NON, pas de casino, NON pas de meet...
Résolu/Fermé
mememad
Messages postés
84
Date d'inscription
vendredi 10 juin 2005
Statut
Membre
Dernière intervention
28 août 2013
-
25 janv. 2008 à 17:58
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 26 janv. 2008 à 12:27
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 26 janv. 2008 à 12:27
A voir également:
- NON, pas de casino, NON pas de meet...
- Google meet pour pc - Télécharger - Messagerie
- Cresus casino avis ✓ - Forum Consommation & Internet
- Cresus casino à fuir - Forum Consommation & Internet
- Cresus casino compte bloqué ✓ - Forum Consommation & Internet
- Gametwist slots jeux de casino - Télécharger - Divers Jeux
11 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 18:02
25 janv. 2008 à 18:02
salut,
fais ceci :
Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre
PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
et
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
et
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
fais ceci :
Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre
PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
et
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
et
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
mememad
Messages postés
84
Date d'inscription
vendredi 10 juin 2005
Statut
Membre
Dernière intervention
28 août 2013
25 janv. 2008 à 18:07
25 janv. 2008 à 18:07
Merci, j'imprime ta réponse et je m'y colle...
A tout de suite...
A tout de suite...
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 18:23
25 janv. 2008 à 18:23
ok
@+
@+
mememad
Messages postés
84
Date d'inscription
vendredi 10 juin 2005
Statut
Membre
Dernière intervention
28 août 2013
25 janv. 2008 à 18:40
25 janv. 2008 à 18:40
Me revoilà
Voici donc le rapport "Combofix :
ComboFix 08-01-23.1C - Fran‡oise 2008-01-25 18:18:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.467 [GMT 1:00]
Endroit: C:\Documents and Settings\Fran‡oise\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Fran‡oise\Application Data\tmp17.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmp19.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmp37.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmp9.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmpA.tmp.exe
C:\Program Files\MyWay
C:\WINDOWS\cookies.ini
C:\WINDOWS\ffefgh.ini
C:\WINDOWS\hgfeff.dll
C:\WINDOWS\system32\dsuiexq.dll
C:\WINDOWS\system32\fontqxet.dll
C:\WINDOWS\system32\hnetviw.dll
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\wuasirvy.dll
C:\WINDOWS\uxaaay.ini
C:\WINDOWS\yaaaxu.dll
C:\WINDOWS\yabbby.dll
C:\WINDOWS\ybbbay.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_WINCOM32
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 17:32 . 2008-01-25 18:14 <REP> d-------- C:\Program Files\Navilog1
2008-01-25 11:35 . 2008-01-25 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 11:35 . 2008-01-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 11:04 . 2008-01-17 11:04 253,952 --------- C:\WINDOWS\Setup1.exe
2008-01-17 11:04 . 2008-01-17 11:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-03 11:36 . 2008-01-03 11:36 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-29 14:14 . 2007-12-29 14:18 <REP> d-------- C:\Program Files\Ad-Aware 2007
2007-12-29 14:13 . 2007-12-29 14:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-28 18:32 . 2007-12-28 19:22 <REP> d-------- C:\Program Files\Neodivx
2007-12-26 09:54 . 2007-12-26 10:01 72 --ahs---- C:\WINDOWS\SAEE086A7.tmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 08:54 --------- d-----w C:\Program Files\CDDC-MahJongg
2008-01-25 07:54 --------- d-----w C:\Program Files\eMule
2007-12-29 13:18 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-29 13:18 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-29 13:10 --------- d-----w C:\Program Files\Lavasoft
2007-12-25 11:49 --------- d-----w C:\Program Files\DivX
2007-12-18 11:40 --------- d-----w C:\Program Files\Secured eMule
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-03-14 09:06 4,031 ----a-w C:\Program Files\dewplayer.swf
2006-01-26 16:20 144 ----a-w C:\Program Files\VirtualDub.jobs
2006-01-20 13:51 3,537 ----a-w C:\Program Files\UnInstall_VirtualDub.txt
2005-12-20 15:36 1,437,696 ----a-w C:\Program Files\PrintPratic3.exe
2005-12-20 15:34 4,644,864 ----a-w C:\Program Files\Res_fra7690.dll
2005-11-24 14:33 8,628 ---ha-w C:\Program Files\GETTINGSTARTEDQAM460.GID
2005-11-24 14:32 1,409 ----a-w C:\Program Files\MUSICAL.FOT
2005-11-03 09:52 17,408 -csha-w C:\Program Files\Thumbs.db
2005-09-29 08:10 16,384 ----a-w C:\Program Files\XTPResourceFr.dll
2005-07-19 21:10 887,296 ------w C:\Program Files\VirtualDub.exe
2005-07-10 13:47 117,991 ------w C:\Program Files\VirtualDub.vdi
2005-07-10 13:45 7,738 ------w C:\Program Files\vdub.exe
2005-07-10 13:44 7,168 ------w C:\Program Files\vdremote.dll
2005-07-10 13:44 6,656 ------w C:\Program Files\vdicmdrv.dll
2005-07-10 13:44 5,120 ------w C:\Program Files\vdsvrlnk.dll
2005-06-28 12:25 2,146,304 ----a-w C:\Program Files\XTP9600Lib.dll
2005-05-11 23:05 344,064 ------w C:\Program Files\UnInstall_VirtualDub.exe
2005-04-28 17:39 237,568 ----a-w C:\Program Files\ispare.exe
2005-04-26 17:26 10,684 ------w C:\Program Files\French.lng
2005-03-14 14:15 520 ----a-w C:\Program Files\Raccourci vers Internet Optimizer.doc.lnk
2004-12-29 08:51 10,240 ----a-w C:\Program Files\Comptabilité.FP3
2004-10-26 17:17 4,466 ----a-w C:\Program Files\QuartzAudioMasterLite.ini
2004-10-26 16:49 40,694 -c-ha-w C:\Program Files\QuartzAudioMasterF.GID
2004-10-26 16:41 175 ----a-w C:\Program Files\_DEISREG.ISR
2004-10-26 16:41 1,984 ----a-w C:\Program Files\DeIsL3.isu
2004-10-26 16:32 8,628 ---ha-w C:\Program Files\fwwelcomeF.GID
2004-10-26 16:32 7,895 ----a-w C:\Program Files\DeIsL2.isu
2004-10-26 16:29 2,111 ----a-w C:\Program Files\DeIsL1.isu
2004-10-22 02:51 257,886 ------w C:\Program Files\VirtualDub.vdhelp
2004-09-26 13:00 18,321 ------w C:\Program Files\copying
2004-02-23 18:27 98,304 ----a-w C:\Program Files\lffax14N.dll
2004-02-23 18:26 163,840 ----a-w C:\Program Files\ltfil14N.DLL
