Ouverture de fenêtre intenpestive!!

Résolu
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention   -  
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,

Ayant lu les autre posts j'ai téléchargé Navilog1
Et voici le rapport, merci de votre aide :
Search Navipromo version 3.4.0 commencé le 11/01/2008 à 23:56:04,46

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Gusanodx\application data" ***

...\MessengerSkinner trouvé !


*** Recherche dossiers dans "C:\Documents and Settings\Gusanodx\MENUDM~1\PROGRA~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.dat
C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg.exe
C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_nav.dat
C:\Documents and Settings\Gusanodx\Local Settings\Application Data\paajsbenwg_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Gusanodx\local settings\application data" *

Fichiers trouvés :

paajsbenwg.exe trouvé !



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Gusanodx\local settings\application data" :

paajsbenwg.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :



*** Analyse terminée le 12/01/2008 à 0:15:12,77 ***

Merci pour votre réponse
A voir également:

116 réponses

Précédent
Réponse 61 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Sat, Feb 02, 2008 - 20:35:27</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">02:07:42</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">250139</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">9783</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1771</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">12329</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">10</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">10</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">978731</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">41</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe=>(RAR Sfx o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Bat.Sdel.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe=>(RAR Sfx o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Gusanodx\Bureau\ComboFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097412.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: DeepScan:Generic.Malware.SI!Bdldg.90D0490D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097412.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097412.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097440.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXQ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097440.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097448.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXQ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097448.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097454.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097454.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097508.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXO</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{37896FD0-7BB9-49F2-8814-F6DABC9C6853}\RP429\A0097508.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\gebca.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXO</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\gebca.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\iisnojkk.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\iisnojkk.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\opnllmn.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXQ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\opnllmn.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\xxyayxv.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.DXQ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\VundoFix Backups\xxyayxv.dll.bad</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>
0
Réponse 62 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
C'est pas très lisible!!
0
Réponse 63 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
C'est bon refais hijack stp
0
Réponse 64 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:55, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\Scanneur.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SAGEM Wi-Fi 11g Cardbus adapter.lnk = C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{192BFB49-9AB7-44BE-BAF6-3874CBACAD65}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B834EE-BCC3-41E4-99CF-7A5441346EA9}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
est-ce que ceci te dit quelques chose?
0
Réponse 66 / 116
Dangmart
 
Ceci quoi?
J'ai l'impression qu'il est revenu!

Mon ordi au démarrage à ralenti de nouveau, et il me dit qu'il y a pas de disque.
Que fais je?
Merci
0
Réponse 67 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonjour excuse moi ceci
geca.cf.minaz.cu

si non relance hijack et coche ceci
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geca.cf.minaz.cu
ensuite clic sur fix checked

regarde aussi ce lien et essaye de suivre les étapes
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier



ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite
@+
0
Réponse 68 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà j'ai tout fait mais en redémarrant Nod a détecté Virtumonde!! Il l'a mis en quarantaine!
Que se passe t'il? est ce version nouvelle de virtumonde ?
Ou dois je tout refaire?

Merci
0
Réponse 69 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
* Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* double-clic sur VirtumundoBeGone.exe
* Suis les instructions à l'écran
* Quand le scan est terminé, enregistre le rapport.
* Copie/Colle le ici
@+
0
Réponse 70 / 116
Dangmart
 
