Adware

g76 Messages postés 502 Date d'inscription   Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
de retour avec BX18DXV.DAT:
La bestiole est toujours presente a mon arrivé ce midi environ 1/4 de ma memoire ram était prise par les page internet generé par BX18DXV.DAT ainsi que 2 "temp" dans le gestionnaire de tache.J'ai areter les deux temp et le probleme et le chargement des page de pub internet c'est arreté.
Adaware trouve un cookie je suppose que c'est celui ci mais il ne veut pas se suprimé.
Merci d'avance
Configuration: Windows XP
Firefox 2.0.0.12

70 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Problème lié à BX18DXV.DAT provoquant une utilisation anormale de la mémoire et l'affichage de publicités persistantes sous Windows XP avec Firefox 2, en partie dû à un cookie détecté par Ad-Aware.
Des éléments de réponse évoquent des infections et des outils comme HijackThis qui listent des processus et des entrées de démarrage potentiellement nuisibles, tandis que la suppression des cookies peut s'avérer délicate.
Le contenu de l'échange réunit des propositions variées, notamment des analyses de journaux et des références à des programmes anti-malware, sans consensus sur la meilleure approche.
En cas de persistance, l'étape suivante est l'examen approfondi des éléments de démarrage et des composants réseau, puis l'usage coordonné d'outils dédiés pour neutraliser les processus nuisibles et les modules publicitaires.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    post un rapport hijack this stp :

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
  2. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    voila le rapport generé par hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:46:15, on 12/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\antiviirus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.cet.unomaha.edu/activex/AMC.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AD7BE46-11E9-4CE8-A836-FCCA1729F15C}: NameServer = 86.64.145.143 84.103.237.143
    O21 - SSODL: AvpRom - {232a490b-2a8e-464e-9a06-bd9cccd7c172} - C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    O21 - SSODL: zip - {98576a01-6255-446e-a46a-a1271439d29b} - C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    0
  4. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    Compte rendu de Combofix
    ComboFix 08-03-10.1 - papa 2008-03-12 18:39:48.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.897 [GMT 1:00]
    Endroit: C:\Documents and Settings\papa\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-12 18:34 . 2008-03-12 18:34 16,484 -r-hs---- C:\Program Files\tmp51046.exe
    2008-03-12 18:34 . 2008-03-12 18:34 16,484 -r-hs---- C:\Program Files\tmp43937.exe
    2008-03-12 18:28 . 2008-03-12 18:28 <REP> d-------- C:\Documents and Settings\papa\SmitfraudFix
    2008-03-12 12:45 . 2008-03-12 12:45 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-12 10:43 . 2008-03-12 10:43 16,484 -r-hs---- C:\Program Files\tmp34328.exe
    2008-03-12 10:36 . 2008-03-12 10:36 16,484 -r-hs---- C:\Program Files\tmp39890.exe
    2008-03-12 10:36 . 2008-03-12 10:36 16,484 -r-hs---- C:\Program Files\tmp33031.exe
    2008-03-12 10:33 . 2008-03-12 10:33 16,484 -r-hs---- C:\Program Files\tmp39875.exe
    2008-03-12 10:32 . 2008-03-12 10:32 16,484 -r-hs---- C:\Program Files\tmp34343.exe
    2008-03-12 08:30 . 2008-03-12 08:30 16,484 -r-hs---- C:\Program Files\tmp38578.exe
    2008-03-12 08:30 . 2008-03-12 08:30 16,484 -r-hs---- C:\Program Files\tmp33093.exe
    2008-03-12 06:42 . 2008-03-12 06:42 16,484 -r-hs---- C:\Program Files\tmp37046.exe
    2008-03-12 06:42 . 2008-03-12 06:42 16,484 -r-hs---- C:\Program Files\tmp31640.exe
    2008-03-11 21:38 . 2008-03-11 21:38 <REP> d-------- C:\Program Files\Lavasoft
    2008-03-11 21:37 . 2008-03-11 21:37 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-11 21:20 . 2008-03-11 21:20 16,484 -r-hs---- C:\Program Files\tmp35562.exe
    2008-03-11 21:20 . 2008-03-11 21:20 16,484 -r-hs---- C:\Program Files\tmp30234.exe
    2008-03-11 20:51 . 2008-03-11 20:51 16,484 -r-hs---- C:\Program Files\tmp37500.exe
    2008-03-11 20:51 . 2008-03-11 20:51 16,484 -r-hs---- C:\Program Files\tmp31750.exe
    2008-03-11 20:36 . 2008-03-11 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-11 20:13 . 2008-03-11 20:13 21,608 --a------ C:\Program Files\antiviirus.exe
    2008-03-11 20:13 . 2008-03-11 20:13 16,484 -r-hs---- C:\Program Files\tmp121449109.exe
    2008-03-11 20:13 . 2008-03-11 20:13 16,484 -r-hs---- C:\Program Files\tmp121444015.exe
    2008-03-09 02:30 . 2008-03-09 02:30 <REP> d-------- C:\Program Files\Axis Communications
    2008-03-07 23:21 . 2008-03-08 11:01 <REP> d-------- C:\Program Files\Black Element Software
    2008-03-02 21:40 . 2008-03-12 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-02 21:40 . 2008-03-12 18:41 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-25 19:57 . 2008-02-25 19:57 <REP> d-------- C:\Program Files\MSECache
    2008-02-23 23:29 . 2008-02-23 23:30 <REP> d-------- C:\Program Files\PokerTH
    2008-02-23 12:39 . 2008-02-23 12:39 <REP> d-------- C:\Program Files\NCH Software
    2008-02-23 12:38 . 2008-02-23 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Program Files\NCH Swift Sound
    2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Documents and Settings\papa\Application Data\NCH Swift Sound