2004-02-23 08:51 73,728 ----a-w C:\Program Files\lfpsd14N.dll
2004-02-23 08:51 49,152 ----a-w C:\Program Files\lfpcd14N.dll
2004-02-23 08:45 475,136 ----a-w C:\Program Files\ltkrn14N.dll
2004-02-22 12:14 53,248 ----a-w C:\Program Files\lftga14N.dll
2004-02-22 12:14 159,744 ----a-w C:\Program Files\lftif14N.dll
2004-02-22 12:11 53,248 ----a-w C:\Program Files\lfpcx14N.dll
2004-02-22 12:11 159,744 ----a-w C:\Program Files\Lfpng14N.dll
2004-02-22 12:10 53,248 ----a-w C:\Program Files\lflmb14N.dll
2004-02-22 12:10 253,952 ----a-w C:\Program Files\LFJ2K14N.dll
2004-02-22 12:10 110,592 ----a-w C:\Program Files\lfjbg14N.dll
2004-02-22 12:08 65,536 ----a-w C:\Program Files\lfeps14N.dll
2004-02-22 12:06 401,408 ----a-w C:\Program Files\LFCMP14N.DLL
2004-02-22 12:05 57,344 ----a-w C:\Program Files\lfbmp14N.dll
2004-02-22 11:59 282,624 ----a-w C:\Program Files\ltefx14N.dll
2004-02-22 11:58 954,368 ----a-w C:\Program Files\ltimg14N.dll
2004-02-22 11:57 1,695,744 ----a-w C:\Program Files\LTCLR14N.dll
2004-02-22 08:29 86,016 ----a-w C:\Program Files\Lfpct14N.dll
2004-02-20 00:36 16,896 ------w C:\Program Files\auxsetup.exe
2004-02-19 12:13 299,008 ----a-w C:\Program Files\LTDIS14N.dll
2004-02-19 12:09 253,952 ----a-w C:\Program Files\LTEml14n.dll
2004-02-19 09:25 61,440 ----a-w C:\Program Files\Lfwmf14N.dll
2003-03-24 20:24 917,504 ----a-w C:\Program Files\_ISource30.dll
2003-03-19 06:20 1,060,864 ----a-w C:\Program Files\MFC71.dll
2003-03-19 05:44 61,440 ----a-w C:\Program Files\MFC71FRA.DLL
2003-03-19 05:14 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-02-21 13:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2002-08-29 10:44 1,703,936 ----a-w C:\Program Files\GdiPlus.dll
2002-06-29 20:04 393 ----a-w C:\Program Files\Install.txt
2002-06-28 10:06 30 ----a-w C:\Program Files\Uninstall.bat
2002-06-28 10:06 27 ----a-w C:\Program Files\Install.bat
2001-04-30 07:57 45,056 ----a-w C:\Program Files\qmidifw32.dll
2001-04-30 07:54 32,768 ----a-w C:\Program Files\QMIDIFW16.DLL
2001-04-20 09:55 262,144 ----a-w C:\Program Files\wmixd.dll
2001-04-20 07:54 99,299 ----a-w C:\Program Files\FWWELCOMEF.HLP
2001-04-12 12:39 2,548,067 ----a-w C:\Program Files\QuartzAudioMasterF.HLP
2001-04-12 12:29 6,096 ----a-w C:\Program Files\QuartzAudioMasterF.cnt
2001-04-03 15:15 73,728 ----a-w C:\Program Files\qmidifw.dll
2001-04-02 11:38 339,968 ----a-w C:\Program Files\qmidixf.dll
2001-04-02 11:33 77,824 ----a-w C:\Program Files\qksb.dll
2001-04-02 11:33 53,248 ----a-w C:\Program Files\wmdfx.dll
2001-04-02 11:32 90,112 ----a-w C:\Program Files\qam.dll
2001-02-20 15:25 225,280 ----a-w C:\Program Files\wmdcdce.dll
2001-02-05 15:34 735,976 ----a-w C:\Program Files\GETTINGSTARTEDQAM460.HLP
2000-12-12 12:10 202 ----a-w C:\Program Files\QFXP0004.QFP
2000-10-24 11:37 20,250 ----a-w C:\Program Files\QREV_F.HLP
2000-10-24 11:37 20,183 ----a-w C:\Program Files\QPHAS_F.HLP
2000-10-24 11:36 20,182 ----a-w C:\Program Files\QDEL_F.HLP
2000-10-24 11:36 19,776 ----a-w C:\Program Files\QCHO_F.HLP
2000-10-24 11:32 65,536 ----a-w C:\Program Files\PhaserF.Q3P
2000-10-24 11:32 212,992 ----a-w C:\Program Files\REVF.Q3P
2000-10-24 11:31 61,440 ----a-w C:\Program Files\DELAYF.Q3P
2000-10-24 11:30 81,920 ----a-w C:\Program Files\CHORUSF.Q3P
2000-10-05 14:00 282,362 ----a-w C:\Program Files\cool_demo.qac
2000-10-05 13:47 586 ----a-w C:\Program Files\QFXP0014.QFP
2000-09-20 11:11 496 ----a-w C:\Program Files\pianotrack.QAT
2000-09-20 11:11 352 ----a-w C:\Program Files\brasstrack.QAT
2000-09-20 11:11 1,738 ----a-w C:\Program Files\basstrack.QAT
2000-09-20 11:09 2,650 ----a-w C:\Program Files\drumtrack.QAT
2000-01-12 07:04 84,022 ----a-w C:\Program Files\q3cDefKnob.bmp
2000-01-05 22:11 47,654 ----a-w C:\Program Files\q3cDefBack.bmp
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-01-01 11:42 1502232 --a------ C:\Program Files\Freecorder\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19080985-88bd-4c73-87cd-9ba28a932567}]
C:\WINDOWS\system32\msadups.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{1392B8D2-5C05-419F-A8F6-B9F15A596612}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [2008-01-01 11:42 1502232]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 18:38 1957888]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11 114688]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016]
"WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:39 253952]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-02 11:17 180269]
"NetService"="C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atlmgm]
atlmgm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msadups]
msadups.dll
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 10:02]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-05-20 17:25]
R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37]
R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03]
R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03]
R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03]
R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02]
R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 11:13]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 11:13]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29]
S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42]
S4 Dis2wormv;Dis2wormv;C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 20:57]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 18:26:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2377
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 18:30:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 17:29:54
ET LE RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:53, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gericom.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {19080985-88bd-4c73-87cd-9ba28a932567} - C:\WINDOWS\system32\msadups.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetService] C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe /run
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gericom.com
O20 - Winlogon Notify: atlmgm - atlmgm.dll (file missing)