[02/04/2008, 18:28:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gusanodx\Bureau\VirtumundoBeGone.exe" )
[02/04/2008, 18:28:47] - Detected System Information:
[02/04/2008, 18:28:47] - Windows Version: 5.1.2600, Service Pack 2
[02/04/2008, 18:28:47] - Current Username: Gusanodx (Admin)
[02/04/2008, 18:28:47] - Windows is in NORMAL mode.
[02/04/2008, 18:28:48] - Searching for Browser Helper Objects:
[02/04/2008, 18:28:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/04/2008, 18:28:48] - BHO 2: {20E3F852-9F8D-4DB9-8075-364F4929843B} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] - Checking for HKLM\...\Winlogon\Notify\urqpp
[02/04/2008, 18:28:48] - Key not found: HKLM\...\Winlogon\Notify\urqpp, continuing.
[02/04/2008, 18:28:48] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/04/2008, 18:28:48] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/04/2008, 18:28:48] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/04/2008, 18:28:48] - BHO 6: {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] - Checking for HKLM\...\Winlogon\Notify\rqrrrsr
[02/04/2008, 18:28:48] - Found: HKLM\...\Winlogon\Notify\rqrrrsr - This is probably Virtumundo.
[02/04/2008, 18:28:48] - Assigning {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6} MSEvents Object
[02/04/2008, 18:28:48] - BHO list has been changed! Starting over...
[02/04/2008, 18:28:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/04/2008, 18:28:48] - BHO 2: {20E3F852-9F8D-4DB9-8075-364F4929843B} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] - Checking for HKLM\...\Winlogon\Notify\urqpp
[02/04/2008, 18:28:48] - Key not found: HKLM\...\Winlogon\Notify\urqpp, continuing.
[02/04/2008, 18:28:48] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/04/2008, 18:28:48] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/04/2008, 18:28:48] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/04/2008, 18:28:48] - BHO 6: {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6} (MSEvents Object)
[02/04/2008, 18:28:48] - ALERT: Found MSEvents Object!
[02/04/2008, 18:28:48] - BHO 7: {f66b36a0-d308-4397-9126-dcb6ad2f5220} ()
[02/04/2008, 18:28:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:28:48] - Checking for HKLM\...\Winlogon\Notify\ocywekqt
[02/04/2008, 18:28:48] - Key not found: HKLM\...\Winlogon\Notify\ocywekqt, continuing.
[02/04/2008, 18:28:48] - Finished Searching Browser Helper Objects
[02/04/2008, 18:28:48] - *** Detected MSEvents Object
[02/04/2008, 18:28:48] - Trying to remove MSEvents Object...
[02/04/2008, 18:28:49] - Terminating Process: IEXPLORE.EXE
[02/04/2008, 18:28:50] - Terminating Process: RUNDLL32.EXE
[02/04/2008, 18:28:51] - Disabling Automatic Shell Restart
[02/04/2008, 18:28:51] - Terminating Process: EXPLORER.EXE
[02/04/2008, 18:28:52] - Suspending the NT Session Manager System Service
[02/04/2008, 18:28:53] - Terminating Windows NT Logon/Logoff Manager
[02/04/2008, 18:28:54] - Re-enabling Automatic Shell Restart
[02/04/2008, 18:28:54] - File to disable: C:\WINDOWS\system32\rqrrrsr.dll
[02/04/2008, 18:28:54] - Renaming C:\WINDOWS\system32\rqrrrsr.dll -> C:\WINDOWS\system32\rqrrrsr.dll.vir
[02/04/2008, 18:29:08] - File successfully renamed!
[02/04/2008, 18:29:08] - Removing HKLM\...\Browser Helper Objects\{A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}
[02/04/2008, 18:29:08] - Removing HKCR\CLSID\{A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}
[02/04/2008, 18:29:08] - Adding Kill Bit for ActiveX for GUID: {A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}
[02/04/2008, 18:29:08] - Deleting ATLEvents/MSEvents Registry entries
[02/04/2008, 18:29:08] - Removing HKLM\...\Winlogon\Notify\rqrrrsr
[02/04/2008, 18:29:08] - Searching for Browser Helper Objects:
[02/04/2008, 18:29:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/04/2008, 18:29:08] - BHO 2: {20E3F852-9F8D-4DB9-8075-364F4929843B} ()
[02/04/2008, 18:29:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:29:08] - Checking for HKLM\...\Winlogon\Notify\urqpp
[02/04/2008, 18:29:08] - Key not found: HKLM\...\Winlogon\Notify\urqpp, continuing.
[02/04/2008, 18:29:08] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/04/2008, 18:29:08] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/04/2008, 18:29:08] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/04/2008, 18:29:08] - BHO 6: {f66b36a0-d308-4397-9126-dcb6ad2f5220} ()
[02/04/2008, 18:29:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/04/2008, 18:29:08] - Checking for HKLM\...\Winlogon\Notify\ocywekqt
[02/04/2008, 18:29:08] - Key not found: HKLM\...\Winlogon\Notify\ocywekqt, continuing.
[02/04/2008, 18:29:08] - Finished Searching Browser Helper Objects
[02/04/2008, 18:29:08] - Finishing up...
[02/04/2008, 18:29:08] - A restart is needed.
[02/04/2008, 18:33:12] - Attempting to Restart via STOP error (Blue Screen!)