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-12 15:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-03-12 11:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-12 10:08 --------- d-----w C:\Program Files\eMule
    2008-03-08 21:30 --------- d-----w C:\Documents and Settings\papa\Application Data\Azureus
    2008-03-08 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-07 19:48 --------- d-----w C:\Program Files\Azureus
    2008-02-22 14:01 --------- d-----w C:\Program Files\Norton Security Scan
    2008-02-22 14:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-15 18:15 5,120 ----a-w C:\WINDOWS\system32\BReWErS.dll
    2008-02-10 19:46 --------- d-----w C:\Documents and Settings\papa\Application Data\pokerth
    2008-01-18 22:13 --------- d-----w C:\Program Files\Fake Webcam
    2008-01-12 22:02 --------- d-----w C:\Program Files\Windows Live
    2008-01-12 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-12 21:54 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-08 19:41 53,248 -c--a-w C:\WINDOWS\system32\apache.dll
    2007-12-21 21:00 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-11-05 18:50 2,293,712 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2007-04-06 12:45 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-06 12:45 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-08-01 07:31 15,295,272 -c--a-w C:\Program Files\Install_Messenger.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 18:17 395264]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 12:36 68856]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-15 19:39 77824]
    "antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-11 20:13 21608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "AvpRom"= {232a490b-2a8e-464e-9a06-bd9cccd7c172} - C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll [2008-03-11 20:13 18598]
    "zip"= {98576a01-6255-446e-a46a-a1271439d29b} - C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll [2008-03-11 20:13 23326]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
    "D:\\Documents de papa\\SmitfraudFix\\SmitfraudFix\\SmiUpdate.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    S2 Ca504av;TRUST 350FS POWERC@M FLASH(Video);C:\WINDOWS\system32\Drivers\Ca504av.sys [2002-10-21 10:37]
    S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-09-28 15:18]
    S3 USBCamera;TRUST 350FS POWERC@M FLASH(Still);C:\WINDOWS\system32\Drivers\Bulk504.sys [2002-12-04 13:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092cdd68-d562-11dc-b2a5-000b6a943c7b}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chansons.m3u

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{905a86c4-c613-11dc-b2a0-000b6a943c7b}]
    \shel\Auto\command - K:\iw3sp.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chansons.m3u

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6258eff-e7d6-11da-825d-4d6564696130}]
    \Shell\AutoRun\command - I:\ProjectFloodV3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6258f03-e7d6-11da-825d-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL application.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d402e437-7313-11db-b077-000b6a943c7b}]
    \Shell\AutoRun\command - L:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d402e439-7313-11db-b077-000b6a943c7b}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb41387-beb7-11dc-b299-000b6a943c7b}]
    \Shell\Auto\command - I:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-12 16:46:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-12 18:42:05
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    -> C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll
    .
    Temps d'accomplissement: 2008-03-12 18:44:01
    .
    2008-02-13 18:26:58 --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    la suite :

    Copie le texte ci-dessous :