O20 - Winlogon Notify: msadups - msadups.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Voici donc le rapport "Combofix :
ComboFix 08-01-23.1C - Fran‡oise 2008-01-25 18:18:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.467 [GMT 1:00]
Endroit: C:\Documents and Settings\Fran‡oise\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Fran‡oise\Application Data\tmp17.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmp19.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmp37.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmp9.tmp.exe
C:\Documents and Settings\Fran‡oise\Application Data\tmpA.tmp.exe
C:\Program Files\MyWay
C:\WINDOWS\cookies.ini
C:\WINDOWS\ffefgh.ini
C:\WINDOWS\hgfeff.dll
C:\WINDOWS\system32\dsuiexq.dll
C:\WINDOWS\system32\fontqxet.dll
C:\WINDOWS\system32\hnetviw.dll
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\wuasirvy.dll
C:\WINDOWS\uxaaay.ini
C:\WINDOWS\yaaaxu.dll
C:\WINDOWS\yabbby.dll
C:\WINDOWS\ybbbay.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_WINCOM32
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 17:32 . 2008-01-25 18:14 <REP> d-------- C:\Program Files\Navilog1
2008-01-25 11:35 . 2008-01-25 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 11:35 . 2008-01-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 11:04 . 2008-01-17 11:04 253,952 --------- C:\WINDOWS\Setup1.exe
2008-01-17 11:04 . 2008-01-17 11:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-03 11:36 . 2008-01-03 11:36 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-29 14:14 . 2007-12-29 14:18 <REP> d-------- C:\Program Files\Ad-Aware 2007
2007-12-29 14:13 . 2007-12-29 14:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-28 18:32 . 2007-12-28 19:22 <REP> d-------- C:\Program Files\Neodivx
2007-12-26 09:54 . 2007-12-26 10:01 72 --ahs---- C:\WINDOWS\SAEE086A7.tmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 08:54 --------- d-----w C:\Program Files\CDDC-MahJongg
2008-01-25 07:54 --------- d-----w C:\Program Files\eMule
2007-12-29 13:18 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-29 13:18 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-29 13:10 --------- d-----w C:\Program Files\Lavasoft
2007-12-25 11:49 --------- d-----w C:\Program Files\DivX
2007-12-18 11:40 --------- d-----w C:\Program Files\Secured eMule
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-03-14 09:06 4,031 ----a-w C:\Program Files\dewplayer.swf
2006-01-26 16:20 144 ----a-w C:\Program Files\VirtualDub.jobs
2006-01-20 13:51 3,537 ----a-w C:\Program Files\UnInstall_VirtualDub.txt
2005-12-20 15:36 1,437,696 ----a-w C:\Program Files\PrintPratic3.exe
2005-12-20 15:34 4,644,864 ----a-w C:\Program Files\Res_fra7690.dll
2005-11-24 14:33 8,628 ---ha-w C:\Program Files\GETTINGSTARTEDQAM460.GID
2005-11-24 14:32 1,409 ----a-w C:\Program Files\MUSICAL.FOT
2005-11-03 09:52 17,408 -csha-w C:\Program Files\Thumbs.db
2005-09-29 08:10 16,384 ----a-w C:\Program Files\XTPResourceFr.dll
2005-07-19 21:10 887,296 ------w C:\Program Files\VirtualDub.exe
2005-07-10 13:47 117,991 ------w C:\Program Files\VirtualDub.vdi
2005-07-10 13:45 7,738 ------w C:\Program Files\vdub.exe
2005-07-10 13:44 7,168 ------w C:\Program Files\vdremote.dll
2005-07-10 13:44 6,656 ------w C:\Program Files\vdicmdrv.dll
2005-07-10 13:44 5,120 ------w C:\Program Files\vdsvrlnk.dll
2005-06-28 12:25 2,146,304 ----a-w C:\Program Files\XTP9600Lib.dll
2005-05-11 23:05 344,064 ------w C:\Program Files\UnInstall_VirtualDub.exe
2005-04-28 17:39 237,568 ----a-w C:\Program Files\ispare.exe
2005-04-26 17:26 10,684 ------w C:\Program Files\French.lng
2005-03-14 14:15 520 ----a-w C:\Program Files\Raccourci vers Internet Optimizer.doc.lnk
2004-12-29 08:51 10,240 ----a-w C:\Program Files\Comptabilité.FP3
2004-10-26 17:17 4,466 ----a-w C:\Program Files\QuartzAudioMasterLite.ini
2004-10-26 16:49 40,694 -c-ha-w C:\Program Files\QuartzAudioMasterF.GID
2004-10-26 16:41 175 ----a-w C:\Program Files\_DEISREG.ISR
2004-10-26 16:41 1,984 ----a-w C:\Program Files\DeIsL3.isu
2004-10-26 16:32 8,628 ---ha-w C:\Program Files\fwwelcomeF.GID
2004-10-26 16:32 7,895 ----a-w C:\Program Files\DeIsL2.isu
2004-10-26 16:29 2,111 ----a-w C:\Program Files\DeIsL1.isu
2004-10-22 02:51 257,886 ------w C:\Program Files\VirtualDub.vdhelp
2004-09-26 13:00 18,321 ------w C:\Program Files\copying
2004-02-23 18:27 98,304 ----a-w C:\Program Files\lffax14N.dll
2004-02-23 18:26 163,840 ----a-w C:\Program Files\ltfil14N.DLL
2004-02-23 08:51 73,728 ----a-w C:\Program Files\lfpsd14N.dll
2004-02-23 08:51 49,152 ----a-w C:\Program Files\lfpcd14N.dll
2004-02-23 08:45 475,136 ----a-w C:\Program Files\ltkrn14N.dll
2004-02-22 12:14 53,248 ----a-w C:\Program Files\lftga14N.dll
2004-02-22 12:14 159,744 ----a-w C:\Program Files\lftif14N.dll
2004-02-22 12:11 53,248 ----a-w C:\Program Files\lfpcx14N.dll
2004-02-22 12:11 159,744 ----a-w C:\Program Files\Lfpng14N.dll
2004-02-22 12:10 53,248 ----a-w C:\Program Files\lflmb14N.dll
2004-02-22 12:10 253,952 ----a-w C:\Program Files\LFJ2K14N.dll
2004-02-22 12:10 110,592 ----a-w C:\Program Files\lfjbg14N.dll
2004-02-22 12:08 65,536 ----a-w C:\Program Files\lfeps14N.dll
2004-02-22 12:06 401,408 ----a-w C:\Program Files\LFCMP14N.DLL
2004-02-22 12:05 57,344 ----a-w C:\Program Files\lfbmp14N.dll
2004-02-22 11:59 282,624 ----a-w C:\Program Files\ltefx14N.dll
2004-02-22 11:58 954,368 ----a-w C:\Program Files\ltimg14N.dll
2004-02-22 11:57 1,695,744 ----a-w C:\Program Files\LTCLR14N.dll
2004-02-22 08:29 86,016 ----a-w C:\Program Files\Lfpct14N.dll
2004-02-20 00:36 16,896 ------w C:\Program Files\auxsetup.exe
2004-02-19 12:13 299,008 ----a-w C:\Program Files\LTDIS14N.dll
2004-02-19 12:09 253,952 ----a-w C:\Program Files\LTEml14n.dll
2004-02-19 09:25 61,440 ----a-w C:\Program Files\Lfwmf14N.dll
2003-03-24 20:24 917,504 ----a-w C:\Program Files\_ISource30.dll
2003-03-19 06:20 1,060,864 ----a-w C:\Program Files\MFC71.dll
2003-03-19 05:44 61,440 ----a-w C:\Program Files\MFC71FRA.DLL
2003-03-19 05:14 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-02-21 13:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2002-08-29 10:44 1,703,936 ----a-w C:\Program Files\GdiPlus.dll
