinUpdating"=WinUpdating.exe "Windows Printing Driver"=WinSpooler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 21:06:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-07 21:17:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-02-07 21:16 C:\ComboFix2.txt ... 2008-02-06 02:37 C:\ComboFix3.txt ... 2008-02-05 15:32 --- E O F --- Merci, j'espere que c'est bon maintenant!! @+

ep44 · Answer

Bonsoir 

bon je redemande de l'aide car je n'arrive pas à supprimer cette saloperie 
patiente un stp 
@+

ep44 · Answer

Bonsoir  Dangmart,

J'ai du mal à supprimer cette infections :-(
suite à des conseils de personnes très compétentes et très agréables 
je te propose de suivre las manips suivantes 

 Relance Vundofix
=Ne clique pas sur "Scan for a vundo"
=Clique droit au milieu de la fenêtre
=Clique sur Add more files ?
=Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\jkkhe.dll
C:\WINDOWS\system32\ehkkj.*



=Clique sur Add files
=Ensuite clique sur Close Windows
=Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
=Si l'outil demande un redémarrage, accepte
=Poste le rapport Vundofix,


ensuite 

selectionne ceci 



 registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c0e8b9b-c62c-4c3e-8b3a-c5a75deacb7a}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F2EA671-3DB0-4849-81C9-CBA6376AE75F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"384ff639"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdating"=-
"Windows Printing Driver"=-



File::

C:\WINDOWS\system32\ccqxcloe.dll
C:\WINDOWS\system32\lcffshdl.dll
C:\WINDOWS\system32\xuivolyp.dll
C:\WINDOWS\system32\ehkkj.ini2
C:\WINDOWS\system32\jkkhe.dll
C:\WINDOWS\system32\hgghhgd.dll

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

Dangmart · Answer

Je tiens particulièrement a te remercier ep44, ainsi que toutes les autres a qui, toi aussi tu demandes conseils!!   

Beginning removal...

Performing Repairs to the registry.
Done!

J'ai du le faire 2 fois car au début soit ça n'a pas marché ou bien j'ai du faire une bétise!!DSL

ep44 · Answer

Bonsoir 

essaye de refaire la manip regarde bien ce qui est marqué ;-)
@+

Dangmart · Answer

Bonsoir, ComboFix 07-08-09.3 - "Gusanodx" 2008-02-08 23:30:34.10 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.537 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\ccqxcloe.dll C:\WINDOWS\system32\lcffshdl.dll C:\WINDOWS\system32\xuivolyp.dll C:\WINDOWS\system32\ehkkj.ini2 C:\WINDOWS\system32\jkkhe.dll C:\WINDOWS\system32\hgghhgd.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ehkkj.ini2 C:\WINDOWS\system32\hgghhgd.dll C:\WINDOWS\system32\lcffshdl.dll C:\WINDOWS\system32\xuivolyp.dll ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) 2008-02-08 23:17 45,056 --a------ C:\WINDOWS\system32\jkkllih.dll 2008-02-08 22:35 45,056 --a------ C:\WINDOWS\system32\gebywuu.dll 2008-02-08 21:16 88,640 --a------ C:\WINDOWS\system32\jcjiauub.dll 2008-02-08 21:13 94,784 --a------ C:\WINDOWS\system32\bjsvrhfw.dll 2008-02-08 20:13 45,056 --a------ C:\WINDOWS\system32\khfghff.dll 2008-02-08 19:28 45,056 --a------ C:\WINDOWS\system32\opnnmnl.dll 2008-02-08 14:35 45,056 --a------ C:\WINDOWS\system32\xxyaaax.dll 2008-02-08 14:31 45,056 --a------ C:\WINDOWS\system32\qomjifc.dll 2008-02-08 13:14 94,784 --a------ C:\WINDOWS\system32\gtnhimnf.dll 2008-02-08 13:13 38,400 --a------ C:\WINDOWS\system32\efcccab.dll 2008-02-08 12:32 38,400 --a------ C:\WINDOWS\system32\mljkkli.dll 2008-02-08 12:30 94,784 --a------ C:\WINDOWS\system32\dkirlblq.dll 2008-02-08 12:21 38,400 --a------ C:\WINDOWS\system32\hgghggg.dll 2008-02-08 09:48 38,400 --a------ C:\WINDOWS\system32\efcbccd.dll 2008-02-08 09:29 38,400 --a------ C:\WINDOWS\system32\efcayaw.dll 2008-02-08 00:23 38,400 --a------ C:\WINDOWS\system32 qrrsqn.dll 2008-02-07 22:14 41,472 --a------ C:\WINDOWS\system32\awtturo.dll 2008-02-07 21:28 95,808 --a------ C:\WINDOWS\system32 uxtbwtt.dll 2008-02-07 21:21 41,472 --a------ C:\WINDOWS\system32\cbxuust.dll 2008-02-05 19:11 1,204,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-05 18:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-05 18:40 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-05 18:38 d-------- C:\WINDOWS\Internet Logs 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-08 23:51 16208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-08 19:44 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-02-08 19:25 --------- d-------- C:\Program Files\ods 2008-02-08 13:12 749568 --a------ C:\WINDOWS\system32\WinUpdating.exe 2008-02-07 09:03 --------- d-------- C:\Program Files\eMule 2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{454F2F1C-27F7-429B-966D-F4F564446A1C}] C:\WINDOWS\system32\jkkhe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A00CA75C-DEDD-4474-9088-5D6363D69338}] 2008-02-07 21:21 41472 --a------ C:\WINDOWS\system32\cbxuust.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8768278-ec29-44e1-8667-8cc72077cc42}] 2008-02-08 21:14 94784 --a------ C:\WINDOWS\system32\bjsvrhfw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] "{A00CA75C-DEDD-4474-9088-5D6363D69338}"= C:\WINDOWS\system32\cbxuust.dll [2008-02-07 21:21 41472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cbxuust] cbxuust.dll 2008-02-07 21:21 41472 C:\WINDOWS\system32\cbxuust.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkhe.dll R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 23:58:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000001b3 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-09 0:22:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-02-09 00:21 --- E O F --- je croise les doigts............ Est ce que ça a marché? Le rapport de vundo est tout petit c'est normal?

Dangmart · Answer

Non ça n'a pas marché car une fenêtre vient de s'ouvrir!!    ZUUUUUUUUUUUUUUUUUUUUT

ep44 · Answer

Bonjour Dangmart,

non ça na pas marcher 
je pense que la manip avec vundofix as était loupé 
car tu aurais du avoir un rapport de vundo 

je suis absent pour la journée je te répond ce soir 
essaye de suivre ce qui suit et il faut tout les  rapports stp

selectionne ceci

registry::

 [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cbxuust] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A00CA75C-DEDD-4474-9088-5D6363D69338}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8768278-ec29-44e1-8667-8cc72077cc42}] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A00CA75C-DEDD-4474-9088-5D6363D69338}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{454F2F1C-27F7-429B-966D-F4F564446A1C}



File::

C:\WINDOWS\system32\jkkllih.dll
C:\WINDOWS\system32\gebywuu.dll
C:\WINDOWS\system32\jcjiauub.dll
C:\WINDOWS\system32\bjsvrhfw.dll
C:\WINDOWS\system32\khfghff.dll
C:\WINDOWS\system32\opnnmnl.dll
C:\WINDOWS\system32\xxyaaax.dll
C:\WINDOWS\system32\qomjifc.dll
C:\WINDOWS\system32\gtnhimnf.dll
C:\WINDOWS\system32\efcccab.dll
C:\WINDOWS\system32\mljkkli.dll
C:\WINDOWS\system32\dkirlblq.dll
C:\WINDOWS\system32\hgghggg.dll
C:\WINDOWS\system32\efcbccd.dll
C:\WINDOWS\system32\efcayaw.dll
C:\WINDOWS\system32qrrsqn.dll
C:\WINDOWS\system32\awtturo.dll
C:\WINDOWS\system32	uxtbwtt.dll
C:\WINDOWS\system32\cbxuust.dll 



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ensuite 

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt


ensuite un nouveau hijack stp 

bon courage ;-)

@+

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-02-09 19:57:33.11 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.522 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\jkkllih.dll C:\WINDOWS\system32\gebywuu.dll C:\WINDOWS\system32\jcjiauub.dll C:\WINDOWS\system32\bjsvrhfw.dll C:\WINDOWS\system32\khfghff.dll C:\WINDOWS\system32\opnnmnl.dll C:\WINDOWS\system32\xxyaaax.dll C:\WINDOWS\system32\qomjifc.dll C:\WINDOWS\system32\gtnhimnf.dll C:\WINDOWS\system32\efcccab.dll C:\WINDOWS\system32\mljkkli.dll C:\WINDOWS\system32\dkirlblq.dll C:\WINDOWS\system32\hgghggg.dll C:\WINDOWS\system32\efcbccd.dll C:\WINDOWS\system32\efcayaw.dll C:\WINDOWS\system32 qrrsqn.dll C:\WINDOWS\system32\awtturo.dll C:\WINDOWS\system32 uxtbwtt.dll C:\WINDOWS\system32\cbxuust.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\awtturo.dll C:\WINDOWS\system32\bjsvrhfw.dll C:\WINDOWS\system32\cbxuust.dll C:\WINDOWS\system32\dkirlblq.dll C:\WINDOWS\system32\efcayaw.dll C:\WINDOWS\system32\efcbccd.dll C:\WINDOWS\system32\efcccab.dll C:\WINDOWS\system32\gebywuu.dll C:\WINDOWS\system32\gtnhimnf.dll C:\WINDOWS\system32\hgghggg.dll C:\WINDOWS\system32\jcjiauub.dll C:\WINDOWS\system32\jkkllih.dll C:\WINDOWS\system32\khfghff.dll C:\WINDOWS\system32\mljkkli.dll C:\WINDOWS\system32\opnnmnl.dll C:\WINDOWS\system32\qomjifc.dll C:\WINDOWS\system32 qrrsqn.dll C:\WINDOWS\system32 uxtbwtt.dll C:\WINDOWS\system32\xxyaaax.dll ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) 2008-02-09 01:11 88,640 --a------ C:\WINDOWS\system32\gbsaqfib.dll 2008-02-09 01:06 94,784 --a------ C:\WINDOWS\system32\flcqovyx.dll 2008-02-09 01:05 417,402 --ahs---- C:\WINDOWS\system32\yceeg.ini2 2008-02-09 01:04 338,432 --a------ C:\WINDOWS\system32\geecy.dll 2008-02-05 19:11 1,456,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-05 18:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-05 18:40 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-05 18:38 d-------- C:\WINDOWS\Internet Logs 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-24 10:21 352 --ah----- C:\WINDOWS od32fixtemdono.reg 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-09 20:19 19064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-08 19:44 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-02-08 19:25 --------- d-------- C:\Program Files\ods 2008-02-08 13:12 749568 --a------ C:\WINDOWS\system32\WinUpdating.exe 2008-02-07 09:03 --------- d-------- C:\Program Files\eMule 2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{577FAF42-7235-4C81-A853-DCAAD75E3175}] 2008-02-09 01:04 338432 --a------ C:\WINDOWS\system32\geecy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{adee5683-00a8-4425-b39d-57b32dfe37e5}] 2008-02-09 01:06 94784 --a------ C:\WINDOWS\system32\flcqovyx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27] "384ff639"="C:\WINDOWS\system32\gbsaqfib.dll" [2008-02-09 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geecy.dll R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 20:46:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-09 21:13:14 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-02-09 21:12 C:\ComboFix2.txt ... 2008-02-09 00:22 --- E O F --- Et je fais la suite!

ep44 · Answer

Bonjour  Dangmart,

J'attends le reste de tes rapports ;-)

Bon dimanche 

@+

ps: fait aussi ceci stp 
* Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) 
http://www.malekal.com/download/DiagHelp.zip

Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd(le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.

* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

Dangmart · Answer

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.10

Scan started at 22:04:14 09/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\bifqasbg.ini
C:\WINDOWS\system32\flcqovyx.dll
C:\WINDOWS\system32\gbsaqfib.dll
C:\WINDOWS\system32\geecy.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\bifqasbg.ini
C:\WINDOWS\system32\bifqasbg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\flcqovyx.dll
C:\WINDOWS\system32\flcqovyx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gbsaqfib.dll
C:\WINDOWS\system32\gbsaqfib.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\geecy.dll
C:\WINDOWS\system32\geecy.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.10

Scan started at 03:23:39 10/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\kecdpdwy.dll
C:\WINDOWS\system32\pkhxnpmx.dll
C:\WINDOWS\system32\xmpnxhkp.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\kecdpdwy.dll
C:\WINDOWS\system32\kecdpdwy.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pkhxnpmx.dll
C:\WINDOWS\system32\pkhxnpmx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xmpnxhkp.ini
C:\WINDOWS\system32\xmpnxhkp.ini Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:08, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {577FAF42-7235-4C81-A853-DCAAD75E3175} - C:\WINDOWS\system32\geecy.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {a1a1fbd0-7838-274a-4784-a21cd9340e5e} - {e5e0439d-c12a-4874-a472-83870dbf1a1a} - C:\WINDOWS\system32\kecdpdwy.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [384ff639] rundll32.exe "C:\WINDOWS\system32\pkhxnpmx.dll",b
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Dangmart · Answer