Voilà j'espère que c'est bon! parce ça a rebooté tout de suite!
0
Réponse 71 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
pour vérif refais combofix stp
@+
0
Réponse 72 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 07-08-09.3 - "Gusanodx" 2008-02-05 15:10:21.7 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.373 [GMT 1:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Gusanodx\APPLIC~1\addon.dat


((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))


2008-02-04 19:45 88,128 --a------ C:\WINDOWS\system32\lcoaffui.dll
2008-02-04 19:43 93,248 --a------ C:\WINDOWS\system32\fbrrscgj.dll
2008-02-04 18:24 41,984 --a------ C:\WINDOWS\system32\xxyyawt.dll
2008-02-04 17:49 41,984 --a------ C:\WINDOWS\system32\mljgedc.dll
2008-02-04 01:09 88,640 --------- C:\WINDOWS\system32\udbgoaxk.dll
2008-02-04 01:06 92,736 --a------ C:\WINDOWS\system32\ocywekqt.dll
2008-02-04 01:03 372,073 --ahs---- C:\WINDOWS\system32\ppqru.ini2
2008-02-04 01:03 343,040 --a------ C:\WINDOWS\system32\urqpp.dll
2008-02-04 00:59 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-04 00:59 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe
2008-02-04 00:57 41,984 --a------ C:\WINDOWS\system32\cbxyvus.dll
2008-02-04 00:56 41,984 --a------ C:\WINDOWS\system32\rqrrrsr.dll.vir
2008-02-03 00:31 <REP> d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss
2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 00:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-29 04:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-01-28 23:59 <REP> d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc
2008-01-28 21:45 <REP> d-------- C:\VundoFix Backups
2008-01-28 11:33 <REP> d--h----- C:\Program Files\ntsecurity
2008-01-27 18:56 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-27 18:33 <REP> d-------- C:\Program Files\VideoLAN
2008-01-24 10:21 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-22 21:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-19 13:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2008-01-19 00:12 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-16 22:13 <REP> d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter
2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll
2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe
2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin
2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll
2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe
2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe
2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys
2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe
2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-01-16 16:49 <REP> d-------- C:\Program Files\SAGEM
2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-01-11 23:52 <REP> d-------- C:\Program Files\Navilog1
2008-01-11 22:52 <REP> d-------- C:\Program Files\CCleaner
2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-02-05 15:21 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype
2008-02-05 12:29 --------- d-------- C:\Program Files\eMule
2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim
2008-02-04 00:56 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe
2008-02-02 16:51 --------- d-------- C:\Program Files\ods
2008-02-02 10:28 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus
2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II
2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder
2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3
2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus
2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat
2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP
2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard
2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 18:48 --------- d-------- C:\Program Files\Google
2007-12-20 14:58 --------- d-------- C:\Program Files\HP
2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools
2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA
2007-12-18 16:38 --------- d-------- C:\Program Files\SAA
2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6
2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV
2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works
2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild
2007-12-05 18:30 --------- d-------- C:\Program Files\IVT Corporation
2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll
2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6257a84b-6690-475e-b020-c2516b70c94a}]
2008-02-04 19:43 93248 --a------ C:\WINDOWS\system32\fbrrscgj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6646DFB3-3CCC-4C15-8AB7-56E77282F081}]
2008-02-04 01:03 343040 --a------ C:\WINDOWS\system32\urqpp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38]
"CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"384ff639"="C:\WINDOWS\system32\lcoaffui.dll" [2008-02-04 19:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Polar Sync"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13]
SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdating"=WinUpdating.exe
"Windows Printing Driver"=WinSpooler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqpp

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}]
AutoRun\command- J:\RunGame.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
C:\Program Files\ntsecurity\ntsecurity.exe s

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 15:25:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000056a

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-02-05 15:32:20
C:\ComboFix-quarantined-files.txt ... 2008-02-05 15:31
C:\ComboFix2.txt ... 2008-01-31 22:52
C:\ComboFix3.txt ... 2008-01-31 14:58

--- E O F ---

Voilà Docteur!!LOL
Est-ce grave!
0
Réponse 73 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonsoir

décidément très coriace :-(

sélectionne ceci

Registry::


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6257a84b-6690-475e-b020-c2516b70c94a}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6646DFB3-3CCC-4C15-8AB7-56E77282F081}]



File::

C:\WINDOWS\system32\lcoaffui.dll
C:\WINDOWS\system32\fbrrscgj.dll
C:\WINDOWS\system32\xxyyawt.dll
C:\WINDOWS\system32\mljgedc.dll
C:\WINDOWS\system32\udbgoaxk.dll
C:\WINDOWS\system32\ocywekqt.dll
C:\WINDOWS\system32\ppqru.ini2
C:\WINDOWS\system32\urqpp.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\cbxyvus.dll
C:\WINDOWS\system32\rqrrrsr.dll.vir
C:\WINDOWS\system32\rar.exe



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 74 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 07-08-09.3 - "Gusanodx" 2008-02-06 1:19:24.8 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.446 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\lcoaffui.dll
C:\WINDOWS\system32\fbrrscgj.dll
C:\WINDOWS\system32\xxyyawt.dll
C:\WINDOWS\system32\mljgedc.dll
C:\WINDOWS\system32\udbgoaxk.dll
C:\WINDOWS\system32\ocywekqt.dll
C:\WINDOWS\system32\ppqru.ini2
C:\WINDOWS\system32\urqpp.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\cbxyvus.dll
C:\WINDOWS\system32\rqrrrsr.dll.vir
C:\WINDOWS\system32\rar.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cbxyvus.dll
C:\WINDOWS\system32\fbrrscgj.dll
C:\WINDOWS\system32\lcoaffui.dll
C:\WINDOWS\system32\mljgedc.dll
C:\WINDOWS\system32\ocywekqt.dll
C:\WINDOWS\system32\ppqru.ini2
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\rqrrrsr.dll.vir
C:\WINDOWS\system32\urqpp.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\xxyyawt.dll


((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))