2002-06-29 20:04 393 ----a-w C:\Program Files\Install.txt
2002-06-28 10:06 30 ----a-w C:\Program Files\Uninstall.bat
2002-06-28 10:06 27 ----a-w C:\Program Files\Install.bat
2001-04-30 07:57 45,056 ----a-w C:\Program Files\qmidifw32.dll
2001-04-30 07:54 32,768 ----a-w C:\Program Files\QMIDIFW16.DLL
2001-04-20 09:55 262,144 ----a-w C:\Program Files\wmixd.dll
2001-04-20 07:54 99,299 ----a-w C:\Program Files\FWWELCOMEF.HLP
2001-04-12 12:39 2,548,067 ----a-w C:\Program Files\QuartzAudioMasterF.HLP
2001-04-12 12:29 6,096 ----a-w C:\Program Files\QuartzAudioMasterF.cnt
2001-04-03 15:15 73,728 ----a-w C:\Program Files\qmidifw.dll
2001-04-02 11:38 339,968 ----a-w C:\Program Files\qmidixf.dll
2001-04-02 11:33 77,824 ----a-w C:\Program Files\qksb.dll
2001-04-02 11:33 53,248 ----a-w C:\Program Files\wmdfx.dll
2001-04-02 11:32 90,112 ----a-w C:\Program Files\qam.dll
2001-02-20 15:25 225,280 ----a-w C:\Program Files\wmdcdce.dll
2001-02-05 15:34 735,976 ----a-w C:\Program Files\GETTINGSTARTEDQAM460.HLP
2000-12-12 12:10 202 ----a-w C:\Program Files\QFXP0004.QFP
2000-10-24 11:37 20,250 ----a-w C:\Program Files\QREV_F.HLP
2000-10-24 11:37 20,183 ----a-w C:\Program Files\QPHAS_F.HLP
2000-10-24 11:36 20,182 ----a-w C:\Program Files\QDEL_F.HLP
2000-10-24 11:36 19,776 ----a-w C:\Program Files\QCHO_F.HLP
2000-10-24 11:32 65,536 ----a-w C:\Program Files\PhaserF.Q3P
2000-10-24 11:32 212,992 ----a-w C:\Program Files\REVF.Q3P
2000-10-24 11:31 61,440 ----a-w C:\Program Files\DELAYF.Q3P
2000-10-24 11:30 81,920 ----a-w C:\Program Files\CHORUSF.Q3P
2000-10-05 14:00 282,362 ----a-w C:\Program Files\cool_demo.qac
2000-10-05 13:47 586 ----a-w C:\Program Files\QFXP0014.QFP
2000-09-20 11:11 496 ----a-w C:\Program Files\pianotrack.QAT
2000-09-20 11:11 352 ----a-w C:\Program Files\brasstrack.QAT
2000-09-20 11:11 1,738 ----a-w C:\Program Files\basstrack.QAT
2000-09-20 11:09 2,650 ----a-w C:\Program Files\drumtrack.QAT
2000-01-12 07:04 84,022 ----a-w C:\Program Files\q3cDefKnob.bmp
2000-01-05 22:11 47,654 ----a-w C:\Program Files\q3cDefBack.bmp
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-01-01 11:42 1502232 --a------ C:\Program Files\Freecorder\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19080985-88bd-4c73-87cd-9ba28a932567}]
C:\WINDOWS\system32\msadups.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{1392B8D2-5C05-419F-A8F6-B9F15A596612}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [2008-01-01 11:42 1502232]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 18:38 1957888]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11 114688]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016]
"WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:39 253952]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-02 11:17 180269]
"NetService"="C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atlmgm]
atlmgm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msadups]
msadups.dll
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 10:02]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-05-20 17:25]
R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37]
R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03]
R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03]
R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03]
R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02]
R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 11:13]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 11:13]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29]
S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42]
S4 Dis2wormv;Dis2wormv;C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 20:57]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 18:26:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2377
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 18:30:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 17:29:54
ET LE RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:53, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gericom.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {19080985-88bd-4c73-87cd-9ba28a932567} - C:\WINDOWS\system32\msadups.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetService] C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe /run
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gericom.com
O20 - Winlogon Notify: atlmgm - atlmgm.dll (file missing)
O20 - Winlogon Notify: msadups - msadups.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 19:10
25 janv. 2008 à 19:10
francoise,
regarde ceci concernant ton cher avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instal l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Copie le texte ci-dessous :
File::
C:\WINDOWS\Setup1.exe
C:\WINDOWS\SAEE086A7.tmp
C:\Program Files\Freecorder\tbFre1.dll
C:\WINDOWS\system32\msadups.dll
C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe
Folder::
C:\Program Files\Navilog1
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19080985-88bd-4c73-87cd-9ba28a932567}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atlmgm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msadups]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
regarde ceci concernant ton cher avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instal l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Copie le texte ci-dessous :
File::
C:\WINDOWS\Setup1.exe
C:\WINDOWS\SAEE086A7.tmp
C:\Program Files\Freecorder\tbFre1.dll
C:\WINDOWS\system32\msadups.dll
C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe
Folder::
C:\Program Files\Navilog1
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19080985-88bd-4c73-87cd-9ba28a932567}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atlmgm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msadups]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
mememad
Messages postés
84
Date d'inscription
vendredi 10 juin 2005
Statut
Membre
Dernière intervention
28 août 2013
25 janv. 2008 à 21:38
25 janv. 2008 à 21:38
Ce fut très long mais ce n'est malheureusement pas de mon fait...
Merci pour ta patience et ton savoir.