DiagHelp version v1.4 - http://www.malekal.com excute le 10/02/2008 à 13:47:23,60 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10/02/2008 13:47:01 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10/02/2008 13:46:58 C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf -->10/02/2008 13:46:25 C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf -->10/02/2008 13:46:23 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->10/02/2008 13:46:16 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->10/02/2008 13:45:58 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->10/02/2008 13:40:19 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->10/02/2008 13:40:06 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->10/02/2008 13:39:58 C:\WINDOWS\prefetch\SCANNEUR.EXE-003C034F.pf -->10/02/2008 13:39:32 C:\WINDOWS\System32\drivers\fidbox.dat -->10/02/2008 13:46:53 C:\WINDOWS\System32\drivers\fidbox.idx -->10/02/2008 05:18:46 C:\WINDOWS\System32\drivers\adidsl.cfg -->16/01/2008 16:50:53 C:\WINDOWS\System32\drivers\epfwtdir.sys -->21/12/2007 08:21:56 C:\WINDOWS\System32\drivers\easdrv.sys -->21/12/2007 08:20:14 C:\WINDOWS\System32\drivers\eamon.sys -->21/12/2007 08:19:54 C:\WINDOWS\System32\drivers\sptd.sys -->18/12/2007 15:08:37 C:\WINDOWS\System32\vsconfig.xml -->10/02/2008 05:20:45 C:\WINDOWS\System32\VundoFixSVC.exe -->10/02/2008 05:16:16 C:\WINDOWS\System32\yceeg.ini -->10/02/2008 03:18:51 C:\WINDOWS\System32\yceeg.ini2 -->10/02/2008 03:16:33 C:\WINDOWS\System32\ehkkj.ini -->08/02/2008 22:22:22 C:\WINDOWS\System32\uepvwrjd.ini -->08/02/2008 21:18:47 C:\WINDOWS\System32\buuaijcj.ini -->08/02/2008 21:18:22 C:\WINDOWS\System32\WinUpdating.exe -->08/02/2008 13:12:40 C:\WINDOWS\System32\dbyvwuoy.ini -->08/02/2008 12:34:24 C:\WINDOWS\System32\bxgenmss.ini -->08/02/2008 12:05:14 C:\WINDOWS\System32\eolcxqcc.ini -->07/02/2008 21:19:10 C:\WINDOWS\System32\wpa.dbl -->07/02/2008 21:02:55 C:\WINDOWS\System32\mmhxfujp.ini -->06/02/2008 10:50:31 C:\WINDOWS\System32\ppqru.ini -->06/02/2008 01:54:01 C:\WINDOWS\System32\iuffaocl.ini -->05/02/2008 20:33:39 C:\WINDOWS\System32\drdctgyh.ini -->05/02/2008 20:33:04 C:\WINDOWS\System32\zllictbl.dat -->05/02/2008 18:59:27 C:\WINDOWS\System32\kxaogbdu.ini -->04/02/2008 19:48:07 C:\WINDOWS\System32 qtss.ini -->31/01/2008 22:39:26 C:\WINDOWS\System32\mcrh.tmp -->31/01/2008 14:41:23 C:\WINDOWS\System32\wxbay.ini -->31/01/2008 05:01:27 C:\WINDOWS\System32 stss.ini -->29/01/2008 23:08:56 C:\WINDOWS\System32\pcvkbptu.ini -->29/01/2008 18:46:13 C:\WINDOWS\System32\perfh00C.dat -->28/01/2008 23:03:58 C:\WINDOWS\System32\perfh009.dat -->28/01/2008 23:03:58 C:\WINDOWS\WindowsUpdate.log -->10/02/2008 13:34:17 C:\WINDOWS\wiadebug.log -->10/02/2008 05:20:25 C:\WINDOWS\wiaservc.log -->10/02/2008 05:20:16 C:\WINDOWS\0.log -->10/02/2008 05:20:01 C:\WINDOWS\bootstat.dat -->10/02/2008 05:19:57 C:\WINDOWS\SchedLgU.Txt -->09/02/2008 20:19:26 C:\WINDOWS\cookies.ini -->09/02/2008 10:12:31 C:\WINDOWS\wmsetup.log -->08/02/2008 12:46:35 C:\WINDOWS\setupapi.log -->06/02/2008 12:33:34 C:\WINDOWS tbtlog.txt -->02/02/2008 15:18:29 C:\WINDOWS\win.ini -->02/02/2008 01:59:47 C:\WINDOWS\system.ini -->31/01/2008 05:20:30 C:\WINDOWS\BM3b7cc5a5.xml -->31/01/2008 04:49:48 C:\WINDOWS\pskt.ini -->31/01/2008 03:31:23 C:\WINDOWS\msnfix.txt -->29/01/2008 14:36:13 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 3016 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x009b0000 0x1c000 11.01.0000.2021 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL 0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL 0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll 0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x63000000 0x13000 7.12.0007.0000 C:\WINDOWS\system32\SynTPFcs.dll 0x66b40000 0x17d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL 0x02f20000 0x1a5000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\1036\GrooveIntlResource.dll 0x4b4f0000 0x86000 5.41.0015.1514 C:\WINDOWS\system32\MSFTEDIT.DLL 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03e90000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x029d0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x1c000000 0x6000 C:\WINDOWS\HKNTDLL.dll 0x01150000 0x2c000 C:\Program Files\WinRAR arext.dll 0x00ec0000 0x6000 1.02.0001.0000 C:\Program Files\Notepad++ ppcm.dll 0x10000000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x01280000 0xb000 7.00.0462.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll 0x01290000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll 0x22000000 0x2e000 3.00.0621.0000 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll 0x028b0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x024d0000 0x4b000 6.00.5824.16387 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 0x019a0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1140 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x10000 6.14.0010.4114 C:\WINDOWS\system32\Ati2evxx.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\WINDOWS\system32 05/08/2004 13:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 1 764 663 296 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\WINDOWS\Downloaded Program Files 02/02/2008 18:26 . 02/02/2008 18:26 .. 02/02/2008 18:27 CONFLICT.1 27/11/2006 21:17 65 desktop.ini 17/07/2007 09:20 378 ImageUploader4.inf 17/07/2007 09:22 2 635 312 ImageUploader4.ocx 25/10/2007 16:54 471 040 oscan8.ocx 09/11/2006 14:36 5 019 swflash.inf 15/10/2007 10:02 465 472 wlscBase.dll 15/10/2007 10:11 320 wlscBase.inf 26/05/2005 04:19 291 wuweb.inf 8 fichier(s) 3 577 897 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 02/02/2008 18:27 . 02/02/2008 18:27 .. 09/01/2008 15:01 1 244 oscan8.inf 09/01/2008 15:01 471 040 oscan8.ocx 2 fichier(s) 472 284 octets Total des fichiers listés : 10 fichier(s) 4 050 181 octets 5 Rép(s) 1 764 663 296 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 13:51:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. IPC error: 2 Le fichier spécifié est introuvable. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:0ebe798e "s2"=dword:fa21a20f "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 540 - LVPrcSrv.exe 632 - guard.exe 684 - GrooveMonitor.e 708 - ekrn.exe 732 - alg.exe 756 - LVComSer.exe 1060 - slserv.exe 1116 - csrss.exe 1140 - winlogon.exe 1188 - services.exe 1200 - lsass.exe 1248 - ctfmon.exe 1356 - ati2evxx.exe 1372 - svchost.exe 1448 - svchost.exe 1496 - svchost.exe 1556 - SynTPLpr.exe 1576 - svchost.exe 1616 - searchindexer.e 1732 - SynTPEnh.exe 1748 - svchost.exe 1876 - vsmon.exe 2080 - mHotkey.exe 2136 - Application Lau 2212 - hpqste08.exe 2256 - msnmsgr.exe 2332 - epmworker.exe 2460 - msmsgs.exe 2504 - Quickcam.exe 2592 - daemon.exe 2636 - Communications_ 2768 - ati2evxx.exe 2852 - egui.exe 2980 - Generic.exe 3012 - Wificard.exe 3016 - explorer.exe 3080 - COCIManager.exe 3412 - dslmon.exe 3432 - hpqtra08.exe 3492 - WinCinemaMgr.ex 3640 - WindowsSearch.e 3664 - avgas.exe 3688 - qttask.exe 3748 - zlclient.exe 3984 - AnyDVD.exe 60324 - iexplore.exe 61084 - cmd.exe Total number of processes = 48 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 toskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F7CAE000 - \WINDOWS\system32\KDCOM.DLL F7BBE000 - \WINDOWS\system32\BOOTVID.dll F76A3000 - sptd.sys F7CB0000 - \WINDOWS\System32\Drivers\WMILIB.SYS F768B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F765C000 - ACPI.sys F764B000 - pci.sys F77AE000 - ohci1394.sys F77BE000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F77CE000 - isapnp.sys F7BC2000 - compbatt.sys F7BC6000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F7CB2000 - intelide.sys F7A2E000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F762D000 - pcmcia.sys F77DE000 - MountMgr.sys F760E000 - ftdisk.sys F7BCA000 - ACPIEC.sys F7D76000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F7A36000 - PartMgr.sys F77EE000 - VolSnap.sys F75F6000 - atapi.sys F77FE000 - disk.sys F780E000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F75D6000 - fltMgr.sys F75C4000 - sr.sys F781E000 - PxHelp20.sys F75AD000 - KSecDD.sys F759A000 - WudfPf.sys F750D000 - Ntfs.sys F74E0000 - NDIS.sys F7BCE000 - vbtenum.sys F74CC000 - srescan.sys F782E000 - sbp2port.sys F7BD2000 - RecAgent.sys F74B1000 - Mup.sys F7A3E000 - BTHidMgr.sys F783E000 - agp440.sys F7CA6000 - \SystemRoot\system32\DRIVERS unmp.sys F79CE000 - \SystemRoot\system32\DRIVERS\intelppm.sys F7CAA000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F6B17000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6B03000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7A96000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6AE0000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7A9E000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F79DE000 - \SystemRoot\system32\DRIVERS ic1394.sys F7AA6000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7AAE000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6A8D000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys F7AB6000 - \SystemRoot\System32\Drivers\WBMS.SYS F79EE000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F6A5F000 - \SystemRoot\system32\DRIVERS\SynTP.sys F7CDA000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7ABE000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7AC6000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7ACE000 - \SystemRoot\system32\DRIVERS\fdc.sys F6A4B000 - \SystemRoot\system32\DRIVERS\parport.sys F6A3A000 - \SystemRoot\system32\DRIVERS\serial.sys F7489000 - \SystemRoot\system32\DRIVERS\serenum.sys F7AD6000 - \SystemRoot\system32\DRIVERS scirda.sys F7485000 - \SystemRoot\system32\DRIVERS\irenum.sys F79FE000 - \SystemRoot\system32\DRIVERS\imapi.sys F6A24000 - \SystemRoot\System32\Drivers\AnyDVD.sys F7ADE000 - \SystemRoot\system32\drivers\Afc.sys F7AE6000 - \SystemRoot\system32\drivers\pfc.sys F7CDC000 - \SystemRoot\System32\Drivers\ElbyDelay.sys F7A0E000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7A1E000 - \SystemRoot\system32\DRIVERS edbook.sys F6A01000 - \SystemRoot\system32\DRIVERS\ks.sys F69E9000 - \SystemRoot\system32\drivers\ac97intc.sys F69C5000 - \SystemRoot\system32\drivers\portcls.sys F6C9D000 - \SystemRoot\system32\drivers\drmk.sys F6919000 - \SystemRoot\system32\DRIVERS\slntamr.sys F7475000 - \SystemRoot\system32\DRIVERS\SlWdmSup.sys F68FA000 - \SystemRoot\system32\DRIVERS\Mtlmnt5.sys F7AEE000 - \SystemRoot\System32\Drivers\Modem.SYS F6893000 - \SystemRoot\System32\Drivers\agrek5su.SYS F6C7D000 - \SystemRoot\System32\Drivers\VcommMgr.sys F7B4E000 - \SystemRoot\system32\DRIVERS\blueletaudio.sys F7B56000 - \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys F7E81000 - \SystemRoot\system32\DRIVERS\audstub.sys F7CE6000 - \SystemRoot\System32\Drivers\RootMdm.sys F7B5E000 - \SystemRoot\system32\DRIVERS asirda.sys F7B66000 - \SystemRoot\system32\DRIVERS\TDI.SYS F787E000 - \SystemRoot\system32\DRIVERS asl2tp.sys F7173000 - \SystemRoot\system32\DRIVERS distapi.sys F6854000 - \SystemRoot\system32\DRIVERS diswan.sys F788E000 - \SystemRoot\system32\DRIVERS aspppoe.sys F789E000 - \SystemRoot\system32\DRIVERS aspptp.sys F6843000 - \SystemRoot\system32\DRIVERS\psched.sys F78AE000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7B6E000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7B76000 - \SystemRoot\system32\DRIVERS aspti.sys F716F000 - \SystemRoot\system32\DRIVERS\btnetdrv.sys F7B7E000 - \SystemRoot\system32\DRIVERS\VComm.sys F78BE000 - \SystemRoot\system32\DRIVERS ermdd.sys F7CE8000 - \SystemRoot\system32\DRIVERS\swenum.sys F67EA000 - \SystemRoot\system32\DRIVERS\update.sys F716B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F78CE000 - \SystemRoot\System32\Drivers\NDProxy.SYS F790E000 - \SystemRoot\system32\DRIVERS\usbhub.sys F6877000 - \SystemRoot\system32\drivers\MODEMCSA.sys F7BA6000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F26B7000 - \SystemRoot\system32\DRIVERS\klif.sys F7D0C000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7D80000 - \SystemRoot\System32\Drivers\Null.SYS F7D0E000 - \SystemRoot\System32\Drivers\Beep.SYS F7D81000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7A56000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7A5E000 - \SystemRoot\System32\drivers\vga.sys F7D12000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7D14000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A66000 - \SystemRoot\System32\Drivers\Msfs.SYS F7A6E000 - \SystemRoot\System32\Drivers\Npfs.SYS F67D2000 - \SystemRoot\system32\DRIVERS asacd.sys F2634000 - \SystemRoot\system32\DRIVERS\ipsec.sys F25DC000 - \SystemRoot\system32\DRIVERS cpip.sys F25B4000 - \SystemRoot\system32\DRIVERS etbt.sys F795E000 - \SystemRoot\system32\DRIVERS\epfwtdir.sys F257C000 - \SystemRoot\system32\DRIVERS cpip6.sys F251C000 - \SystemRoot\System32\vsdatant.sys F24FA000 - \SystemRoot\System32\drivers\afd.sys F796E000 - \SystemRoot\system32\DRIVERS etbios.sys F24CF000 - \SystemRoot\system32\DRIVERS dbss.sys F2460000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F797E000 - \SystemRoot\System32\Drivers\Fips.SYS F243F000 - \SystemRoot\system32\DRIVERS\ipnat.sys F7A76000 - \SystemRoot\system32\DRIVERS\Ip6Fw.sys F7A86000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys F798E000 - \SystemRoot\system32\DRIVERS\easdrv.sys F7DC7000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F799E000 - \SystemRoot\system32\DRIVERS\wanarp.sys F79AE000 - \SystemRoot\system32\DRIVERS\arp1394.sys F6CAD000 - \SystemRoot\System32\Drivers\Cdfs.SYS F23FF000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7D30000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7CA2000 - \SystemRoot\System32\drivers\Dxapi.sys F7B06000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7E31000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA10000 - \SystemRoot\System32\ati2cqag.dll BFA42000 - \SystemRoot\System32\atikvmag.dll BFA74000 - \SystemRoot\System32\ati3duag.dll BFCA5000 - \SystemRoot\System32\ativvaxx.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL F2191000 - \SystemRoot\system32\DRIVERS\irda.sys F67D6000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys F221B000 - \SystemRoot\system32\DRIVERS disuio.sys F1E94000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7D2A000 - \SystemRoot\System32\Drivers\ParVdm.SYS F1D7F000 - \SystemRoot\system32\DRIVERS\eamon.sys F1D2D000 - \SystemRoot\system32\DRIVERS\srv.sys F1E3C000 - \SystemRoot\system32\DRIVERS\secdrv.sys F268F000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys F18B8000 - \SystemRoot\system32\drivers\wdmaud.sys F1A55000 - \SystemRoot\system32\drivers\sysaudio.sys F1501000 - \SystemRoot\System32\Drivers\HTTP.sys F14DD000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS F0CB3000 - \SystemRoot\system32\drivers\kmixer.sys F7D93000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 165 Liste des programmes installes Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Photoshop CS2 Adobe Reader 8.1.1 - Français Adobe Stock Photos 1.0 Age of Empires III Age of Empires III AiO_Scan_CDA AiOSoftwareNPI AnyDVD Archiveur WinRAR ArcSoft Software Suite Assistant de connexion Windows Live ATI - Utilitaire de désinstallation du logiciel ATI Control Panel ATI Display Driver Avance AC'97 Audio AVG Anti-Spyware 7.5 AviSynth 2.5 Azureus Bluesoleil3.2.2.8 Release 070421 BufferChm C3100 CCleaner (remove only) CloneDVD2 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 CustomerResearchQFolder Destinations DeviceManagementQFolder DivX Web Player DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder eMule ESET NOD32 Antivirus Fax_CDA Galerie de photos Windows Live Hero Editor V0.96 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915800) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HPPhotoSmartExpress InstantShareDevicesMFC InterActual Player InterVideo WinDVD 5 J2SE Runtime Environment 5.0 Update 10 Java(TM) 6 Update 3 K-Lite Codec Pack 3.4.5 Full Lecteur Windows Media 11 Logitech QuickCam Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin MarketResearch MediaCoder 0.6.0 Messenger Plus! Live Micro Application - ADSL Radio Enregistreur Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 French Language Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Groove MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Ultimate 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft XML Parser Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920342) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB925720) Mise à jour pour Windows XP (KB925876) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB933579) Multimedia / Internet Keyboard Driver MVision Navilog1 3.4.0 Nero 7 Lite v7.5.1.1 NetGammon8 NewCopy_CDA NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) Notepad++ OCR Software by I.R.I.S 7.0 OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 OpenMG Secure Module 4.7.00 Package de base Microsoft de service de chiffrement pour cartes à puce PanoStandAlone PHOTOfunSTUDIO -viewer- Polar ProTrainer Polar WebLink 2.4.0 ProductContextNPI Programme de gestion Camera de Logitech® QuickTime Readme SAGEM F@st 800-840 SAGEM Wi-Fi 11g Cardbus adapter SAGEM Wi-Fi 11g Cardbus adapter Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update pour Microsoft .NET Framework 2.0 (KB928365) Sid Meier's Civilization 4 Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Warlords Skype™ 3.5 Smart Link 56K Voice Modem SnowSAA Sony Ericsson PC Suite 1.20.224 SpeedSim Spelling Dictionaries Support For Adobe Reader 8 Status Synaptics Pointing Device Driver Toolbox TrayApp Unload Update for Outlook 2007 Junk Email Filter (kb943597) Update for Outlook 2007 Junk Email Filter (kb943597) Utilitaire de gestion du LAN Wifi IEEE 802.11g VideoLAN VLC media player 0.8.5-freehd WebFldrs XP WebReg Windows Communication Foundation Windows Communication Foundation Language Pack - FRA Windows Desktop Search 3.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation Windows Workflow Foundation FR Language Pack XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\Program Files 05/02/2008 18:40 . 05/02/2008 18:40 .. 04/10/2007 09:37 Adobe 12/12/2007 19:20 adslTV 16/08/2007 09:34 ArcSoft 27/11/2006 21:56 ATI Technologies 27/11/2006 21:43 Avance Sound Manager 21/11/2007 20:41 AviSynth 2.5 27/11/2006 21:43 AvRack 27/12/2007 23:20 Azureus 11/01/2008 22:52 CCleaner 27/11/2006 21:14 ComPlus Applications 03/12/2006 17:41 Creative 04/12/2006 00:06 CyberLink 20/12/2007 14:19 DAEMON Tools 31/01/2008 14:08 Diablo II 03/10/2007 13:17 DivX 03/12/2006 17:19 Elaborate Bytes 07/02/2008 09:03 eMule 30/12/2007 11:18 ESET 30/01/2008 23:50 Fichiers communs 19/02/2007 22:18 Firaxis Games 20/12/2007 18:48 Google 19/10/2007 18:30 Goto.Games 02/02/2008 11:27 Grisoft 11/03/2007 13:57 Hero Editor 21/12/2007 20:58 Hewlett-Packard 20/12/2007 14:58 HP 27/11/2006 21:34 Intel 23/01/2007 04:13 InterActual 13/12/2007 17:41 Internet Explorer 23/01/2007 03:56 InterVideo 05/12/2007 18:30 IVT Corporation 29/01/2008 02:00 Java 03/10/2007 13:20 K-Lite Codec Pack 21/10/2007 19:06 Logitech 06/12/2007 01:03 Macromedia 19/01/2008 15:46 MediaCoder 28/11/2006 09:16 Messenger 19/01/2008 00:12 Messenger Plus! Live 27/11/2007 09:06 Micro Application 02/12/2007 14:47 Microsoft CAPICOM 2.1.0.2 27/11/2006 21:19 microsoft frontpage 28/12/2006 19:45 Microsoft Games 15/11/2007 22:40 Microsoft Money 2005 29/11/2006 01:56 Microsoft Office 01/12/2007 15:21 Microsoft SQL Server Compact Edition 07/12/2007 14:42 Microsoft Visual Studio 21/03/2007 19:17 Microsoft Visual Studio 8 07/12/2007 14:50 Microsoft Works 21/03/2007 19:24 Microsoft.NET 27/11/2006 21:15 Movie Maker 10/02/2008 13:12 Mozilla Firefox 07/12/2007 14:49 MSBuild 27/11/2006 21:11 MSN 27/11/2006 21:12 MSN Gaming Zone 04/12/2006 20:26 MSXML 4.0 29/11/2007 12:18 MSXML 6.0 28/01/2008 21:22 Navilog1 05/01/2007 22:06 Nero 27/11/2006 21:15 NetMeeting 29/11/2007 16:25 Notepad++ 08/02/2008 19:25 ods 27/11/2006 21:12 Online Services 20/06/2007 21:59 Outlook Express 16/08/2007 09:42 Panasonic 19/02/2007 11:05 Paradox Interactive 04/10/2007 21:34 Polar 17/12/2007 21:13 Project64 1.6 16/08/2007 09:28 QuickTime 29/11/2007 12:00 Reference Assemblies 18/12/2007 16:38 SAA 16/01/2008 16:49 SAGEM 16/01/2008 22:13 SAGEM Wi-Fi 11g Cardbus adapter 27/11/2006 21:16 Services en ligne 25/03/2007 22:27 Sierra 12/11/2007 18:02 Skype 03/12/2006 17:18 SlySoft 01/09/2007 20:17 Sony 20/12/2006 13:15 Sony Ericsson 04/02/2008 02:12 SpeedSim 23/01/2007 21:06 Stardock 27/11/2006 22:01 Synaptics 22/01/2008 21:33 Trend Micro 18/02/2007 23:24 Utilitaire de gestion du LAN Wifi IEEE 802.11g 27/01/2008 18:33 VideoLAN 28/11/2006 09:43 Windows Desktop Search 01/12/2007 15:23 Windows Live 17/12/2007 21:40 Windows Live Safety Center 27/11/2006 22:59 Windows Media Connect 2 28/11/2006 09:21 Windows Media Player 27/11/2006 21:12 Windows NT 30/03/2007 22:29 WinRAR 27/11/2006 21:19 xerox 05/02/2008 18:40 Zone Labs 0 fichier(s) 0 octets 95 Rép(s) 1 756 160 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\Program Files\fichiers communs 30/01/2008 23:50 . 30/01/2008 23:50 .. 04/10/2007 09:38 Adobe 16/02/2007 13:04 Adobe Systems Shared 05/01/2007 22:06 Ahead 16/08/2007 09:37 ArcSoft 07/12/2007 14:42 DESIGNER 14/03/2007 19:51 Hewlett-Packard 21/12/2007 21:02 HP 21/02/2007 19:01 InstallShield 04/12/2006 20:26 InterVideo 28/11/2006 08:25 Java 21/10/2007 19:24 LogiShrd 06/12/2007 00:45 Macromedia 07/12/2007 14:49 Microsoft Shared 27/11/2006 21:15 MSSoap 28/11/2006 11:02 Nullsoft 27/11/2006 21:00 ODBC 27/11/2006 21:15 Services 12/11/2007 18:02 Skype 01/09/2007 20:13 Sony Shared 27/11/2006 21:00 SpeechEngines 28/12/2006 18:54 SWF Studio 07/12/2007 14:16 System 20/12/2006 13:16 Teleca Shared 27/11/2007 09:04 Wise Installation Wizard 0 fichier(s) 0 octets 26 Rép(s) 1 756 160 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 07/12/2007 14:39 . 07/12/2007 14:39 .. 07/12/2007 14:18 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 4 fichier(s) 1 260 754 octets 3 Rép(s) 1 756 155 904 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\ c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\airdecap.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\airodump.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\Updater.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\WinAircrack.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\wzcook.exe c:\Documents and Settings\Gusanodx\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Gusanodx\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe c:\Documents and Settings\Gusanodx\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe c:\Documents and Settings\Gusanodx\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\cleanup.exe c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\LaunchPad.exe c:\Documents and Settings\Gusanodx\Application Data\U3 emp\cleanup.exe c:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe c:\Documents and Settings\Gusanodx\Bureau\FixVundo.exe c:\Documents and Settings\Gusanodx\Bureau\VirtumundoBeGone.exe c:\Documents and Settings\Gusanodx\Bureau\VundoFix.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean\gzip.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean\LFiles.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean\pskill.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean ar.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp ar.exe c:\Documents and Settings\Gusanodx\Bureau\Download\AiO_071_000_201_000_CDA_Default-Express_NonNetwork_AmericasEuro1.exe c:\Documents and Settings\Gusanodx\Bureau\Download\avgas-setup-7.5.1.43.exe c:\Documents and Settings\Gusanodx\Bureau\Download\ccsetup203.exe c:\Documents and Settings\Gusanodx\Bureau\Download\daemon-tools.4.1.exe c:\Documents and Settings\Gusanodx\Bureau\Download\HJTInstall.exe c:\Documents and Settings\Gusanodx\Bureau\Download\Navilog1.exe c:\Documents and Settings\Gusanodx\Bureau\Download\SnowSAA.exe c:\Documents and Settings\Gusanodx\Bureau\Download\SpeedSim_0.9.8.0b_unicode.exe c:\Documents and Settings\Gusanodx\Bureau\Download\vlc-0.8.5-freehd-win32.exe c:\Documents and Settings\Gusanodx\Bureau\Download\vlc-0.8.6d-win32.exe c:\Documents and Settings\Gusanodx\Bureau\Download\zaSetup_fr.exe c:\Documents and Settings\Gusanodx\Bureau\Download\zaZA_Setup_fr.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean\gzip.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean\LFiles.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean\pskill.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean ar.exe c:\Documents and Settings\Gusanodx\Bureau\Download\ESET_NOD32_Antivirus_v3.x_Fix_v1.1\NOD32_v3_FiX_1.1-TemDono.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\MD5File.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\msnchk.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\Process.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\setpath.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\swreg.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\zip.exe c:\Documents and Settings\Gusanodx\Bureau\Download\pfull_361\final\SpyGestion.exe c:\Documents and Settings\Gusanodx\Bureau\Download\PSP\PSPRadio.exe c:\Documents and Settings\Gusanodx\Bureau\ESET_NOD32_Antivirus_Business_Edition_v3.0.566\NOD32 torrent\ESET 3.x Fix By KM92.exe c:\Documents and Settings\Gusanodx\Bureau\NOD32 v3.0.621 32_64bit + FiX\NOD32 v3.0.621 32_64bit + FiX\NOD32_v3_FiX_1.1.exe c:\Documents and Settings\Gusanodx\Bureau\OGSTimers060131\OGSTimers.exe c:\Documents and Settings\Gusanodx\Bureau\Utility_WL5021F\Utility\instmsia.exe c:\Documents and Settings\Gusanodx\Bureau\Utility_WL5021F\Utility\instmsiw.exe c:\Documents and Settings\Gusanodx\Bureau\Utility_WL5021F\Utility\setup.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\MD5File.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\msnchk.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\Process.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\setpath.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\swreg.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\zip.exe c:\Documents and Settings\Gusanodx\Mes documents\crack_sims2.exe c:\Documents and Settings\Gusanodx\Mes documents\Install_Messenger.exe c:\Documents and Settings\Gusanodx\Mes documents\klcodec283f.exe c:\Documents and Settings\Gusanodx\Mes documents\setup.exe c:\Documents and Settings\Gusanodx\Mes documents\Sims2EP5.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Gusanodx\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\LPSecurityExtension.dll c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\u3dapi09.dll c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Macromedia\Flash 8\fr\Configuration\External Libraries\FLfile.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_GANDALF.tar.gz a l'adresse http://upload.malekal.com Alors docteur!! Je crois qu'il à dérecté quelques choses!! en out cas mon antivirus s'est manifesté pendant le scan! Merci