    Folder::
    C:\Program Files\tmp51046.exe
    C:\Program Files\tmp43937.exe
    C:\Program Files\tmp34328.exe
    C:\Program Files\tmp39890.exe
    C:\Program Files\tmp33031.exe
    C:\Program Files\tmp39875.exe
    C:\Program Files\tmp34343.exe
    C:\Program Files\tmp38578.exe
    C:\Program Files\tmp33093.exe
    C:\Program Files\tmp37046.exe
    C:\Program Files\tmp31640.exe
    C:\Program Files\tmp35562.exe
    C:\Program Files\tmp30234.exe
    C:\Program Files\tmp37500.exe
    C:\Program Files\tmp31750.exe
    C:\Program Files\tmp121449109.exe
    C:\Program Files\tmp121444015.exe
    C:\Program Files\Norton Security Scan
    C:\Program Files\webHancer

    File::
    C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "antiviirus"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
    "AvpRom"=-
    "{232a490b-2a8e-464e-9a06-bd9cccd7c172}"=-
    "zip"=-
    "{98576a01-6255-446e-a46a-a1271439d29b}"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  7. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    ComboFix 08-03-10.1 - papa 2008-03-12 20:05:55.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.850 [GMT 1:00]
    Endroit: C:\Documents and Settings\papa\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\papa\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Norton Security Scan
    C:\Program Files\tmp121444015.exe\
    C:\Program Files\tmp121449109.exe\
    C:\Program Files\tmp30234.exe\
    C:\Program Files\tmp31640.exe\
    C:\Program Files\tmp31750.exe\
    C:\Program Files\tmp33031.exe\
    C:\Program Files\tmp33093.exe\
    C:\Program Files\tmp34328.exe\
    C:\Program Files\tmp34343.exe\
    C:\Program Files\tmp35562.exe\
    C:\Program Files\tmp37046.exe\
    C:\Program Files\tmp37500.exe\
    C:\Program Files\tmp38578.exe\
    C:\Program Files\tmp39875.exe\
    C:\Program Files\tmp39890.exe\
    C:\Program Files\tmp43937.exe\
    C:\Program Files\tmp51046.exe\
    C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-12 18:34 . 2008-03-12 18:34 16,484 -r-hs---- C:\Program Files\tmp51046.exe
    2008-03-12 18:34 . 2008-03-12 18:34 16,484 -r-hs---- C:\Program Files\tmp43937.exe
    2008-03-12 18:28 . 2008-03-12 18:28 <REP> d-------- C:\Documents and Settings\papa\SmitfraudFix
    2008-03-12 12:45 . 2008-03-12 12:45 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-12 10:43 . 2008-03-12 10:43 16,484 -r-hs---- C:\Program Files\tmp34328.exe
    2008-03-12 10:36 . 2008-03-12 10:36 16,484 -r-hs---- C:\Program Files\tmp39890.exe
    2008-03-12 10:36 . 2008-03-12 10:36 16,484 -r-hs---- C:\Program Files\tmp33031.exe
    2008-03-12 10:33 . 2008-03-12 10:33 16,484 -r-hs---- C:\Program Files\tmp39875.exe
    2008-03-12 10:32 . 2008-03-12 10:32 16,484 -r-hs---- C:\Program Files\tmp34343.exe
    2008-03-12 08:30 . 2008-03-12 08:30 16,484 -r-hs---- C:\Program Files\tmp38578.exe
    2008-03-12 08:30 . 2008-03-12 08:30 16,484 -r-hs---- C:\Program Files\tmp33093.exe
    2008-03-12 06:42 . 2008-03-12 06:42 16,484 -r-hs---- C:\Program Files\tmp37046.exe
    2008-03-12 06:42 . 2008-03-12 06:42 16,484 -r-hs---- C:\Program Files\tmp31640.exe
    2008-03-11 21:38 . 2008-03-11 21:38 <REP> d-------- C:\Program Files\Lavasoft
    2008-03-11 21:37 . 2008-03-11 21:37 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-11 21:20 . 2008-03-11 21:20 16,484 -r-hs---- C:\Program Files\tmp35562.exe
    2008-03-11 21:20 . 2008-03-11 21:20 16,484 -r-hs---- C:\Program Files\tmp30234.exe
    2008-03-11 20:51 . 2008-03-11 20:51 16,484 -r-hs---- C:\Program Files\tmp37500.exe
    2008-03-11 20:51 . 2008-03-11 20:51 16,484 -r-hs---- C:\Program Files\tmp31750.exe
    2008-03-11 20:36 . 2008-03-11 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-11 20:13 . 2008-03-11 20:13 21,608 --a------ C:\Program Files\antiviirus.exe
    2008-03-11 20:13 . 2008-03-11 20:13 16,484 -r-hs---- C:\Program Files\tmp121449109.exe
    2008-03-11 20:13 . 2008-03-11 20:13 16,484 -r-hs---- C:\Program Files\tmp121444015.exe
    2008-03-09 02:30 . 2008-03-09 02:30 <REP> d-------- C:\Program Files\Axis Communications
    2008-03-07 23:21 . 2008-03-08 11:01 <REP> d-------- C:\Program Files\Black Element Software
    2008-03-02 21:40 . 2008-03-12 20:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-02 21:40 . 2008-03-12 20:06 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-25 19:57 . 2008-02-25 19:57 <REP> d-------- C:\Program Files\MSECache
    2008-02-23 23:29 . 2008-02-23 23:30 <REP> d-------- C:\Program Files\PokerTH
    2008-02-23 12:39 . 2008-02-23 12:39 <REP> d-------- C:\Program Files\NCH Software
    2008-02-23 12:38 . 2008-02-23 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Program Files\NCH Swift Sound
    2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Documents and Settings\papa\Application Data\NCH Swift Sound