Voici donc le rapport Combofix :
ComboFix 08-01-23.1C - Françoise 2008-01-25 21:09:29.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.317 [GMT 1:00]
Endroit: C:\Documents and Settings\Françoise\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Françoise\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE
C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe
C:\Program Files\Freecorder\tbFre1.dll
C:\WINDOWS\SAEE086A7.tmp
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\msadups.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Freecorder\tbFre1.dll
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\backup_registry.dat
C:\Program Files\Navilog1\Backupnavi\rhjcsp.dat
C:\Program Files\Navilog1\Backupnavi\rhjcsp.exe
C:\Program Files\Navilog1\Backupnavi\rhjcsp_nav.dat
C:\Program Files\Navilog1\Backupnavi\rhjcsp_navps.dat
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\WINDOWS\SAEE086A7.tmp
C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 19:39 . 2008-01-25 19:39 <REP> d-------- C:\Program Files\Avira
2008-01-25 18:33 . 2008-01-25 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-25 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 11:35 . 2008-01-25 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 11:35 . 2008-01-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 11:04 . 2008-01-17 11:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-03 11:36 . 2008-01-03 11:36 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-29 14:14 . 2007-12-29 14:18 <REP> d-------- C:\Program Files\Ad-Aware 2007
2007-12-29 14:13 . 2007-12-29 14:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-28 18:32 . 2007-12-28 19:22 <REP> d-------- C:\Program Files\Neodivx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:15 --------- d-----w C:\Program Files\Freecorder
2008-01-25 08:54 --------- d-----w C:\Program Files\CDDC-MahJongg
2008-01-25 07:54 --------- d-----w C:\Program Files\eMule
2007-12-29 13:18 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-29 13:18 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-29 13:10 --------- d-----w C:\Program Files\Lavasoft
2007-12-25 11:49 --------- d-----w C:\Program Files\DivX
2007-12-18 11:40 --------- d-----w C:\Program Files\Secured eMule
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2006-03-14 09:06 4,031 ----a-w C:\Program Files\dewplayer.swf
2006-01-26 16:20 144 ----a-w C:\Program Files\VirtualDub.jobs
2006-01-20 13:51 3,537 ----a-w C:\Program Files\UnInstall_VirtualDub.txt
2005-12-20 15:36 1,437,696 ----a-w C:\Program Files\PrintPratic3.exe
2005-12-20 15:34 4,644,864 ----a-w C:\Program Files\Res_fra7690.dll
2005-11-24 14:33 8,628 ---ha-w C:\Program Files\GETTINGSTARTEDQAM460.GID
2005-11-24 14:32 1,409 ----a-w C:\Program Files\MUSICAL.FOT
2005-11-03 09:52 17,408 -csha-w C:\Program Files\Thumbs.db
2005-09-29 08:10 16,384 ----a-w C:\Program Files\XTPResourceFr.dll
2005-07-19 21:10 887,296 ------w C:\Program Files\VirtualDub.exe
2005-07-10 13:47 117,991 ------w C:\Program Files\VirtualDub.vdi
2005-07-10 13:45 7,738 ------w C:\Program Files\vdub.exe
2005-07-10 13:44 7,168 ------w C:\Program Files\vdremote.dll
2005-07-10 13:44 6,656 ------w C:\Program Files\vdicmdrv.dll
2005-07-10 13:44 5,120 ------w C:\Program Files\vdsvrlnk.dll
2005-06-28 12:25 2,146,304 ----a-w C:\Program Files\XTP9600Lib.dll
2005-05-11 23:05 344,064 ------w C:\Program Files\UnInstall_VirtualDub.exe
2005-04-28 17:39 237,568 ----a-w C:\Program Files\ispare.exe
2005-04-26 17:26 10,684 ------w C:\Program Files\French.lng
2005-03-14 14:15 520 ----a-w C:\Program Files\Raccourci vers Internet Optimizer.doc.lnk
2004-12-29 08:51 10,240 ----a-w C:\Program Files\Comptabilité.FP3
2004-10-26 17:17 4,466 ----a-w C:\Program Files\QuartzAudioMasterLite.ini
2004-10-26 16:49 40,694 -c-ha-w C:\Program Files\QuartzAudioMasterF.GID
2004-10-26 16:41 175 ----a-w C:\Program Files\_DEISREG.ISR
2004-10-26 16:41 1,984 ----a-w C:\Program Files\DeIsL3.isu
2004-10-26 16:32 8,628 ---ha-w C:\Program Files\fwwelcomeF.GID
2004-10-26 16:32 7,895 ----a-w C:\Program Files\DeIsL2.isu
2004-10-26 16:29 2,111 ----a-w C:\Program Files\DeIsL1.isu
2004-10-22 02:51 257,886 ------w C:\Program Files\VirtualDub.vdhelp
2004-09-26 13:00 18,321 ------w C:\Program Files\copying
2004-02-23 18:27 98,304 ----a-w C:\Program Files\lffax14N.dll
2004-02-23 18:26 163,840 ----a-w C:\Program Files\ltfil14N.DLL
2004-02-23 08:51 73,728 ----a-w C:\Program Files\lfpsd14N.dll
2004-02-23 08:51 49,152 ----a-w C:\Program Files\lfpcd14N.dll
2004-02-23 08:45 475,136 ----a-w C:\Program Files\ltkrn14N.dll
2004-02-22 12:14 53,248 ----a-w C:\Program Files\lftga14N.dll
2004-02-22 12:14 159,744 ----a-w C:\Program Files\lftif14N.dll
2004-02-22 12:11 53,248 ----a-w C:\Program Files\lfpcx14N.dll
2004-02-22 12:11 159,744 ----a-w C:\Program Files\Lfpng14N.dll
2004-02-22 12:10 53,248 ----a-w C:\Program Files\lflmb14N.dll
2004-02-22 12:10 253,952 ----a-w C:\Program Files\LFJ2K14N.dll
2004-02-22 12:10 110,592 ----a-w C:\Program Files\lfjbg14N.dll
2004-02-22 12:08 65,536 ----a-w C:\Program Files\lfeps14N.dll
2004-02-22 12:06 401,408 ----a-w C:\Program Files\LFCMP14N.DLL
2004-02-22 12:05 57,344 ----a-w C:\Program Files\lfbmp14N.dll
2004-02-22 11:59 282,624 ----a-w C:\Program Files\ltefx14N.dll
2004-02-22 11:58 954,368 ----a-w C:\Program Files\ltimg14N.dll
2004-02-22 11:57 1,695,744 ----a-w C:\Program Files\LTCLR14N.dll
2004-02-22 08:29 86,016 ----a-w C:\Program Files\Lfpct14N.dll
2004-02-20 00:36 16,896 ------w C:\Program Files\auxsetup.exe
2004-02-19 12:13 299,008 ----a-w C:\Program Files\LTDIS14N.dll
2004-02-19 12:09 253,952 ----a-w C:\Program Files\LTEml14n.dll
2004-02-19 09:25 61,440 ----a-w C:\Program Files\Lfwmf14N.dll
2003-03-24 20:24 917,504 ----a-w C:\Program Files\_ISource30.dll
2003-03-19 06:20 1,060,864 ----a-w C:\Program Files\MFC71.dll
2003-03-19 05:44 61,440 ----a-w C:\Program Files\MFC71FRA.DLL
2003-03-19 05:14 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-02-21 13:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2002-08-29 10:44 1,703,936 ----a-w C:\Program Files\GdiPlus.dll
2002-06-29 20:04 393 ----a-w C:\Program Files\Install.txt
2002-06-28 10:06 30 ----a-w C:\Program Files\Uninstall.bat
2002-06-28 10:06 27 ----a-w C:\Program Files\Install.bat
2001-04-30 07:57 45,056 ----a-w C:\Program Files\qmidifw32.dll
2001-04-30 07:54 32,768 ----a-w C:\Program Files\QMIDIFW16.DLL
2001-04-20 09:55 262,144 ----a-w C:\Program Files\wmixd.dll
2001-04-20 07:54 99,299 ----a-w C:\Program Files\FWWELCOMEF.HLP
2001-04-12 12:39 2,548,067 ----a-w C:\Program Files\QuartzAudioMasterF.HLP
2001-04-12 12:29 6,096 ----a-w C:\Program Files\QuartzAudioMasterF.cnt
2001-04-03 15:15 73,728 ----a-w C:\Program Files\qmidifw.dll