Dangmart · Answer

DiagHelp version v1.4 - http://www.malekal.com excute le 10/02/2008 à 13:47:23,60 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10/02/2008 13:47:01 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10/02/2008 13:46:58 C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf -->10/02/2008 13:46:25 C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf -->10/02/2008 13:46:23 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->10/02/2008 13:46:16 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->10/02/2008 13:45:58 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->10/02/2008 13:40:19 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->10/02/2008 13:40:06 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->10/02/2008 13:39:58 C:\WINDOWS\prefetch\SCANNEUR.EXE-003C034F.pf -->10/02/2008 13:39:32 C:\WINDOWS\System32\drivers\fidbox.dat -->10/02/2008 13:46:53 C:\WINDOWS\System32\drivers\fidbox.idx -->10/02/2008 05:18:46 C:\WINDOWS\System32\drivers\adidsl.cfg -->16/01/2008 16:50:53 C:\WINDOWS\System32\drivers\epfwtdir.sys -->21/12/2007 08:21:56 C:\WINDOWS\System32\drivers\easdrv.sys -->21/12/2007 08:20:14 C:\WINDOWS\System32\drivers\eamon.sys -->21/12/2007 08:19:54 C:\WINDOWS\System32\drivers\sptd.sys -->18/12/2007 15:08:37 C:\WINDOWS\System32\vsconfig.xml -->10/02/2008 05:20:45 C:\WINDOWS\System32\VundoFixSVC.exe -->10/02/2008 05:16:16 C:\WINDOWS\System32\yceeg.ini -->10/02/2008 03:18:51 C:\WINDOWS\System32\yceeg.ini2 -->10/02/2008 03:16:33 C:\WINDOWS\System32\ehkkj.ini -->08/02/2008 22:22:22 C:\WINDOWS\System32\uepvwrjd.ini -->08/02/2008 21:18:47 C:\WINDOWS\System32\buuaijcj.ini -->08/02/2008 21:18:22 C:\WINDOWS\System32\WinUpdating.exe -->08/02/2008 13:12:40 C:\WINDOWS\System32\dbyvwuoy.ini -->08/02/2008 12:34:24 C:\WINDOWS\System32\bxgenmss.ini -->08/02/2008 12:05:14 C:\WINDOWS\System32\eolcxqcc.ini -->07/02/2008 21:19:10 C:\WINDOWS\System32\wpa.dbl -->07/02/2008 21:02:55 C:\WINDOWS\System32\mmhxfujp.ini -->06/02/2008 10:50:31 C:\WINDOWS\System32\ppqru.ini -->06/02/2008 01:54:01 C:\WINDOWS\System32\iuffaocl.ini -->05/02/2008 20:33:39 C:\WINDOWS\System32\drdctgyh.ini -->05/02/2008 20:33:04 C:\WINDOWS\System32\zllictbl.dat -->05/02/2008 18:59:27 C:\WINDOWS\System32\kxaogbdu.ini -->04/02/2008 19:48:07 C:\WINDOWS\System32 qtss.ini -->31/01/2008 22:39:26 C:\WINDOWS\System32\mcrh.tmp -->31/01/2008 14:41:23 C:\WINDOWS\System32\wxbay.ini -->31/01/2008 05:01:27 C:\WINDOWS\System32 stss.ini -->29/01/2008 23:08:56 C:\WINDOWS\System32\pcvkbptu.ini -->29/01/2008 18:46:13 C:\WINDOWS\System32\perfh00C.dat -->28/01/2008 23:03:58 C:\WINDOWS\System32\perfh009.dat -->28/01/2008 23:03:58 C:\WINDOWS\WindowsUpdate.log -->10/02/2008 13:34:17 C:\WINDOWS\wiadebug.log -->10/02/2008 05:20:25 C:\WINDOWS\wiaservc.log -->10/02/2008 05:20:16 C:\WINDOWS\0.log -->10/02/2008 05:20:01 C:\WINDOWS\bootstat.dat -->10/02/2008 05:19:57 C:\WINDOWS\SchedLgU.Txt -->09/02/2008 20:19:26 C:\WINDOWS\cookies.ini -->09/02/2008 10:12:31 C:\WINDOWS\wmsetup.log -->08/02/2008 12:46:35 C:\WINDOWS\setupapi.log -->06/02/2008 12:33:34 C:\WINDOWS tbtlog.txt -->02/02/2008 15:18:29 C:\WINDOWS\win.ini -->02/02/2008 01:59:47 C:\WINDOWS\system.ini -->31/01/2008 05:20:30 C:\WINDOWS\BM3b7cc5a5.xml -->31/01/2008 04:49:48 C:\WINDOWS\pskt.ini -->31/01/2008 03:31:23 C:\WINDOWS\msnfix.txt -->29/01/2008 14:36:13 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 3016 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x009b0000 0x1c000 11.01.0000.2021 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL 0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL 0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll 0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x63000000 0x13000 7.12.0007.0000 C:\WINDOWS\system32\SynTPFcs.dll 0x66b40000 0x17d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL 0x02f20000 0x1a5000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\1036\GrooveIntlResource.dll 0x4b4f0000 0x86000 5.41.0015.1514 C:\WINDOWS\system32\MSFTEDIT.DLL 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03e90000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x029d0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x1c000000 0x6000 C:\WINDOWS\HKNTDLL.dll 0x01150000 0x2c000 C:\Program Files\WinRAR arext.dll 0x00ec0000 0x6000 1.02.0001.0000 C:\Program Files\Notepad++ ppcm.dll 0x10000000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x01280000 0xb000 7.00.0462.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll 0x01290000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll 0x22000000 0x2e000 3.00.0621.0000 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll 0x028b0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x024d0000 0x4b000 6.00.5824.16387 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 0x019a0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1140 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x10000 6.14.0010.4114 C:\WINDOWS\system32\Ati2evxx.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\WINDOWS\system32 05/08/2004 13:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 1 764 663 296 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\WINDOWS\Downloaded Program Files 02/02/2008 18:26 . 02/02/2008 18:26 .. 02/02/2008 18:27 CONFLICT.1 27/11/2006 21:17 65 desktop.ini 17/07/2007 09:20 378 ImageUploader4.inf 17/07/2007 09:22 2 635 312 ImageUploader4.ocx 25/10/2007 16:54 471 040 oscan8.ocx 09/11/2006 14:36 5 019 swflash.inf 15/10/2007 10:02 465 472 wlscBase.dll 15/10/2007 10:11 320 wlscBase.inf 26/05/2005 04:19 291 wuweb.inf 8 fichier(s) 3 577 897 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 02/02/2008 18:27 . 02/02/2008 18:27 .. 09/01/2008 15:01 1 244 oscan8.inf 09/01/2008 15:01 471 040 oscan8.ocx 2 fichier(s) 472 284 octets Total des fichiers listés : 10 fichier(s) 4 050 181 octets 5 Rép(s) 1 764 663 296 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 13:51:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. IPC error: 2 Le fichier spécifié est introuvable. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:0ebe798e "s2"=dword:fa21a20f "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b2,55,da,21,fd,f0,67,3a,87,d7,ff,b0,31,61,d5,f7,1e,0e,ab,77,a0,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,cf,de,96,6f,b4,ce,82,8e,23,aa,36,d3,31,30,8c,c2,11,.. "khjeh"=hex:b1,c5,22,14,45,1d,fd,83,34,90,2e,1a,27,81,02,e6,15,b8,e8,15,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0b,65,b3,1a,80,d2,d5,cc,93,08,ac,f6,75,ee,5e,71,1b,a1,ff,b4,44,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 540 - LVPrcSrv.exe 632 - guard.exe 684 - GrooveMonitor.e 708 - ekrn.exe 732 - alg.exe 756 - LVComSer.exe 1060 - slserv.exe 1116 - csrss.exe 1140 - winlogon.exe 1188 - services.exe 1200 - lsass.exe 1248 - ctfmon.exe 1356 - ati2evxx.exe 1372 - svchost.exe 1448 - svchost.exe 1496 - svchost.exe 1556 - SynTPLpr.exe 1576 - svchost.exe 1616 - searchindexer.e 1732 - SynTPEnh.exe 1748 - svchost.exe 1876 - vsmon.exe 2080 - mHotkey.exe 2136 - Application Lau 2212 - hpqste08.exe 2256 - msnmsgr.exe 2332 - epmworker.exe 2460 - msmsgs.exe 2504 - Quickcam.exe 2592 - daemon.exe 2636 - Communications_ 2768 - ati2evxx.exe 2852 - egui.exe 2980 - Generic.exe 3012 - Wificard.exe 3016 - explorer.exe 3080 - COCIManager.exe 3412 - dslmon.exe 3432 - hpqtra08.exe 3492 - WinCinemaMgr.ex 3640 - WindowsSearch.e 3664 - avgas.exe 3688 - qttask.exe 3748 - zlclient.exe 3984 - AnyDVD.exe 60324 - iexplore.exe 61084 - cmd.exe Total number of processes = 48 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 toskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F7CAE000 - \WINDOWS\system32\KDCOM.DLL F7BBE000 - \WINDOWS\system32\BOOTVID.dll F76A3000 - sptd.sys F7CB0000 - \WINDOWS\System32\Drivers\WMILIB.SYS F768B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F765C000 - ACPI.sys F764B000 - pci.sys F77AE000 - ohci1394.sys F77BE000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F77CE000 - isapnp.sys F7BC2000 - compbatt.sys F7BC6000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F7CB2000 - intelide.sys F7A2E000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F762D000 - pcmcia.sys F77DE000 - MountMgr.sys F760E000 - ftdisk.sys F7BCA000 - ACPIEC.sys F7D76000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F7A36000 - PartMgr.sys F77EE000 - VolSnap.sys F75F6000 - atapi.sys F77FE000 - disk.sys F780E000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F75D6000 - fltMgr.sys F75C4000 - sr.sys F781E000 - PxHelp20.sys F75AD000 - KSecDD.sys F759A000 - WudfPf.sys F750D000 - Ntfs.sys F74E0000 - NDIS.sys F7BCE000 - vbtenum.sys F74CC000 - srescan.sys F782E000 - sbp2port.sys F7BD2000 - RecAgent.sys F74B1000 - Mup.sys F7A3E000 - BTHidMgr.sys F783E000 - agp440.sys F7CA6000 - \SystemRoot\system32\DRIVERS unmp.sys F79CE000 - \SystemRoot\system32\DRIVERS\intelppm.sys F7CAA000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F6B17000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6B03000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7A96000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6AE0000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7A9E000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F79DE000 - \SystemRoot\system32\DRIVERS ic1394.sys F7AA6000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7AAE000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6A8D000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys F7AB6000 - \SystemRoot\System32\Drivers\WBMS.SYS F79EE000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F6A5F000 - \SystemRoot\system32\DRIVERS\SynTP.sys F7CDA000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7ABE000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7AC6000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7ACE000 - \SystemRoot\system32\DRIVERS\fdc.sys F6A4B000 - \SystemRoot\system32\DRIVERS\parport.sys F6A3A000 - \SystemRoot\system32\DRIVERS\serial.sys F7489000 - \SystemRoot\system32\DRIVERS\serenum.sys F7AD6000 - \SystemRoot\system32\DRIVERS scirda.sys F7485000 - \SystemRoot\system32\DRIVERS\irenum.sys F79FE000 - \SystemRoot\system32\DRIVERS\imapi.sys F6A24000 - \SystemRoot\System32\Drivers\AnyDVD.sys F7ADE000 - \SystemRoot\system32\drivers\Afc.sys F7AE6000 - \SystemRoot\system32\drivers\pfc.sys F7CDC000 - \SystemRoot\System32\Drivers\ElbyDelay.sys F7A0E000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7A1E000 - \SystemRoot\system32\DRIVERS edbook.sys F6A01000 - \SystemRoot\system32\DRIVERS\ks.sys F69E9000 - \SystemRoot\system32\drivers\ac97intc.sys F69C5000 - \SystemRoot\system32\drivers\portcls.sys F6C9D000 - \SystemRoot\system32\drivers\drmk.sys F6919000 - \SystemRoot\system32\DRIVERS\slntamr.sys F7475000 - \SystemRoot\system32\DRIVERS\SlWdmSup.sys F68FA000 - \SystemRoot\system32\DRIVERS\Mtlmnt5.sys F7AEE000 - \SystemRoot\System32\Drivers\Modem.SYS F6893000 - \SystemRoot\System32\Drivers\agrek5su.SYS F6C7D000 - \SystemRoot\System32\Drivers\VcommMgr.sys F7B4E000 - \SystemRoot\system32\DRIVERS\blueletaudio.sys F7B56000 - \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys F7E81000 - \SystemRoot\system32\DRIVERS\audstub.sys F7CE6000 - \SystemRoot\System32\Drivers\RootMdm.sys F7B5E000 - \SystemRoot\system32\DRIVERS asirda.sys F7B66000 - \SystemRoot\system32\DRIVERS\TDI.SYS F787E000 - \SystemRoot\system32\DRIVERS asl2tp.sys F7173000 - \SystemRoot\system32\DRIVERS distapi.sys F6854000 - \SystemRoot\system32\DRIVERS diswan.sys F788E000 - \SystemRoot\system32\DRIVERS aspppoe.sys F789E000 - \SystemRoot\system32\DRIVERS aspptp.sys F6843000 - \SystemRoot\system32\DRIVERS\psched.sys F78AE000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7B6E000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7B76000 - \SystemRoot\system32\DRIVERS aspti.sys F716F000 - \SystemRoot\system32\DRIVERS\btnetdrv.sys F7B7E000 - \SystemRoot\system32\DRIVERS\VComm.sys F78BE000 - \SystemRoot\system32\DRIVERS ermdd.sys F7CE8000 - \SystemRoot\system32\DRIVERS\swenum.sys F67EA000 - \SystemRoot\system32\DRIVERS\update.sys F716B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F78CE000 - \SystemRoot\System32\Drivers\NDProxy.SYS F790E000 - \SystemRoot\system32\DRIVERS\usbhub.sys F6877000 - \SystemRoot\system32\drivers\MODEMCSA.sys F7BA6000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F26B7000 - \SystemRoot\system32\DRIVERS\klif.sys F7D0C000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7D80000 - \SystemRoot\System32\Drivers\Null.SYS F7D0E000 - \SystemRoot\System32\Drivers\Beep.SYS F7D81000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7A56000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7A5E000 - \SystemRoot\System32\drivers\vga.sys F7D12000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7D14000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A66000 - \SystemRoot\System32\Drivers\Msfs.SYS F7A6E000 - \SystemRoot\System32\Drivers\Npfs.SYS F67D2000 - \SystemRoot\system32\DRIVERS asacd.sys F2634000 - \SystemRoot\system32\DRIVERS\ipsec.sys F25DC000 - \SystemRoot\system32\DRIVERS cpip.sys F25B4000 - \SystemRoot\system32\DRIVERS etbt.sys F795E000 - \SystemRoot\system32\DRIVERS\epfwtdir.sys F257C000 - \SystemRoot\system32\DRIVERS cpip6.sys F251C000 - \SystemRoot\System32\vsdatant.sys F24FA000 - \SystemRoot\System32\drivers\afd.sys F796E000 - \SystemRoot\system32\DRIVERS etbios.sys F24CF000 - \SystemRoot\system32\DRIVERS dbss.sys F2460000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F797E000 - \SystemRoot\System32\Drivers\Fips.SYS F243F000 - \SystemRoot\system32\DRIVERS\ipnat.sys F7A76000 - \SystemRoot\system32\DRIVERS\Ip6Fw.sys F7A86000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys F798E000 - \SystemRoot\system32\DRIVERS\easdrv.sys F7DC7000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F799E000 - \SystemRoot\system32\DRIVERS\wanarp.sys F79AE000 - \SystemRoot\system32\DRIVERS\arp1394.sys F6CAD000 - \SystemRoot\System32\Drivers\Cdfs.SYS F23FF000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7D30000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7CA2000 - \SystemRoot\System32\drivers\Dxapi.sys F7B06000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7E31000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA10000 - \SystemRoot\System32\ati2cqag.dll BFA42000 - \SystemRoot\System32\atikvmag.dll BFA74000 - \SystemRoot\System32\ati3duag.dll BFCA5000 - \SystemRoot\System32\ativvaxx.