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 18:45 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-03-12 17:55 5,120 ----a-w C:\WINDOWS\system32\BReWErS.dll
    2008-03-12 17:51 --------- d-----w C:\Program Files\eMule
    2008-03-12 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-12 11:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-08 21:30 --------- d-----w C:\Documents and Settings\papa\Application Data\Azureus
    2008-03-08 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-07 19:48 --------- d-----w C:\Program Files\Azureus
    2008-02-22 14:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-10 19:46 --------- d-----w C:\Documents and Settings\papa\Application Data\pokerth
    2008-01-18 22:13 --------- d-----w C:\Program Files\Fake Webcam
    2008-01-12 22:02 --------- d-----w C:\Program Files\Windows Live
    2008-01-12 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-12 21:54 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-08 19:41 53,248 -c--a-w C:\WINDOWS\system32\apache.dll
    2007-12-21 21:00 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-11-05 18:50 2,293,712 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2007-04-06 12:45 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-06 12:45 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-08-01 07:31 15,295,272 -c--a-w C:\Program Files\Install_Messenger.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-12_18.43.46.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-12 11:17:27 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
    + 2008-03-12 18:59:36 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 18:17 395264]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 12:36 68856]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-15 19:39 77824]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "AvpRom"= {232a490b-2a8e-464e-9a06-bd9cccd7c172} - C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll [ ]
    "zip"= {98576a01-6255-446e-a46a-a1271439d29b} - C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll [ ]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
    "D:\\Documents de papa\\SmitfraudFix\\SmitfraudFix\\SmiUpdate.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    S2 Ca504av;TRUST 350FS POWERC@M FLASH(Video);C:\WINDOWS\system32\Drivers\Ca504av.sys [2002-10-21 10:37]
    S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-09-28 15:18]
    S3 USBCamera;TRUST 350FS POWERC@M FLASH(Still);C:\WINDOWS\system32\Drivers\Bulk504.sys [2002-12-04 13:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092cdd68-d562-11dc-b2a5-000b6a943c7b}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chansons.m3u

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{905a86c4-c613-11dc-b2a0-000b6a943c7b}]
    \shel\Auto\command - K:\iw3sp.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chansons.m3u

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6258eff-e7d6-11da-825d-4d6564696130}]
    \Shell\AutoRun\command - I:\ProjectFloodV3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6258f03-e7d6-11da-825d-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL application.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d402e437-7313-11db-b077-000b6a943c7b}]
    \Shell\AutoRun\command - L:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d402e439-7313-11db-b077-000b6a943c7b}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb41387-beb7-11dc-b299-000b6a943c7b}]
    \Shell\Auto\command - I:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    *Newly Created Service* - USNJSVC
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-12 18:46:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-12 20:06:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-12 20:07:47
    ComboFix-quarantined-files.txt 2008-03-12 19:07:25
    ComboFix2.txt 2008-03-12 17:44:02
    .
    2008-02-13 18:26:58 --- E O F ---
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonjour g76,

    peux tu faire ceci stp

    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de :