2008-02-05 21:51 39,424 --a------ C:\WINDOWS\system32\byxxywu.dll
2008-02-05 20:31 90,688 --a------ C:\WINDOWS\system32\hygtcdrd.dll
2008-02-05 20:28 94,272 --a------ C:\WINDOWS\system32\bhpqpesn.dll
2008-02-05 19:43 39,424 --a------ C:\WINDOWS\system32\jkkljhi.dll
2008-02-05 19:11 276,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 18:56 39,424 --a------ C:\WINDOWS\system32\hgghhgd.dll
2008-02-05 18:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-05 18:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-05 18:38 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-05 17:05 39,424 --a------ C:\WINDOWS\system32\pmnmnop.dll
2008-02-03 00:31 <REP> d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss
2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 00:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-29 04:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-01-28 23:59 <REP> d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc
2008-01-28 21:45 <REP> d-------- C:\VundoFix Backups
2008-01-28 11:33 <REP> d--h----- C:\Program Files\ntsecurity
2008-01-27 18:56 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-27 18:33 <REP> d-------- C:\Program Files\VideoLAN
2008-01-24 10:21 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-22 21:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-19 13:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2008-01-19 00:12 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-16 22:13 <REP> d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter
2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll
2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe
2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin
2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll
2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe
2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe
2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys
2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe
2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-01-16 16:49 <REP> d-------- C:\Program Files\SAGEM
2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-01-11 23:52 <REP> d-------- C:\Program Files\Navilog1
2008-01-11 22:52 <REP> d-------- C:\Program Files\CCleaner
2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-02-06 02:00 4244 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype
2008-02-05 12:29 --------- d-------- C:\Program Files\eMule
2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim
2008-02-04 00:56 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe
2008-02-02 16:51 --------- d-------- C:\Program Files\ods
2008-02-02 10:28 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus
2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II
2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder
2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3
2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus
2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat
2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP
2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard
2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 18:48 --------- d-------- C:\Program Files\Google
2007-12-20 14:58 --------- d-------- C:\Program Files\HP
2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools
2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA
2007-12-18 16:38 --------- d-------- C:\Program Files\SAA
2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6
2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV
2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works
2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild
2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll
2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a9a3128a-3777-4f02-81bc-d5503d8a6146}]
2008-02-05 20:29 94272 --a------ C:\WINDOWS\system32\bhpqpesn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5D55A23-DBA5-4055-A53D-550462125BDE}]
2008-02-05 17:05 39424 --a------ C:\WINDOWS\system32\pmnmnop.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38]
"CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Polar Sync"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13]
SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdating"=WinUpdating.exe
"Windows Printing Driver"=WinSpooler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888]
"{F5D55A23-DBA5-4055-A53D-550462125BDE}"= C:\WINDOWS\system32\pmnmnop.dll [2008-02-05 17:05 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmnop]
pmnmnop.dll 2008-02-05 17:05 39424 C:\WINDOWS\system32\pmnmnop.dll

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}]
AutoRun\command- J:\RunGame.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
C:\Program Files\ntsecurity\ntsecurity.exe s

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 02:07:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000223
"TracesSuccessful"=dword:00000062

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-02-06 2:37:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-02-06 02:36
C:\ComboFix2.txt ... 2008-02-05 15:32
C:\ComboFix3.txt ... 2008-01-31 22:52

--- E O F ---
Bonjour, est ce que le trojan revient car j'ai 2 disques dur externe, une clè USB, et un lecteur Mp3? Je ne les ai pas scaner!
0
Réponse 75 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonsoir

incroyable il revient
mais surement de ma faute j'ai oublié une ligne
désolé on recommence

selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a9a3128a-3777-4f02-81bc-d5503d8a6146}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5D55A23-DBA5-4055-A53D-550462125BDE}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmnop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F5D55A23-DBA5-4055-A53D-550462125BDE}"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



File::

C:\WINDOWS\system32\byxxywu.dll
C:\WINDOWS\system32\hygtcdrd.dll
C:\WINDOWS\system32\bhpqpesn.dll
C:\WINDOWS\system32\jkkljhi.dll
C:\WINDOWS\system32\hgghhgd.dl
C:\WINDOWS\system32\pmnmnop.dll



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 76 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 07-08-09.3 - "Gusanodx" 2008-02-07 20:39:48.9 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.390 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Gusanodx\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\byxxywu.dll
C:\WINDOWS\system32\hygtcdrd.dll
C:\WINDOWS\system32\bhpqpesn.dll
C:\WINDOWS\system32\jkkljhi.dll
C:\WINDOWS\system32\hgghhgd.dl
C:\WINDOWS\system32\pmnmnop.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bhpqpesn.dll
C:\WINDOWS\system32\byxxywu.dll
C:\WINDOWS\system32\hygtcdrd.dll
C:\WINDOWS\system32\jkkljhi.dll
C:\WINDOWS\system32\pmnmnop.dll


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))