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL F2191000 - \SystemRoot\system32\DRIVERS\irda.sys F67D6000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys F221B000 - \SystemRoot\system32\DRIVERS disuio.sys F1E94000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7D2A000 - \SystemRoot\System32\Drivers\ParVdm.SYS F1D7F000 - \SystemRoot\system32\DRIVERS\eamon.sys F1D2D000 - \SystemRoot\system32\DRIVERS\srv.sys F1E3C000 - \SystemRoot\system32\DRIVERS\secdrv.sys F268F000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys F18B8000 - \SystemRoot\system32\drivers\wdmaud.sys F1A55000 - \SystemRoot\system32\drivers\sysaudio.sys F1501000 - \SystemRoot\System32\Drivers\HTTP.sys F14DD000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS F0CB3000 - \SystemRoot\system32\drivers\kmixer.sys F7D93000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 165 Liste des programmes installes Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Photoshop CS2 Adobe Reader 8.1.1 - Français Adobe Stock Photos 1.0 Age of Empires III Age of Empires III AiO_Scan_CDA AiOSoftwareNPI AnyDVD Archiveur WinRAR ArcSoft Software Suite Assistant de connexion Windows Live ATI - Utilitaire de désinstallation du logiciel ATI Control Panel ATI Display Driver Avance AC'97 Audio AVG Anti-Spyware 7.5 AviSynth 2.5 Azureus Bluesoleil3.2.2.8 Release 070421 BufferChm C3100 CCleaner (remove only) CloneDVD2 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 CustomerResearchQFolder Destinations DeviceManagementQFolder DivX Web Player DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder eMule ESET NOD32 Antivirus Fax_CDA Galerie de photos Windows Live Hero Editor V0.96 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915800) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HPPhotoSmartExpress InstantShareDevicesMFC InterActual Player InterVideo WinDVD 5 J2SE Runtime Environment 5.0 Update 10 Java(TM) 6 Update 3 K-Lite Codec Pack 3.4.5 Full Lecteur Windows Media 11 Logitech QuickCam Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin MarketResearch MediaCoder 0.6.0 Messenger Plus! Live Micro Application - ADSL Radio Enregistreur Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 French Language Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Groove MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Ultimate 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft XML Parser Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920342) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB925720) Mise à jour pour Windows XP (KB925876) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB933579) Multimedia / Internet Keyboard Driver MVision Navilog1 3.4.0 Nero 7 Lite v7.5.1.1 NetGammon8 NewCopy_CDA NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) Notepad++ OCR Software by I.R.I.S 7.0 OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 OpenMG Secure Module 4.7.00 Package de base Microsoft de service de chiffrement pour cartes à puce PanoStandAlone PHOTOfunSTUDIO -viewer- Polar ProTrainer Polar WebLink 2.4.0 ProductContextNPI Programme de gestion Camera de Logitech® QuickTime Readme SAGEM F@st 800-840 SAGEM Wi-Fi 11g Cardbus adapter SAGEM Wi-Fi 11g Cardbus adapter Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update pour Microsoft .NET Framework 2.0 (KB928365) Sid Meier's Civilization 4 Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Warlords Skype™ 3.5 Smart Link 56K Voice Modem SnowSAA Sony Ericsson PC Suite 1.20.224 SpeedSim Spelling Dictionaries Support For Adobe Reader 8 Status Synaptics Pointing Device Driver Toolbox TrayApp Unload Update for Outlook 2007 Junk Email Filter (kb943597) Update for Outlook 2007 Junk Email Filter (kb943597) Utilitaire de gestion du LAN Wifi IEEE 802.11g VideoLAN VLC media player 0.8.5-freehd WebFldrs XP WebReg Windows Communication Foundation Windows Communication Foundation Language Pack - FRA Windows Desktop Search 3.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation Windows Workflow Foundation FR Language Pack XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\Program Files 05/02/2008 18:40 . 05/02/2008 18:40 .. 04/10/2007 09:37 Adobe 12/12/2007 19:20 adslTV 16/08/2007 09:34 ArcSoft 27/11/2006 21:56 ATI Technologies 27/11/2006 21:43 Avance Sound Manager 21/11/2007 20:41 AviSynth 2.5 27/11/2006 21:43 AvRack 27/12/2007 23:20 Azureus 11/01/2008 22:52 CCleaner 27/11/2006 21:14 ComPlus Applications 03/12/2006 17:41 Creative 04/12/2006 00:06 CyberLink 20/12/2007 14:19 DAEMON Tools 31/01/2008 14:08 Diablo II 03/10/2007 13:17 DivX 03/12/2006 17:19 Elaborate Bytes 07/02/2008 09:03 eMule 30/12/2007 11:18 ESET 30/01/2008 23:50 Fichiers communs 19/02/2007 22:18 Firaxis Games 20/12/2007 18:48 Google 19/10/2007 18:30 Goto.Games 02/02/2008 11:27 Grisoft 11/03/2007 13:57 Hero Editor 21/12/2007 20:58 Hewlett-Packard 20/12/2007 14:58 HP 27/11/2006 21:34 Intel 23/01/2007 04:13 InterActual 13/12/2007 17:41 Internet Explorer 23/01/2007 03:56 InterVideo 05/12/2007 18:30 IVT Corporation 29/01/2008 02:00 Java 03/10/2007 13:20 K-Lite Codec Pack 21/10/2007 19:06 Logitech 06/12/2007 01:03 Macromedia 19/01/2008 15:46 MediaCoder 28/11/2006 09:16 Messenger 19/01/2008 00:12 Messenger Plus! Live 27/11/2007 09:06 Micro Application 02/12/2007 14:47 Microsoft CAPICOM 2.1.0.2 27/11/2006 21:19 microsoft frontpage 28/12/2006 19:45 Microsoft Games 15/11/2007 22:40 Microsoft Money 2005 29/11/2006 01:56 Microsoft Office 01/12/2007 15:21 Microsoft SQL Server Compact Edition 07/12/2007 14:42 Microsoft Visual Studio 21/03/2007 19:17 Microsoft Visual Studio 8 07/12/2007 14:50 Microsoft Works 21/03/2007 19:24 Microsoft.NET 27/11/2006 21:15 Movie Maker 10/02/2008 13:12 Mozilla Firefox 07/12/2007 14:49 MSBuild 27/11/2006 21:11 MSN 27/11/2006 21:12 MSN Gaming Zone 04/12/2006 20:26 MSXML 4.0 29/11/2007 12:18 MSXML 6.0 28/01/2008 21:22 Navilog1 05/01/2007 22:06 Nero 27/11/2006 21:15 NetMeeting 29/11/2007 16:25 Notepad++ 08/02/2008 19:25 ods 27/11/2006 21:12 Online Services 20/06/2007 21:59 Outlook Express 16/08/2007 09:42 Panasonic 19/02/2007 11:05 Paradox Interactive 04/10/2007 21:34 Polar 17/12/2007 21:13 Project64 1.6 16/08/2007 09:28 QuickTime 29/11/2007 12:00 Reference Assemblies 18/12/2007 16:38 SAA 16/01/2008 16:49 SAGEM 16/01/2008 22:13 SAGEM Wi-Fi 11g Cardbus adapter 27/11/2006 21:16 Services en ligne 25/03/2007 22:27 Sierra 12/11/2007 18:02 Skype 03/12/2006 17:18 SlySoft 01/09/2007 20:17 Sony 20/12/2006 13:15 Sony Ericsson 04/02/2008 02:12 SpeedSim 23/01/2007 21:06 Stardock 27/11/2006 22:01 Synaptics 22/01/2008 21:33 Trend Micro 18/02/2007 23:24 Utilitaire de gestion du LAN Wifi IEEE 802.11g 27/01/2008 18:33 VideoLAN 28/11/2006 09:43 Windows Desktop Search 01/12/2007 15:23 Windows Live 17/12/2007 21:40 Windows Live Safety Center 27/11/2006 22:59 Windows Media Connect 2 28/11/2006 09:21 Windows Media Player 27/11/2006 21:12 Windows NT 30/03/2007 22:29 WinRAR 27/11/2006 21:19 xerox 05/02/2008 18:40 Zone Labs 0 fichier(s) 0 octets 95 Rép(s) 1 756 160 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\Program Files\fichiers communs 30/01/2008 23:50 . 30/01/2008 23:50 .. 04/10/2007 09:38 Adobe 16/02/2007 13:04 Adobe Systems Shared 05/01/2007 22:06 Ahead 16/08/2007 09:37 ArcSoft 07/12/2007 14:42 DESIGNER 14/03/2007 19:51 Hewlett-Packard 21/12/2007 21:02 HP 21/02/2007 19:01 InstallShield 04/12/2006 20:26 InterVideo 28/11/2006 08:25 Java 21/10/2007 19:24 LogiShrd 06/12/2007 00:45 Macromedia 07/12/2007 14:49 Microsoft Shared 27/11/2006 21:15 MSSoap 28/11/2006 11:02 Nullsoft 27/11/2006 21:00 ODBC 27/11/2006 21:15 Services 12/11/2007 18:02 Skype 01/09/2007 20:13 Sony Shared 27/11/2006 21:00 SpeechEngines 28/12/2006 18:54 SWF Studio 07/12/2007 14:16 System 20/12/2006 13:16 Teleca Shared 27/11/2007 09:04 Wise Installation Wizard 0 fichier(s) 0 octets 26 Rép(s) 1 756 160 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 07/12/2007 14:39 . 07/12/2007 14:39 .. 07/12/2007 14:18 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 4 fichier(s) 1 260 754 octets 3 Rép(s) 1 756 155 904 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-F696 Répertoire de C:\ c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\airdecap.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\airodump.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\Updater.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\WinAircrack.exe c:\Documents and Settings\All Users\Documents\Programmes partagée\Winaircrack\wzcook.exe c:\Documents and Settings\Gusanodx\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Gusanodx\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe c:\Documents and Settings\Gusanodx\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe c:\Documents and Settings\Gusanodx\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\cleanup.exe c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\LaunchPad.exe c:\Documents and Settings\Gusanodx\Application Data\U3 emp\cleanup.exe c:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe c:\Documents and Settings\Gusanodx\Bureau\FixVundo.exe c:\Documents and Settings\Gusanodx\Bureau\VirtumundoBeGone.exe c:\Documents and Settings\Gusanodx\Bureau\VundoFix.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean\gzip.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean\LFiles.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean\pskill.exe c:\Documents and Settings\Gusanodx\Bureau\clean\clean ar.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Gusanodx\Bureau\DiagHelp\DiagHelp ar.exe c:\Documents and Settings\Gusanodx\Bureau\Download\AiO_071_000_201_000_CDA_Default-Express_NonNetwork_AmericasEuro1.exe c:\Documents and Settings\Gusanodx\Bureau\Download\avgas-setup-7.5.1.43.exe c:\Documents and Settings\Gusanodx\Bureau\Download\ccsetup203.exe c:\Documents and Settings\Gusanodx\Bureau\Download\daemon-tools.4.1.exe c:\Documents and Settings\Gusanodx\Bureau\Download\HJTInstall.exe c:\Documents and Settings\Gusanodx\Bureau\Download\Navilog1.exe c:\Documents and Settings\Gusanodx\Bureau\Download\SnowSAA.exe c:\Documents and Settings\Gusanodx\Bureau\Download\SpeedSim_0.9.8.0b_unicode.exe c:\Documents and Settings\Gusanodx\Bureau\Download\vlc-0.8.5-freehd-win32.exe c:\Documents and Settings\Gusanodx\Bureau\Download\vlc-0.8.6d-win32.exe c:\Documents and Settings\Gusanodx\Bureau\Download\zaSetup_fr.exe c:\Documents and Settings\Gusanodx\Bureau\Download\zaZA_Setup_fr.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean\gzip.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean\LFiles.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean\pskill.exe c:\Documents and Settings\Gusanodx\Bureau\Download\clean\clean ar.exe c:\Documents and Settings\Gusanodx\Bureau\Download\ESET_NOD32_Antivirus_v3.x_Fix_v1.1\NOD32_v3_FiX_1.1-TemDono.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\MD5File.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\msnchk.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\Process.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\setpath.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\swreg.exe c:\Documents and Settings\Gusanodx\Bureau\Download\MSNFix\MSNFix\incl\zip.exe c:\Documents and Settings\Gusanodx\Bureau\Download\pfull_361\final\SpyGestion.exe c:\Documents and Settings\Gusanodx\Bureau\Download\PSP\PSPRadio.exe c:\Documents and Settings\Gusanodx\Bureau\ESET_NOD32_Antivirus_Business_Edition_v3.0.566\NOD32 torrent\ESET 3.x Fix By KM92.exe c:\Documents and Settings\Gusanodx\Bureau\NOD32 v3.0.621 32_64bit + FiX\NOD32 v3.0.621 32_64bit + FiX\NOD32_v3_FiX_1.1.exe c:\Documents and Settings\Gusanodx\Bureau\OGSTimers060131\OGSTimers.exe c:\Documents and Settings\Gusanodx\Bureau\Utility_WL5021F\Utility\instmsia.exe c:\Documents and Settings\Gusanodx\Bureau\Utility_WL5021F\Utility\instmsiw.exe c:\Documents and Settings\Gusanodx\Bureau\Utility_WL5021F\Utility\setup.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\MD5File.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\msnchk.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\Process.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\setpath.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\swreg.exe c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Microsoft\Messenger\delamontx@hotmail.fr\Sharing Folders\steve-rulz@hotmail.com\MSNFix\incl\zip.exe c:\Documents and Settings\Gusanodx\Mes documents\crack_sims2.exe c:\Documents and Settings\Gusanodx\Mes documents\Install_Messenger.exe c:\Documents and Settings\Gusanodx\Mes documents\klcodec283f.exe c:\Documents and Settings\Gusanodx\Mes documents\setup.exe c:\Documents and Settings\Gusanodx\Mes documents\Sims2EP5.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Gusanodx\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\LPSecurityExtension.dll c:\Documents and Settings\Gusanodx\Application Data\U3\0AB14A50C381A88C\u3dapi09.dll c:\Documents and Settings\Gusanodx\Local Settings\Application Data\Macromedia\Flash 8\fr\Configuration\External Libraries\FLfile.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_GANDALF.tar.gz a l'adresse http://upload.malekal.com Alors docteur!! Je crois qu'il à dérecté quelques choses!! en tout cas mon antivirus s'est manifesté pendant le scan! Aie! De plus je n'arrive pas à envoyer le fichier que DiagHelp à crée : fichier invalide! Merci