    {232a490b-2a8e-464e-9a06-bd9cccd7c172}

    - Type de recherche : sélectionne l'option 6 puis valide

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
    Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

    fais la même chose pour celui ci

    {98576a01-6255-446e-a46a-a1271439d29b}

    @+
    0
  9. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    15/03/2008 ---- 21:59:43,10

    ----------------------------------
    §§§§§§ [{232a490b-2a8e-464e-9a06-bd9cccd7c172}] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete

    ********************
    [Registre]
    ********************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232a490b-2a8e-464e-9a06-bd9cccd7c172}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\InProcServer32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\InProcServer32]
    @="C:\\WINDOWS\\Installer\\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\\AvpRom.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "AvpRom"="{232a490b-2a8e-464e-9a06-bd9cccd7c172}"

    *******************
    [Fichier]
    *******************

    c:\QooBox\Quarantine\C\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}
    c:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}

    *********************
    [Même date]
    *********************

    [R‚pertoire ] --- REP ---> C:\Program Files\Files

    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------
    0
  10. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    Deuxième rapport recherche sur {98576a01-6255-446e-a46a-a1271439d29b}

    15/03/2008 ---- 22:02:07,65

    ----------------------------------
    §§§§§§ [ 15/03/2008 ---- 21:59:43,10 ] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete

    ********************
    [Registre]
    ********************

    Aucune entrée détectée

    *******************
    [Fichier]
    *******************

    *********************
    [Même date]
    *********************

    Aucun fichier créé à la même date détecté

    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------
    0
  11. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    Et en complément le rapport Hijackthis après les 2 opérations

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:06:05, on 15/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.cet.unomaha.edu/activex/AMC.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AD7BE46-11E9-4CE8-A836-FCCA1729F15C}: NameServer = 86.64.145.143 84.103.237.143
    O21 - SSODL: AvpRom - {232a490b-2a8e-464e-9a06-bd9cccd7c172} - C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll (file missing)
    O21 - SSODL: zip - {98576a01-6255-446e-a46a-a1271439d29b} - C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut g76,

    la manip avec oad c´etait pour trouvé les cles de registre...

    donc maintenant on va les supprimer :

    la suite :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232a490b-2a8e-464e-9a06-bd9cccd7c172}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\InProcSe­rver32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\InProcSe­rver32]
    "@"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
    "AvpRom"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98576a01-6255-446e-a46a-a1271439d29b}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98576a01-6255-446e-a46a-a1271439d29b}\InProcSe­rver32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98576a01-6255-446e-a46a-a1271439d29b}\InProcSe­rver32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98576a01-6255-446e-a46a-a1271439d29b}\InProcSe­rver32]
    "@"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
    "zip"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  13. G76
     