2001-04-02 11:38 339,968 ----a-w C:\Program Files\qmidixf.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_18.29.23.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 17:18:05 1,089,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-25 20:08:51 1,089,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-25 17:18:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-25 20:08:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-25 17:18:05 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
+ 2008-01-25 20:08:51 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
- 2008-01-25 17:18:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-25 20:08:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-25 17:18:06 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-25 20:08:52 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-25 17:18:06 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-25 20:08:52 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-25 20:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-10-28 08:25:57 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 17:30:20 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 08:25:57 65,800 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-25 17:30:20 65,800 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-28 08:25:57 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 17:30:20 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-28 08:25:57 449,978 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-25 17:30:20 449,978 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 18:38 1957888]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11 114688]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016]
"WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:39 253952]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-02 11:17 180269]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 10:02]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-05-20 17:25]
R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37]
R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03]
R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03]
R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03]
R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02]
R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 11:13]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 11:13]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29]
S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42]
S4 Dis2wormv;Dis2wormv;C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 20:57]
*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 21:15:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 21:18:16
ComboFix-quarantined-files.txt 2008-01-25 20:17:13
ComboFix2.txt 2008-01-25 17:30:20
ET HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:42, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gericom.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gericom.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Merci pour ta patience et ton savoir.
Voici donc le rapport Combofix :
ComboFix 08-01-23.1C - Françoise 2008-01-25 21:09:29.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.317 [GMT 1:00]
Endroit: C:\Documents and Settings\Françoise\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Françoise\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE
C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe
C:\Program Files\Freecorder\tbFre1.dll
C:\WINDOWS\SAEE086A7.tmp
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\msadups.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Freecorder\tbFre1.dll
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\backup_registry.dat
C:\Program Files\Navilog1\Backupnavi\rhjcsp.dat
C:\Program Files\Navilog1\Backupnavi\rhjcsp.exe
C:\Program Files\Navilog1\Backupnavi\rhjcsp_nav.dat
C:\Program Files\Navilog1\Backupnavi\rhjcsp_navps.dat
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\WINDOWS\SAEE086A7.tmp
C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 19:39 . 2008-01-25 19:39 <REP> d-------- C:\Program Files\Avira
2008-01-25 18:33 . 2008-01-25 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-25 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 11:35 . 2008-01-25 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 11:35 . 2008-01-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 11:04 . 2008-01-17 11:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-03 11:36 . 2008-01-03 11:36 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-29 14:14 . 2007-12-29 14:18 <REP> d-------- C:\Program Files\Ad-Aware 2007
2007-12-29 14:13 . 2007-12-29 14:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-28 18:32 . 2007-12-28 19:22 <REP> d-------- C:\Program Files\Neodivx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:15 --------- d-----w C:\Program Files\Freecorder
2008-01-25 08:54 --------- d-----w C:\Program Files\CDDC-MahJongg
2008-01-25 07:54 --------- d-----w C:\Program Files\eMule
2007-12-29 13:18 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-29 13:18 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-29 13:10 --------- d-----w C:\Program Files\Lavasoft
2007-12-25 11:49 --------- d-----w C:\Program Files\DivX
2007-12-18 11:40 --------- d-----w C:\Program Files\Secured eMule
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2006-03-14 09:06 4,031 ----a-w C:\Program Files\dewplayer.swf
2006-01-26 16:20 144 ----a-w C:\Program Files\VirtualDub.jobs
2006-01-20 13:51 3,537 ----a-w C:\Program Files\UnInstall_VirtualDub.txt
2005-12-20 15:36 1,437,696 ----a-w C:\Program Files\PrintPratic3.exe
2005-12-20 15:34 4,644,864 ----a-w C:\Program Files\Res_fra7690.dll
2005-11-24 14:33 8,628 ---ha-w C:\Program Files\GETTINGSTARTEDQAM460.GID
2005-11-24 14:32 1,409 ----a-w C:\Program Files\MUSICAL.FOT
2005-11-03 09:52 17,408 -csha-w C:\Program Files\Thumbs.db
2005-09-29 08:10 16,384 ----a-w C:\Program Files\XTPResourceFr.dll
2005-07-19 21:10 887,296 ------w C:\Program Files\VirtualDub.exe
2005-07-10 13:47 117,991 ------w C:\Program Files\VirtualDub.vdi
2005-07-10 13:45 7,738 ------w C:\Program Files\vdub.exe
2005-07-10 13:44 7,168 ------w C:\Program Files\vdremote.dll
2005-07-10 13:44 6,656 ------w C:\Program Files\vdicmdrv.dll
2005-07-10 13:44 5,120 ------w C:\Program Files\vdsvrlnk.dll
2005-06-28 12:25 2,146,304 ----a-w C:\Program Files\XTP9600Lib.dll
2005-05-11 23:05 344,064 ------w C:\Program Files\UnInstall_VirtualDub.exe
2005-04-28 17:39 237,568 ----a-w C:\Program Files\ispare.exe
2005-04-26 17:26 10,684 ------w C:\Program Files\French.lng
2005-03-14 14:15 520 ----a-w C:\Program Files\Raccourci vers Internet Optimizer.doc.lnk
2004-12-29 08:51 10,240 ----a-w C:\Program Files\Comptabilité.FP3
2004-10-26 17:17 4,466 ----a-w C:\Program Files\QuartzAudioMasterLite.ini
2004-10-26 16:49 40,694 -c-ha-w C:\Program Files\QuartzAudioMasterF.GID