ep44 · Answer

tu vas analyser ces deux fichiers sur ce site stp https://www.virustotal.com/gui/

C:\WINDOWS\pskt.ini

C:\WINDOWS\System32\agrek5su.SYS

une fois analyser poste les résultats  et évite si possible de ne pas trop utiliser le pc en attendant 
une réponse
 Merci ;-)
@+

Dangmart · Answer

C:\WINDOWS\pskt.ini  je l'ai analysé et pas de réponse!!

C:\WINDOWS\System32\agrek5su.SYS  ne se trouve pas sur le disque dur!!

ep44 · Answer

C:\WINDOWS\pskt.ini je l'ai analysé et pas de réponse!! 
comment ca pas de réponse tu as bien eu une analyse de  tout un tas d'antivirus
tu dois avoir la liste des antivirus qui test ce dossiers 
quelque soit la résultat tu en fait un copier coller stp

pour celui-ci C:\WINDOWS\System32\agrek5su.SYS
ouvre tes dossiers cachés 
outils =>options des dossiers =>affichage => afficher les fichiers et dossiers cachés 
tu devrais le trouver 
ensuite refais la manip et coche "ne pas afficher les fichiers et dossiers cachés"
@+;-)

Dangmart · Answer

J'ai fait l'analyse et pas de réponses, " - "

pour celui-ci C:\WINDOWS\System32\agrek5su.SYS je l'avais fait en affichant les dossiers cachés et rien du tout!!

Je refais l'analyse et je suis en attente!

Dangmart · Answer

Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;2008.2.6.10;2008.02.05;-
AntiVir;7.6.0.62;2008.02.10;-
Authentium;4.93.8;2008.02.08;-
Avast;4.7.1098.0;2008.02.10;-
AVG;7.5.0.516;2008.02.10;-
BitDefender;7.2;2008.02.10;-
CAT-QuickHeal;None;2008.02.08;-
ClamAV;0.92;2008.02.10;-
DrWeb;4.44.0.09170;2008.02.10;-
eSafe;7.0.15.0;2008.01.28;-
eTrust-Vet;31.3.5522;2008.02.08;-
Ewido;4.0;2008.02.10;-
FileAdvisor;1;2008.02.10;-
Fortinet;3.14.0.0;2008.02.10;-
F-Prot;4.4.2.54;2008.02.10;-
F-Secure;6.70.13260.0;2008.02.10;-
Ikarus;T3.1.1.20;2008.02.10;-
Kaspersky;7.0.0.125;2008.02.10;-
McAfee;5226;2008.02.08;-
Microsoft;1.3204;2008.02.10;-
NOD32v2;2861;2008.02.09;-
Norman;5.80.02;2008.02.08;-
Panda;9.0.0.4;2008.02.10;-
Prevx1;V2;2008.02.10;-
Rising;20.29.22.00;2008.01.30;-
Sophos;4.26.0;2008.02.10;-
Sunbelt;2.2.907.0;2008.02.09;-
Symantec;10;2008.02.10;-
TheHacker;6.2.9.215;2008.02.09;-
VBA32;3.12.6.0;2008.02.09;-
VirusBuster;4.3.26:9;2008.02.10;-
Webwasher-Gateway;6.6.2;2008.02.10;-

Information additionnelle
File size: 22 bytes
MD5: 56938254dc4f108a593521b6f9053b30
SHA1: f6c658d340fdd4dfb83647f3a87a72eb55077c4c
PEiD: -

Voici le résultat

lola · Answer

tu pourrais par la même occasion supprimer ton nod32 cracké:
 C:\WINDOWS
od32fixtemdono.reg 
sinon ca ne sert à rien. télécharger des cracks pour ensuite
venir compter sur l'aide naive des "désinfecteurs bénévoles",mdr.
on voit le moindre fichier mais les cracks on ferme les yeux,ce qui compte
c'est de désinfecter.
 ego ?