    ComboFix 08-03-10.1 - papa 2008-03-16 9:10:25.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.634 [GMT 1:00]
    Endroit: C:\Documents and Settings\papa\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\papa\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll
    C:\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-14 06:46 . 2008-03-14 06:47 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-14 06:13 . 2008-03-14 06:13 8,458 --a------ C:\cc_20080314_0613.reg
    2008-03-14 06:12 . 2008-03-14 06:12 393,788 --a------ C:\cc_20080314_0611.reg
    2008-03-13 07:37 . 2008-03-14 06:57 <REP> d-------- C:\SDFix
    2008-03-13 06:25 . 2008-03-13 06:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-03-13 06:24 . 2008-03-13 06:24 <REP> d-------- C:\Program Files\Yahoo!
    2008-03-13 06:23 . 2008-03-13 06:24 <REP> d-------- C:\Program Files\CCleaner
    2008-03-13 06:14 . 2008-03-13 06:14 <REP> d-------- C:\Documents and Settings\papa\Application Data\Grisoft
    2008-03-13 06:14 . 2008-03-13 06:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-13 06:14 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-03-12 21:18 . 2008-03-12 21:18 16,484 -r-hs---- C:\Program Files\tmp42562.exe
    2008-03-12 21:18 . 2008-03-12 21:18 16,484 -r-hs---- C:\Program Files\tmp36015.exe
    2008-03-12 21:16 . 2008-03-12 21:16 <REP> d-------- C:\_OTMoveIt
    2008-03-12 18:34 . 2008-03-12 18:34 16,484 -r-hs---- C:\Program Files\tmp51046.exe
    2008-03-12 18:34 . 2008-03-12 18:34 16,484 -r-hs---- C:\Program Files\tmp43937.exe
    2008-03-12 18:28 . 2008-03-12 18:28 <REP> d-------- C:\Documents and Settings\papa\SmitfraudFix
    2008-03-12 12:45 . 2008-03-12 12:45 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-12 10:43 . 2008-03-12 10:43 16,484 -r-hs---- C:\Program Files\tmp34328.exe
    2008-03-12 10:36 . 2008-03-12 10:36 16,484 -r-hs---- C:\Program Files\tmp39890.exe
    2008-03-12 10:36 . 2008-03-12 10:36 16,484 -r-hs---- C:\Program Files\tmp33031.exe
    2008-03-12 10:33 . 2008-03-12 10:33 16,484 -r-hs---- C:\Program Files\tmp39875.exe
    2008-03-12 10:32 . 2008-03-12 10:32 16,484 -r-hs---- C:\Program Files\tmp34343.exe
    2008-03-12 08:30 . 2008-03-12 08:30 16,484 -r-hs---- C:\Program Files\tmp38578.exe
    2008-03-12 08:30 . 2008-03-12 08:30 16,484 -r-hs---- C:\Program Files\tmp33093.exe
    2008-03-12 06:42 . 2008-03-12 06:42 16,484 -r-hs---- C:\Program Files\tmp37046.exe
    2008-03-12 06:42 . 2008-03-12 06:42 16,484 -r-hs---- C:\Program Files\tmp31640.exe
    2008-03-11 21:38 . 2008-03-11 21:38 <REP> d-------- C:\Program Files\Lavasoft
    2008-03-11 21:20 . 2008-03-11 21:20 16,484 -r-hs---- C:\Program Files\tmp35562.exe
    2008-03-11 21:20 . 2008-03-11 21:20 16,484 -r-hs---- C:\Program Files\tmp30234.exe
    2008-03-11 20:51 . 2008-03-11 20:51 16,484 -r-hs---- C:\Program Files\tmp37500.exe
    2008-03-11 20:51 . 2008-03-11 20:51 16,484 -r-hs---- C:\Program Files\tmp31750.exe
    2008-03-11 20:36 . 2008-03-11 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-11 20:13 . 2008-03-11 20:13 16,484 -r-hs---- C:\Program Files\tmp121449109.exe
    2008-03-11 20:13 . 2008-03-11 20:13 16,484 -r-hs---- C:\Program Files\tmp121444015.exe
    2008-03-09 02:30 . 2008-03-09 02:30 <REP> d-------- C:\Program Files\Axis Communications
    2008-03-07 23:21 . 2008-03-08 11:01 <REP> d-------- C:\Program Files\Black Element Software
    2008-03-02 21:40 . 2008-03-14 21:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-02 21:40 . 2008-03-14 21:56 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-25 19:57 . 2008-02-25 19:57 <REP> d-------- C:\Program Files\MSECache
    2008-02-23 23:29 . 2008-02-23 23:30 <REP> d-------- C:\Program Files\PokerTH
    2008-02-23 12:39 . 2008-02-23 12:39 <REP> d-------- C:\Program Files\NCH Software
    2008-02-23 12:38 . 2008-02-23 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Program Files\NCH Swift Sound
    2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Documents and Settings\papa\Application Data\NCH Swift Sound

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-16 08:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-03-15 16:57 --------- d-----w C:\Program Files\eMule
    2008-03-14 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-14 20:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-14 20:37 --------- d-----w C:\Program Files\Google
    2008-03-12 17:55 5,120 ----a-w C:\WINDOWS\system32\BReWErS.dll
    2008-03-08 21:30 --------- d-----w C:\Documents and Settings\papa\Application Data\Azureus
    2008-03-08 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-07 19:48 --------- d-----w C:\Program Files\Azureus
    2008-02-22 14:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-10 19:46 --------- d-----w C:\Documents and Settings\papa\Application Data\pokerth
    2008-01-18 22:13 --------- d-----w C:\Program Files\Fake Webcam
    2008-01-08 19:41 53,248 -c--a-w C:\WINDOWS\system32\apache.dll
    2007-12-21 21:00 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2007-11-05 18:50 2,293,712 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2007-04-06 12:45 25,980,320 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-04-06 12:45 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2006-08-01 07:31 15,295,272 -c--a-w C:\Program Files\Install_Messenger.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 18:17 395264]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-15 19:39 77824]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
    "D:\\Documents de papa\\SmitfraudFix\\SmitfraudFix\\SmiUpdate.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    S2 Ca504av;TRUST 350FS POWERC@M FLASH(Video);C:\WINDOWS\system32\Drivers\Ca504av.sys [2002-10-21 10:37]
    S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-09-28 15:18]
    S3 USBCamera;TRUST 350FS POWERC@M FLASH(Still);C:\WINDOWS\system32\Drivers\Bulk504.sys [2002-12-04 13:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092cdd68-d562-11dc-b2a5-000b6a943c7b}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chansons.m3u