2004-10-26 16:41 175 ----a-w C:\Program Files\_DEISREG.ISR
2004-10-26 16:41 1,984 ----a-w C:\Program Files\DeIsL3.isu
2004-10-26 16:32 8,628 ---ha-w C:\Program Files\fwwelcomeF.GID
2004-10-26 16:32 7,895 ----a-w C:\Program Files\DeIsL2.isu
2004-10-26 16:29 2,111 ----a-w C:\Program Files\DeIsL1.isu
2004-10-22 02:51 257,886 ------w C:\Program Files\VirtualDub.vdhelp
2004-09-26 13:00 18,321 ------w C:\Program Files\copying
2004-02-23 18:27 98,304 ----a-w C:\Program Files\lffax14N.dll
2004-02-23 18:26 163,840 ----a-w C:\Program Files\ltfil14N.DLL
2004-02-23 08:51 73,728 ----a-w C:\Program Files\lfpsd14N.dll
2004-02-23 08:51 49,152 ----a-w C:\Program Files\lfpcd14N.dll
2004-02-23 08:45 475,136 ----a-w C:\Program Files\ltkrn14N.dll
2004-02-22 12:14 53,248 ----a-w C:\Program Files\lftga14N.dll
2004-02-22 12:14 159,744 ----a-w C:\Program Files\lftif14N.dll
2004-02-22 12:11 53,248 ----a-w C:\Program Files\lfpcx14N.dll
2004-02-22 12:11 159,744 ----a-w C:\Program Files\Lfpng14N.dll
2004-02-22 12:10 53,248 ----a-w C:\Program Files\lflmb14N.dll
2004-02-22 12:10 253,952 ----a-w C:\Program Files\LFJ2K14N.dll
2004-02-22 12:10 110,592 ----a-w C:\Program Files\lfjbg14N.dll
2004-02-22 12:08 65,536 ----a-w C:\Program Files\lfeps14N.dll
2004-02-22 12:06 401,408 ----a-w C:\Program Files\LFCMP14N.DLL
2004-02-22 12:05 57,344 ----a-w C:\Program Files\lfbmp14N.dll
2004-02-22 11:59 282,624 ----a-w C:\Program Files\ltefx14N.dll
2004-02-22 11:58 954,368 ----a-w C:\Program Files\ltimg14N.dll
2004-02-22 11:57 1,695,744 ----a-w C:\Program Files\LTCLR14N.dll
2004-02-22 08:29 86,016 ----a-w C:\Program Files\Lfpct14N.dll
2004-02-20 00:36 16,896 ------w C:\Program Files\auxsetup.exe
2004-02-19 12:13 299,008 ----a-w C:\Program Files\LTDIS14N.dll
2004-02-19 12:09 253,952 ----a-w C:\Program Files\LTEml14n.dll
2004-02-19 09:25 61,440 ----a-w C:\Program Files\Lfwmf14N.dll
2003-03-24 20:24 917,504 ----a-w C:\Program Files\_ISource30.dll
2003-03-19 06:20 1,060,864 ----a-w C:\Program Files\MFC71.dll
2003-03-19 05:44 61,440 ----a-w C:\Program Files\MFC71FRA.DLL
2003-03-19 05:14 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-02-21 13:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2002-08-29 10:44 1,703,936 ----a-w C:\Program Files\GdiPlus.dll
2002-06-29 20:04 393 ----a-w C:\Program Files\Install.txt
2002-06-28 10:06 30 ----a-w C:\Program Files\Uninstall.bat
2002-06-28 10:06 27 ----a-w C:\Program Files\Install.bat
2001-04-30 07:57 45,056 ----a-w C:\Program Files\qmidifw32.dll
2001-04-30 07:54 32,768 ----a-w C:\Program Files\QMIDIFW16.DLL
2001-04-20 09:55 262,144 ----a-w C:\Program Files\wmixd.dll
2001-04-20 07:54 99,299 ----a-w C:\Program Files\FWWELCOMEF.HLP
2001-04-12 12:39 2,548,067 ----a-w C:\Program Files\QuartzAudioMasterF.HLP
2001-04-12 12:29 6,096 ----a-w C:\Program Files\QuartzAudioMasterF.cnt
2001-04-03 15:15 73,728 ----a-w C:\Program Files\qmidifw.dll
2001-04-02 11:38 339,968 ----a-w C:\Program Files\qmidixf.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_18.29.23.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 17:18:05 1,089,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-25 20:08:51 1,089,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-25 17:18:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-25 20:08:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-25 17:18:05 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
+ 2008-01-25 20:08:51 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
- 2008-01-25 17:18:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-25 20:08:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-25 17:18:06 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-25 20:08:52 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-25 17:18:06 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-25 20:08:52 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-25 20:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-10-28 08:25:57 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 17:30:20 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 08:25:57 65,800 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-25 17:30:20 65,800 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-28 08:25:57 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 17:30:20 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-28 08:25:57 449,978 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-25 17:30:20 449,978 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 18:38 1957888]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11 114688]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016]
"WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:39 253952]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-02 11:17 180269]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 10:02]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-05-20 17:25]
R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37]
R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03]
R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03]
R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03]
R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02]
R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 11:13]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 11:13]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29]
S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42]
S4 Dis2wormv;Dis2wormv;C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 20:57]
*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 21:15:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 21:18:16
ComboFix-quarantined-files.txt 2008-01-25 20:17:13
ComboFix2.txt 2008-01-25 17:30:20
ET HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:42, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gericom.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gericom.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 21:57
25 janv. 2008 à 21:57
re,
c´est beaucoup mieux ;-)
maintenant :
tu surf avec internet explorer 6.0 = failles de securitées importantes
alors fais les mises a jour windows : tu veux la version 7.0
et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox
http://www.firefox.fr/
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou foxit plus léger :
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
anti spyware :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : http://forum.telecharger.01net.com/forum/
telecharge aussi cet anti spyware il a aussi un resident le teatimer :
spybot :
https://www.commentcamarche.net/telecharger/ 122 spybot
http://www.safer-networking.org/fr/faq/33.html
spyware gard :
https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
tous les trois sont complementaires, alors si tu veux; tu peux tous les installer...