Dangmart · Answer

Et oui nul n'est pafait!! J'ai pris maintenant antivir!!

ep44 · Answer

Bonsoir 
j'espère que cette fois-ci sera la bonne 


selectionne ceci 


File::

C:\WINDOWS\System32\yceeg.ini
C:\WINDOWS\System32\yceeg.ini2
C:\WINDOWS\System32\ehkkj.ini
C:\WINDOWS\System32\uepvwrjd.ini
C:\WINDOWS\System32\buuaijcj.ini
C:\WINDOWS\System32\WinUpdating.exe
C:\WINDOWS\System32\dbyvwuoy.ini
C:\WINDOWS\System32\bxgenmss.ini
C:\WINDOWS\System32\eolcxqcc.ini
C:\WINDOWS\System32\mmhxfujp.ini
C:\WINDOWS\System32\ppqru.ini
C:\WINDOWS\System32\iuffaocl.ini
C:\WINDOWS\System32\drdctgyh.ini
C:\WINDOWS\System32\kxaogbdu.ini
C:\WINDOWS\System32qtss.ini
C:\WINDOWS\System32\mcrh.tmp
C:\WINDOWS\System32\wxbay.ini
C:\WINDOWS\System32	stss.ini
C:\WINDOWS\System32\pcvkbptu.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\BM3b7cc5a5.xml
C:\Documents and Settings\Gusanodx\Bureau\Download\AiO_071_000_201_000_CDA_Default-Express_NonNetwork_Ameri casEuro1.exe
C:\Documents and Settings\Gusanodx\Bureau\Download\SnowSAA.exe


Driver::
agrek5su.SYS


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

et en effet pas de crack ni de peer to peer 
pas bon du tout pour ton pc 

on voit le moindre fichier mais les cracks on ferme les yeux,ce qui compte
c'est de désinfecter. 

tu n'as pas tort mais nous ne pouvons le laisser avec tout ça, non ??

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-02-11 21:26:26.12 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.386 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\poof ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) 2008-02-10 19:32 d-------- C:\Program Files\Avira 2008-02-10 19:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira 2008-02-10 18:22 112,992 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys 2008-02-10 18:22 d-------- C:\Program Files\KeyScrambler 2008-02-10 18:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files 2008-02-10 05:16 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-09 01:05 399,657 --ahs---- C:\WINDOWS\system32\yceeg.ini2 2008-02-05 19:11 13,649,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-05 18:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-05 18:40 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-05 18:38 d-------- C:\WINDOWS\Internet Logs 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-28 11:33 d--h----- C:\Program Files tsecurity 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-11 21:36 162032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-11 18:34 --------- d-------- C:\Program Files\ods 2008-02-10 23:58 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-02-08 13:12 749568 --a------ C:\WINDOWS\system32\WinUpdating.exe 2008-02-07 09:03 --------- d-------- C:\Program Files\eMule 2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2008-01-09 15:01 53248 --a------ C:\WINDOWS\bdoscandel.exe 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{577FAF42-7235-4C81-A853-DCAAD75E3175}] C:\WINDOWS\system32\geecy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5e0439d-c12a-4874-a472-83870dbf1a1a}] C:\WINDOWS\system32\kecdpdwy.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27] "384ff639"="C:\WINDOWS\system32\pkhxnpmx.dll" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-10 19:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geecy.dll R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3b7b0-969c-11db-b62a-0090f50d29f9}] AutoRun\command- I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Program Files tsecurity tsecurity.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 21:47:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-11 21:55:23 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-02-11 21:54 C:\ComboFix2.txt ... 2008-02-09 21:13 C:\ComboFix3.txt ... 2008-02-09 00:22 --- E O F --- Il m'a demandé de"Submit malware"!

ep44 · Answer

maintenant tu vas travailler en mode sans échec 
copie ceci 



File::

C:\WINDOWS\system32\yceeg.ini2
C:\WINDOWS\system32\geecy.dll
C:\WINDOWS\system32\kecdpdwy.dll
C:\WINDOWS\system32\pkhxnpmx.dll
C:\WINDOWS\system32\WinUpdating.exe

Folder::

C:\Program Files
tsecurity

Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{577FAF42-7235-4C81-A853-DCAAD75E3175}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5e0439d-c12a-4874-a472-83870dbf1a1a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"384ff639"=-

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

ensuite va en mode sans echec 

* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.tx


@+

Dangmart · Answer

ComboFix 07-08-09.3 - "Gusanodx" 2008-02-11 23:01:14.13 - NTFSx86 MINIMAL Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.781 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt FILE:: C:\WINDOWS\system32\yceeg.ini2 C:\WINDOWS\system32\geecy.dll C:\WINDOWS\system32\kecdpdwy.dll C:\WINDOWS\system32\pkhxnpmx.dll C:\WINDOWS\system32\WinUpdating.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files tsecurity C:\WINDOWS\system32\WinUpdating.exe C:\WINDOWS\system32\yceeg.ini2 ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) 2008-02-10 19:32 d-------- C:\Program Files\Avira 2008-02-10 19:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira 2008-02-10 18:22 112,992 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys 2008-02-10 18:22 d-------- C:\Program Files\KeyScrambler 2008-02-10 18:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files 2008-02-10 05:16 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-05 19:11 13,684,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-05 18:43 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-05 18:40 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-05 18:38 d-------- C:\WINDOWS\Internet Logs 2008-02-03 00:31 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss 2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 00:09 d-------- C:\WINDOWS\BDOSCAN8 2008-01-29 04:34 51,200 --a------ C:\WINDOWS ircmd.exe 2008-01-28 23:59 d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc 2008-01-28 21:45 d-------- C:\VundoFix Backups 2008-01-27 18:56 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-27 18:33 d-------- C:\Program Files\VideoLAN 2008-01-22 21:33 d-------- C:\Program Files\Trend Micro 2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-19 13:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2008-01-19 00:12 d-------- C:\Program Files\Messenger Plus! Live 2008-01-16 22:13 d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter 2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll 2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe 2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe 2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe 2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-01-16 16:49 d-------- C:\Program Files\SAGEM 2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys 2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2008-01-11 23:52 d-------- C:\Program Files\Navilog1 2008-01-11 22:52 d-------- C:\Program Files\CCleaner (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-02-11 22:57 162488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-11 22:16 --------- d-------- C:\Program Files\ods 2008-02-10 23:58 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus 2008-02-07 09:03 --------- d-------- C:\Program Files\eMule 2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype 2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim 2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II 2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder 2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3 2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2008-01-09 15:01 53248 --a------ C:\WINDOWS\bdoscandel.exe 2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus 2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat 2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP 2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard 2007-12-20 18:48 --------- d-------- C:\Program Files\Google 2007-12-20 14:58 --------- d-------- C:\Program Files\HP 2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools 2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA 2007-12-18 16:38 --------- d-------- C:\Program Files\SAA 2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6 2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV 2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38] "CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-10 19:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Polar Sync"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13] SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888] R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS S1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys S2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys S3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3b7b0-969c-11db-b62a-0090f50d29f9}] AutoRun\command- I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}] AutoRun\command- J:\RunGame.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 23:06:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-02-11 23:08:53 C:\ComboFix-quarantined-files.txt ... 2008-02-11 23:07 C:\ComboFix2.txt ... 2008-02-11 21:55 C:\ComboFix3.txt ... 2008-02-09 21:13 --- E O F --- Voilà et merci ep44

ep44 · Answer

Bonsoir dangmart,
on va faire un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite dit moi si tu as encore des soucis 

@+

Dangmart · Answer

BitDefender Online Scanner
	

 
	

 

Scan report generated at: Wed, Feb 13, 2008 - 01:31:12

 
	

 
	

 

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

02:29:58

Files
	

265033

Folders
	

9823

Boot Sectors
	

2

Archives
	

2022

Packed Files
	

12667
	

 
	

 

Results

Identified Viruses
	

8

Infected Files
	

120

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

120
	

 
	

 

Engines Info

Virus Definitions
	

980547

Engine build
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
	

16

Archive plugins
	

41

Unpack plugins
	

7

E-mail plugins
	

6

System plugins
	

5
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe=>(RAR Sfx o)
	

Infected with: Trojan.Bat.Sdel.B

C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe=>(RAR Sfx o)
	

Deleted

C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe
	

Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\awtturo.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\awtturo.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\awtturo.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bhpqpesn.dll.vir
	

Infected with: Trojan.Vundo.DYI

C:\QooBox\Quarantine\C\WINDOWS\system32\bhpqpesn.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bjsvrhfw.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\bjsvrhfw.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bjsvrhfw.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxyvus.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxyvus.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxyvus.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\dkirlblq.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\dkirlblq.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\dkirlblq.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\efcayaw.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\efcayaw.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\efcayaw.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\efcbccd.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\efcbccd.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\efcbccd.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\efcccab.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\efcccab.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\efcccab.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\fbrrscgj.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\fbrrscgj.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\fbrrscgj.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\gebywuu.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\gebywuu.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\gebywuu.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\gtnhimnf.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\gtnhimnf.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\gtnhimnf.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghggg.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghggg.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghggg.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghhgd.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghhgd.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghhgd.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\hygtcdrd.dll.vir
	

Infected with: Trojan.Vundo.DYM

C:\QooBox\Quarantine\C\WINDOWS\system32\hygtcdrd.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\hygtcdrd.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jcjiauub.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\jcjiauub.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\jcjiauub.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkljhi.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkljhi.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkljhi.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkllih.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkllih.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkllih.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\khfghff.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\khfghff.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\khfghff.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\lcffshdl.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\lcffshdl.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\lcffshdl.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\mljgedc.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\mljgedc.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\mljgedc.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\mljkkli.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\mljkkli.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\mljkkli.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ocywekqt.dll.vir
	

Infected with: Trojan.Vundo.DXU

C:\QooBox\Quarantine\C\WINDOWS\system32\ocywekqt.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ocywekqt.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnmnl.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnmnl.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnmnl.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\qomjifc.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\qomjifc.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\qomjifc.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32qrrrsr.dll.vir.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32qrrrsr.dll.vir.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32qrrrsr.dll.vir.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32qrrsqn.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32qrrsqn.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32qrrsqn.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32	uxtbwtt.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32	uxtbwtt.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32	uxtbwtt.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\urqqpol.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\urqqpol.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\urqqpol.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir
	

Infected with: Generic.Malware.SN!V!Wkg.4812CA8F

C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xuivolyp.dll.vir
	

Infected with: Trojan.Vundo.DYI

C:\QooBox\Quarantine\C\WINDOWS\system32\xuivolyp.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaaax.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaaax.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaaax.dll.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyawt.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyawt.dll.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyawt.dll.vir
	

Deleted

C:\QooBox\Quarantine\catchme2008-02-09_204608.90.zip=>cbxuust.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\catchme2008-02-09_204608.90.zip=>cbxuust.dll
	

Disinfection failed

C:\QooBox\Quarantine\catchme2008-02-09_204608.90.zip=>cbxuust.dll
	

Deleted

C:\QooBox\Quarantine\catchme2008-02-09_204608.90.zip
	

Updated

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP1\A0000039.exe
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP1\A0000039.exe
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP1\A0000039.exe
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP1\A0000040.exe
	

Infected with: Generic.Malware.SN!V!Wkg.4812CA8F

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP1\A0000040.exe
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP1\A0000040.exe
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP2\A0000108.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP2\A0000108.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP2\A0000108.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP2\A0000112.exe
	

Infected with: Generic.Malware.SN!V!Wkg.4812CA8F

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP2\A0000112.exe
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP2\A0000112.exe
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP4\A0000616.dll
	

Infected with: Trojan.Vundo.DYI

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP4\A0000616.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP4\A0000865.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP4\A0000865.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP4\A0000865.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP5\A0000949.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP5\A0000949.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP5\A0000949.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP5\A0000950.dll
	