2008-02-07 10:47 88,640 --a------ C:\WINDOWS\system32\ccqxcloe.dll
2008-02-07 10:45 92,224 --a------ C:\WINDOWS\system32\lcffshdl.dll
2008-02-06 10:44 94,272 --a------ C:\WINDOWS\system32\xuivolyp.dll
2008-02-06 10:43 394,335 --ahs---- C:\WINDOWS\system32\ehkkj.ini2
2008-02-06 10:42 263,168 --a------ C:\WINDOWS\system32\jkkhe.dll
2008-02-05 19:11 815,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 18:56 39,424 --a------ C:\WINDOWS\system32\hgghhgd.dll
2008-02-05 18:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-05 18:42 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-05 18:42 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-05 18:42 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-05 18:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-05 18:42 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-05 18:42 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-05 18:42 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-05 18:40 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-05 18:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-05 18:38 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-03 00:31 <REP> d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\dvdcss
2008-02-02 11:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 00:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-29 04:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-01-28 23:59 <REP> d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\vlc
2008-01-28 21:45 <REP> d-------- C:\VundoFix Backups
2008-01-28 11:33 <REP> d--h----- C:\Program Files\ntsecurity
2008-01-27 18:56 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-27 18:33 <REP> d-------- C:\Program Files\VideoLAN
2008-01-24 10:21 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-22 21:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 17:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-19 13:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2008-01-19 00:12 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-16 22:13 <REP> d-------- C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter
2008-01-16 16:50 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2008-01-16 16:50 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
2008-01-16 16:50 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll
2008-01-16 16:50 24,576 --a------ C:\WINDOWS\enddisk32.exe
2008-01-16 16:50 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin
2008-01-16 16:50 155,648 --a------ C:\WINDOWS\system32\AdADIx32.dll
2008-01-16 16:50 143,360 --a------ C:\WINDOWS\autoclk.exe
2008-01-16 16:50 143,360 --a------ C:\WINDOWS\adiras.exe
2008-01-16 16:50 117,289 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys
2008-01-16 16:50 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe
2008-01-16 16:50 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-01-16 16:49 <REP> d-------- C:\Program Files\SAGEM
2008-01-13 10:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-01-13 10:13 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-01-11 23:52 <REP> d-------- C:\Program Files\Navilog1
2008-01-11 22:52 <REP> d-------- C:\Program Files\CCleaner
2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-02-07 21:00 11648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 09:03 --------- d-------- C:\Program Files\eMule
2008-02-05 19:06 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Skype
2008-02-04 02:12 --------- d-------- C:\Program Files\SpeedSim
2008-02-04 00:56 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe
2008-02-02 16:51 --------- d-------- C:\Program Files\ods
2008-02-02 10:28 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\Azureus
2008-01-31 14:08 --------- d-------- C:\Program Files\Diablo II
2008-01-28 23:03 93674 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-01-28 23:03 529968 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-01-19 15:46 --------- d-------- C:\Program Files\MediaCoder
2008-01-16 22:13 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-01-16 22:09 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\U3
2008-01-16 16:50 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-27 23:20 --------- d-------- C:\Program Files\Azureus
2007-12-21 22:24 131348 --a------ C:\WINDOWS\hpoins11.dat
2007-12-21 21:02 --------- d-------- C:\Program Files\Fichiers communs\HP
2007-12-21 20:58 --------- d-------- C:\Program Files\Hewlett-Packard
2007-12-21 08:21 33800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 30216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 39944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 18:48 --------- d-------- C:\Program Files\Google
2007-12-20 14:58 --------- d-------- C:\Program Files\HP
2007-12-20 14:19 --------- d-------- C:\Program Files\DAEMON Tools
2007-12-18 20:10 --------- d-------- C:\DOCUME~1\Gusanodx\APPLIC~1\SAA
2007-12-18 16:38 --------- d-------- C:\Program Files\SAA
2007-12-18 15:08 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 21:40 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-12-17 21:13 --------- d-------- C:\Program Files\Project64 1.6
2007-12-12 19:20 --------- d-------- C:\Program Files\adslTV
2007-12-07 14:50 --------- d-------- C:\Program Files\Microsoft Works
2007-12-07 14:49 --------- d-------- C:\Program Files\MSBuild
2007-11-07 10:28 728576 --a--c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-07 10:28 728576 --a------ C:\WINDOWS\system32\lsasrv.dll
2003-02-28 12:32 11776 --a------ C:\WINDOWS\inf\SetScardINF_wxp.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c0e8b9b-c62c-4c3e-8b3a-c5a75deacb7a}]
2008-02-07 10:46 92224 --a------ C:\WINDOWS\system32\lcffshdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F2EA671-3DB0-4849-81C9-CBA6376AE75F}]
2008-02-06 10:43 263168 --a------ C:\WINDOWS\system32\jkkhe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-28 19:02 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38]
"CHotkey"="mHotkey.exe" [2001-07-27 16:07 C:\WINDOWS\mHotkey.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27]
"384ff639"="C:\WINDOWS\system32\ccqxcloe.dll" [2008-02-07 10:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 18:14]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Polar Sync"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Gusanodx\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 16:50:20]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-23 03:57:13]
SAGEM Wi-Fi 11g Cardbus adapter.lnk - C:\Program Files\SAGEM Wi-Fi 11g Cardbus adapter\Wificard.exe [2005-01-13 11:11:14]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 14:55:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdating"=WinUpdating.exe
"Windows Printing Driver"=WinSpooler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888]