puis j´amerais que tu fasse un scan complet de ta machine avec antivir
avec les réglages suivant :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
post le rapport d´antivir stp
@+
c´est beaucoup mieux ;-)
maintenant :
tu surf avec internet explorer 6.0 = failles de securitées importantes
alors fais les mises a jour windows : tu veux la version 7.0
et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox
http://www.firefox.fr/
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou foxit plus léger :
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
anti spyware :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : http://forum.telecharger.01net.com/forum/
telecharge aussi cet anti spyware il a aussi un resident le teatimer :
spybot :
https://www.commentcamarche.net/telecharger/ 122 spybot
http://www.safer-networking.org/fr/faq/33.html
spyware gard :
https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
tous les trois sont complementaires, alors si tu veux; tu peux tous les installer...
puis j´amerais que tu fasse un scan complet de ta machine avec antivir
avec les réglages suivant :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
post le rapport d´antivir stp
@+
mememad
Messages postés
84
Date d'inscription
vendredi 10 juin 2005
Statut
Membre
Dernière intervention
28 août 2013
26 janv. 2008 à 11:40
26 janv. 2008 à 11:40
Bonjour,
Je dois te présenter les excuses de mon corps qui n'a pas eu la force de résister à une flémingite aiguë hier soir !
Je viens de lire ta dernière réponse dans ma boîte à mail.
J'ai été surprise de lire que "je surfais avec Explorer" étant donné que j'ai toujours utilisé Mozilla. Quand j'ai voulu utiliser ton lien http://www.firefox.fr de mon mail, effectivement, oh ! surprise, Exploreur s'est ouvert !!! J'avais d'ailleurs remarqué hier soir parmi les nouveaux icônes de "navilog, cleanavi...etc." qu'un icône de cet exploreur s'était déposé sur mon bureau ! Non pas un raccourci mais l'icône du programme !!! Gonflé non ?
Peux-tu m'expliquer comment remédier à cette intrusion car je viens de refaire un essai, tant que mozilla n'est pas ouvert, si j'actionne un lien directement d'un de mes mail, "l'autre intrus" se rapplique !
J'ai fait tous les devoirs que tu m'as demandés. Voici le résultat d'antivir :
AntiVir PersonalEdition Classic
Report file date: samedi 26 janvier 2008 10:38
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Françoise
Computer name: NOM-FULKL1OH2QW
Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: samedi 26 janvier 2008 10:38
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'PS2USBKbdDrv.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB832353$\wmpcore.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: samedi 26 janvier 2008 11:35
Used time: 56:37 min
The scan has been done completely.
5146 Scanning directories
253396 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
61 Files cannot be scanned
253396 Files not concerned
7080 Archives were scanned
61 Warnings
0 Notes
EST-CE GRAVE DOCTEUR ???
Je dois te présenter les excuses de mon corps qui n'a pas eu la force de résister à une flémingite aiguë hier soir !
Je viens de lire ta dernière réponse dans ma boîte à mail.
J'ai été surprise de lire que "je surfais avec Explorer" étant donné que j'ai toujours utilisé Mozilla. Quand j'ai voulu utiliser ton lien http://www.firefox.fr de mon mail, effectivement, oh ! surprise, Exploreur s'est ouvert !!! J'avais d'ailleurs remarqué hier soir parmi les nouveaux icônes de "navilog, cleanavi...etc." qu'un icône de cet exploreur s'était déposé sur mon bureau ! Non pas un raccourci mais l'icône du programme !!! Gonflé non ?
Peux-tu m'expliquer comment remédier à cette intrusion car je viens de refaire un essai, tant que mozilla n'est pas ouvert, si j'actionne un lien directement d'un de mes mail, "l'autre intrus" se rapplique !
J'ai fait tous les devoirs que tu m'as demandés. Voici le résultat d'antivir :
AntiVir PersonalEdition Classic
Report file date: samedi 26 janvier 2008 10:38
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Françoise
Computer name: NOM-FULKL1OH2QW
Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: samedi 26 janvier 2008 10:38
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'PS2USBKbdDrv.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB832353$\wmpcore.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: samedi 26 janvier 2008 11:35
Used time: 56:37 min
The scan has been done completely.
5146 Scanning directories
253396 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
61 Files cannot be scanned
253396 Files not concerned
7080 Archives were scanned
61 Warnings
0 Notes
EST-CE GRAVE DOCTEUR ???
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 janv. 2008 à 12:08
26 janv. 2008 à 12:08
re,
ok pouir le scan antivir...
tu n´as pas du vouloir utiliser firefox comme navigateur par defaut au depart,
pour y remedier :
Tu ouvres firefox.
OUTILS/OPTIONS
Au pied de la fenêtre qui s'ouvre dans l´onglet generale, tu coches la case "au démarrage toujours vérifier que firefox est le navigateur par défaut"
puis au prochain redemarrage tu lui dira que tu veux qu´il soie le navigateur par defaut...
comment ce porte ton pc maintenant?
@+
ok pouir le scan antivir...
tu n´as pas du vouloir utiliser firefox comme navigateur par defaut au depart,
pour y remedier :
Tu ouvres firefox.
OUTILS/OPTIONS
Au pied de la fenêtre qui s'ouvre dans l´onglet generale, tu coches la case "au démarrage toujours vérifier que firefox est le navigateur par défaut"
puis au prochain redemarrage tu lui dira que tu veux qu´il soie le navigateur par defaut...
comment ce porte ton pc maintenant?
@+
mememad
Messages postés
84
Date d'inscription
vendredi 10 juin 2005
Statut
Membre
Dernière intervention
28 août 2013
26 janv. 2008 à 12:22
26 janv. 2008 à 12:22
Cher docteur, je viens de réaliser ta dernière recommandation.
J'ai l'impression que mon PC se porte à ravir car le peu de surf que j'ai fait entre les exercices que tu m'avais donnés n'ont pas été perturbés par "l'intrus".
Girly, je ne sais comment te remercier pour avoir aidé une vielle handicappée de l'info.
Que puis-je faire pour te faire plaisir ?
Je me permets donc de t'embrasser virtuellement et coche la case "résolu"...
A bientôt peut-être... mais le plus tard possible.
J'ai l'impression que mon PC se porte à ravir car le peu de surf que j'ai fait entre les exercices que tu m'avais donnés n'ont pas été perturbés par "l'intrus".
Girly, je ne sais comment te remercier pour avoir aidé une vielle handicappée de l'info.
Que puis-je faire pour te faire plaisir ?
Je me permets donc de t'embrasser virtuellement et coche la case "résolu"...
A bientôt peut-être... mais le plus tard possible.
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 janv. 2008 à 12:27
26 janv. 2008 à 12:27
tres bien ;-)
c´etait un plaisir...
je t´embrasse aussi :P
bonne continuation.
bye`
c´etait un plaisir...
je t´embrasse aussi :P
bonne continuation.
bye`