Infected with: Trojan.Vundo.DYI

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP5\A0000950.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001281.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001281.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001281.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001282.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001282.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001282.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001284.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001284.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001284.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001285.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001285.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001285.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001286.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001286.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001286.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001287.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001287.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001287.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001288.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001288.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001288.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001289.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001289.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001289.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001290.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001290.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001290.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001291.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001291.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001291.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001292.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001292.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001292.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001293.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001293.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001293.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001294.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001294.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001294.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001295.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001295.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001295.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001296.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001296.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001296.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001297.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001297.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001297.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001298.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001298.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001298.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001306.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001306.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001306.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001454.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001454.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001454.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001455.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001455.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001455.dll
	

Deleted

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001462.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001462.dll
	

Disinfection failed

C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP6\A0001462.dll
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awtturo.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awtturo.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awtturo.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/bhpqpesn.dll.vir
	

Infected with: Trojan.Vundo.DYI

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/bhpqpesn.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/bjsvrhfw.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/bjsvrhfw.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/bjsvrhfw.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/byxxywu.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/byxxywu.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/byxxywu.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/cbxyvus.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/cbxyvus.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/cbxyvus.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dkirlblq.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dkirlblq.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dkirlblq.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcayaw.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcayaw.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcayaw.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcbccd.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcbccd.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcbccd.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcccab.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcccab.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/efcccab.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/fbrrscgj.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/fbrrscgj.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/fbrrscgj.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/gebywuu.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/gebywuu.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/gebywuu.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/gtnhimnf.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/gtnhimnf.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/gtnhimnf.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hgghggg.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hgghggg.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hgghggg.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hgghhgd.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hgghhgd.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hgghhgd.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hygtcdrd.dll.vir
	

Infected with: Trojan.Vundo.DYM

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/hygtcdrd.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jcjiauub.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jcjiauub.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jcjiauub.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jkkljhi.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jkkljhi.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jkkljhi.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jkkllih.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jkkllih.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/jkkllih.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/khfghff.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/khfghff.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/khfghff.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/lcffshdl.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/lcffshdl.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/lcffshdl.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/mljgedc.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/mljgedc.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/mljgedc.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/mljkkli.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/mljkkli.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/mljkkli.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ocywekqt.dll.vir
	

Infected with: Trojan.Vundo.DXU

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ocywekqt.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/opnnmnl.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/opnnmnl.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/opnnmnl.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qomjifc.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qomjifc.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qomjifc.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/rqrrrsr.dll.vir.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/rqrrrsr.dll.vir.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/rqrrrsr.dll.vir.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/rqrrsqn.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/rqrrsqn.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/rqrrsqn.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/tuxtbwtt.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/tuxtbwtt.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/tuxtbwtt.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/urqqpol.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/urqqpol.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/urqqpol.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/WinSpooler.exe.vir
	

Infected with: Generic.Malware.SN!V!Wkg.4812CA8F

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/WinSpooler.exe.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/WinSpooler.exe.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xuivolyp.dll.vir
	

Infected with: Trojan.Vundo.DYI

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xuivolyp.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xxyaaax.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xxyaaax.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xxyaaax.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xxyyawt.dll.vir
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xxyyawt.dll.vir
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/xxyyawt.dll.vir
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-01-31_224741.68.zip=>sstqr.dll
	

Infected with: Trojan.Vundo.DYN

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-01-31_224741.68.zip=>sstqr.dll
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-01-31_224741.68.zip
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-06_ 20619.10.zip=>urqpp.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-06_ 20619.10.zip=>urqpp.dll
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-06_ 20619.10.zip=>urqpp.dll
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-06_ 20619.10.zip
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-07_210558.22.zip=>pmnmnop.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-07_210558.22.zip=>pmnmnop.dll
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-07_210558.22.zip=>pmnmnop.dll
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-07_210558.22.zip
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-09_204608.90.zip=>cbxuust.dll
	

Infected with: Trojan.Vundo.Gen.2

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-09_204608.90.zip=>cbxuust.dll
	

Disinfection failed

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-09_204608.90.zip=>cbxuust.dll
	

Deleted

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-09_204608.90.zip
	

Updated

C:\upload_moi_GANDALF.tar.gz=>upload_moi.tar
	

Updated

C:\upload_moi_GANDALF.tar.gz
	

Updated

C:\VundoFix Backups\byxywtt.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\byxywtt.dll.bad
	

Disinfection failed

C:\VundoFix Backups\byxywtt.dll.bad
	

Deleted

C:\VundoFix Backups\fccayvv.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\fccayvv.dll.bad
	

Disinfection failed

C:\VundoFix Backups\fccayvv.dll.bad
	

Deleted

C:\VundoFix Backups\flcqovyx.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\flcqovyx.dll.bad
	

Disinfection failed

C:\VundoFix Backups\flcqovyx.dll.bad
	

Deleted

C:\VundoFix Backups\gbsaqfib.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\gbsaqfib.dll.bad
	

Disinfection failed

C:\VundoFix Backups\gbsaqfib.dll.bad
	

Deleted

C:\VundoFix Backups\geecy.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\geecy.dll.bad
	

Disinfection failed

C:\VundoFix Backups\geecy.dll.bad
	

Deleted

C:\VundoFix Backups\iifgeeb.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\iifgeeb.dll.bad
	

Disinfection failed

C:\VundoFix Backups\iifgeeb.dll.bad
	

Deleted

C:\VundoFix Backups\jkkhe.dll.bad
	

Infected with: Trojan.Vundo.DYH

C:\VundoFix Backups\jkkhe.dll.bad
	

Disinfection failed

C:\VundoFix Backups\jkkhe.dll.bad
	

Deleted

C:\VundoFix Backups\kecdpdwy.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\kecdpdwy.dll.bad
	

Disinfection failed

C:\VundoFix Backups\kecdpdwy.dll.bad
	

Deleted

C:\VundoFix Backups\ljjjife.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\ljjjife.dll.bad
	

Disinfection failed

C:\VundoFix Backups\ljjjife.dll.bad
	

Deleted

C:\VundoFix Backups\ljjklif.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\ljjklif.dll.bad
	

Disinfection failed

C:\VundoFix Backups\ljjklif.dll.bad
	

Deleted

C:\VundoFix Backups\opnmlli.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\opnmlli.dll.bad
	

Disinfection failed

C:\VundoFix Backups\opnmlli.dll.bad
	

Deleted

C:\VundoFix Backups\pkhxnpmx.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\pkhxnpmx.dll.bad
	

Disinfection failed

C:\VundoFix Backups\pkhxnpmx.dll.bad
	

Deleted

C:\VundoFix Backups\qiproebw.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\qiproebw.dll.bad
	

Disinfection failed

C:\VundoFix Backups\qiproebw.dll.bad
	

Deleted

C:\VundoFix Backups\qommmjh.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\qommmjh.dll.bad
	

Disinfection failed

C:\VundoFix Backups\qommmjh.dll.bad
	

Deleted

C:\VundoFix Backups\ssqnmli.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\ssqnmli.dll.bad
	

Disinfection failed

C:\VundoFix Backups\ssqnmli.dll.bad
	

Deleted

C:\VundoFix Backups	edghfgl.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups	edghfgl.dll.bad
	

Disinfection failed

C:\VundoFix Backups	edghfgl.dll.bad
	

Deleted

C:\VundoFix Backups\urqqpol.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\urqqpol.dll.bad
	

Disinfection failed

C:\VundoFix Backups\urqqpol.dll.bad
	

Deleted

C:\VundoFix Backups\vturrrr.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\vturrrr.dll.bad
	

Disinfection failed

C:\VundoFix Backups\vturrrr.dll.bad
	

Deleted

C:\VundoFix Backups\xxyayxy.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\xxyayxy.dll.bad
	

Disinfection failed

C:\VundoFix Backups\xxyayxy.dll.bad
	

Deleted

C:\VundoFix Backups\yabxw.dll.bad
	

Infected with: Trojan.Vundo.Gen.2

C:\VundoFix Backups\yabxw.dll.bad
	

Disinfection failed

C:\VundoFix Backups\yabxw.dll.bad
	

Deleted



Apparement , il a bien détecté un vundo de 2 génération!!
Merci!

ep44 · Answer

Bonsoir,
Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier



ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite

comme tu as pu le voir le peer to peer est fortement déconseillé pour ton pc et forcément  les cracks !
évite surtout ce genre de utilisation 
regarde ce lien prend le temps de le lirehttps://forum.malekal.com/viewtopic.php?f=33&t=893
tu ne trouveras pas toujours des personnes pour te donner un coup de main pour désinfecter ton pc
il à fallu ce mettre à plusieurs pour pouvoir te dépanner 
les autres personnes ne sont pas intervenu sur ton sujet pour ne pas le rendre plus difficile 
mais croit moi il à fallu beaucoup d'énergie pour en arriver au bout 
donc stp plus de crack et p2p


petit rappel 

 la législation française
 
«Les sanctions applicables pour téléchargement illégal sont toujours aussi élevées: trois ans de prison et 300.000 euros d'amende.»
>Source de l'information<
 
Même si le pirate du dimanche a peu de chance de se retrouver trois ans en prison parce qu’il a téléchargé le dernier film de louis de Funès,  
quelques internautes se sont trouvés condamnés. Ainsi, Olivier D. sera condamné à 2.000 euros d’amende,
à la confiscation de son matériel et à la publication de la sentence dans un journal régional.
 
Autre conseils :

--Comportement a adopter http://assiste.com.free.fr/p/abc/a/safe_cex.html

--Essaye le navigateur Firefox plus sur/securisé qu IE
Firefox n utilise pas le dangereux protocole ActiveX
-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/


Vérifie tes mises a jours des différents softs régulièrement ici https://www.flexera.com/products/operations/software-vulnerability-management.html
Tuto https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
Java est a mettre a jour entre autre, puis désinstalle les anciennes versions de java via panneau de config / ajouts et suppression de programme.


Logiciels intéressants a avoir

=>CCleaner
https://www.clubic.com/telecharger-fiche14492-ccleaner.html
tuto:
https://forums.cnetfrance.fr

=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
démo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )

https://www.safer-networking.org/download/

démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm

=> a² free (anti-trojans) (scan passif )

- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm

=> ZebProtect (application ne nécessitant pas d installation)

https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html


pour finir je reprends une phrase de malekal_morte

Quand vous aurez compris que les cracks, c'est de la merde, vous aurez fait un grand pas dans la sécurité
@+

Dangmart · Answer

Un grand MERCIi à tous, pour cette aide!!

Que fais-je des fichiers suivant qui sont resté?:

-VundoFix Backups
QooBox
ComboFix.txt
ComboFix-quarantined-files.txt
msvci70.dll
rapport_clean.txt
sqmdata00.sqm
sqmdata01.sqmu
load_moi_GANDALF.tar.gz
vundofix.txt

Au fait, qu'avait mon ordinateur? Il avait un trojan? Vundo? Nouvelle génération de Vundo?

@+

ep44 · Answer

supprime toute trace de ta désinfection 
ensuite faire la manip 
=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite 

ton pc avait surtout du vundo et surement plein d'autre choses 
mais il faudrait tout relire 
pas le courage ;-)
fait attention dans le futur ;-)


@+

Dangmart · Answer

Ok très bien,
mon antivirus vient de m'ouvrir une fenetre avec une dll!! J'e l'ai mis en quarantaine!
Encore un grand merci!

ep44 · Answer

quel DLL?

Dangmart · Answer

vghavlra.dll

ep44 · Answer

as tu bien coché comme demandé la restauration du systéme et as tu supprimé tout les logiciels utilisés ensemble ainsi que toutes les traces de documents ?

Dangmart · Answer

Je n'avais pas tout supprimé car j'attendais ta réponse mais maintenant je l'ai fait.
Je vais faire un scan avec bitdefender en ligne.

ep44 · Answer

as tu fais t la manip avec la restauration ?

Dangmart · Answer

Oui j'ai fais la manip de la restauration 2 faois ; pour l'instant tout va bien après avoir tout effacé!

Dangmart · Answer

Je suis entrain de faire le scan avec BitDef en ligne! Je croise les doigts! LOl.

J'ai commencé aussi à tout lire (cf le post plus haut), j'ai fait des mise à jour mais j'ai l'impression que certaines sont redondantes. Les flash et les java.

Dangmart · Answer

Après le scan, Bitdef n'a rien detecté!!
Super et encore merci à Ep44 et à tous ceux qui m'ont aidé.
Je retiens la leçon!!!!

ep44 · Answer

content de le lire ;-)

Dangmart · Answer

Après 9 jours, c'est nikel!!
Merci à Ep44 et les autres!!!!

ep44 · Answer

Bonjour Dangmart,

content pour toi ;-)

Ouverture de fenêtre intenpestive!!

116 réponses

Discussions similaires