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R0 sbp2port;Pilote de bus de transport/protocole SBP-2;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 WSearch;Recherche Windows;C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da6d19e5-ff33-11db-8dd3-0090f50d29f9}]
AutoRun\command- J:\RunGame.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
C:\Program Files\ntsecurity\ntsecurity.exe s

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 21:06:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-02-07 21:17:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-02-07 21:16
C:\ComboFix2.txt ... 2008-02-06 02:37
C:\ComboFix3.txt ... 2008-02-05 15:32

--- E O F ---
Merci, j'espere que c'est bon maintenant!!
@+
0
Réponse 77 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonsoir

bon je redemande de l'aide car je n'arrive pas à supprimer cette saloperie
patiente un stp
@+
0
Réponse 78 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonsoir Dangmart,

J'ai du mal à supprimer cette infections :-(
suite à des conseils de personnes très compétentes et très agréables
je te propose de suivre las manips suivantes

Relance Vundofix
=Ne clique pas sur "Scan for a vundo"
=Clique droit au milieu de la fenêtre
=Clique sur Add more files ?
=Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\jkkhe.dll
C:\WINDOWS\system32\ehkkj.*



=Clique sur Add files
=Ensuite clique sur Close Windows
=Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
=Si l'outil demande un redémarrage, accepte
=Poste le rapport Vundofix,


ensuite

selectionne ceci



registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c0e8b9b-c62c-4c3e-8b3a-c5a75deacb7a}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F2EA671-3DB0-4849-81C9-CBA6376AE75F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"384ff639"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdating"=-
"Windows Printing Driver"=-



File::

C:\WINDOWS\system32\ccqxcloe.dll
C:\WINDOWS\system32\lcffshdl.dll
C:\WINDOWS\system32\xuivolyp.dll
C:\WINDOWS\system32\ehkkj.ini2
C:\WINDOWS\system32\jkkhe.dll
C:\WINDOWS\system32\hgghhgd.dll

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 79 / 116
Dangmart Messages postés 72 Date d'inscription   Statut Membre Dernière intervention  
 
Je tiens particulièrement a te remercier ep44, ainsi que toutes les autres a qui, toi aussi tu demandes conseils!!

Beginning removal...

Performing Repairs to the registry.
Done!

J'ai du le faire 2 fois car au début soit ça n'a pas marché ou bien j'ai du faire une bétise!!DSL
0
Réponse 80 / 116
ep44 Messages postés 7393 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonsoir

essaye de refaire la manip regarde bien ce qui est marqué ;-)
@+
0

Discussions similaires

Verrouillage par fermeture de coque Samsung Galaxy
jicece33 -
Sylv -

6 réponses
Ouverture de session yahoo mail
Guendouz -
Gaston -

1 réponse
Samsung S22 Allumage écran à l ouverture clapet ?
broccoli -
Pierr10 -

3 réponses
Verrouiller écran lors de la fermeture du clapet
helyane -
HelpiOS -

13 réponses
ouvrir ma session yahoo.fr
doudou -
HelpiOS -

1 réponse