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{905a86c4-c613-11dc-b2a0-000b6a943c7b}]
    \shel\Auto\command - K:\iw3sp.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chansons.m3u

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6258eff-e7d6-11da-825d-4d6564696130}]
    \Shell\AutoRun\command - I:\ProjectFloodV3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d402e437-7313-11db-b077-000b6a943c7b}]
    \Shell\AutoRun\command - L:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d402e439-7313-11db-b077-000b6a943c7b}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb41387-beb7-11dc-b299-000b6a943c7b}]
    \Shell\Auto\command - I:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    *Newly Created Service* - USNJSVC
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-16 07:46:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-16 09:12:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-16 9:13:52
    ComboFix-quarantined-files.txt 2008-03-16 08:13:33
    ComboFix2.txt 2008-03-12 19:07:48
    ComboFix3.txt 2008-03-12 17:44:02
    .
    2008-02-13 18:26:58 --- E O F ---
    0
  14. G76
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:14:50, on 16/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.cet.unomaha.edu/activex/AMC.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AD7BE46-11E9-4CE8-A836-FCCA1729F15C}: NameServer = 86.64.145.143 84.103.237.143
    O21 - SSODL: AvpRom - {232a490b-2a8e-464e-9a06-bd9cccd7c172} - (no file)
    O21 - SSODL: zip - {98576a01-6255-446e-a46a-a1271439d29b} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    G76,

    les fichiers on bien disparus ;-)

    maintenant la suite :

    a l´aide de hijack this coche et fix les lignes ci dessous :

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O21 - SSODL: AvpRom - {232a490b-2a8e-464e-9a06-bd9cccd7c172} - (no file
    O21 - SSODL: zip - {98576a01-6255-446e-a46a-a1271439d29b} - (no file)

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    puis

    regarde ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    puis

    instale un par feu :

    par feu : kerio

    telechargement : http://sd-1.archive-host.com/membres/up/1366464061/kerio-kpf-422-911-win.rar

    tuto :

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    un bonus :

    anti spyware :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    puis car il y a infection : I:\fun.xls.exe

    Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
    • Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
    • Doucle clic sur >> RAV.exe << afin de lancer l'outil.
    • Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
    • Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
    • Retire tes disques amovibles et redémarre ton ordinateur .
    Poste le rapport , si infection!

    puis

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    voila donc post moi un nouveau hijack this puis le rapport de rav antivirus puis le rapport d´antivir

    bon courrage

    @+
    0
    1. G76
       
      Pas de rapport RAV antivirus, désolé :=)))
      0
  16. G76
     
    AntiVir PersonalEdition Classic
    Report file date: dimanche 16 mars 2008 21:46

    Scanning for 1149506 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: papa
    Computer name: MAISON

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:39:27
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:39:27
    ANTIVIR3.VDF : 7.0.3.33 180736 Bytes 16/03/2008 20:39:27
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 16/03/2008 20:39:28
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/03/2008 20:39:28
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: dimanche 16 mars 2008 21:46

    Starting search for hidden objects.
    '404494' objects were checked, '0' hidden objects were found.

    End of the scan: dimanche 16 mars 2008 21:51
    Used time: 04:44 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    404494 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  17. G76
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:52:18, on 16/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.cet.unomaha.edu/activex/AMC.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AD7BE46-11E9-4CE8-A836-FCCA1729F15C}: NameServer = 86.64.145.143 84.103.237.143
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    g76,

    antivir n´as scanner aucun fichiers, il a juste scanner pour les rootkit! 4:44 minutes, c´est un peu court pour un scan...
    recommence le scan et post le rapport stp
    0
    1. g76 Messages postés 502 Date d'inscription   Statut Membre 57
       
      AntiVir PersonalEdition Classic
      Report file date: dimanche 16 mars 2008 22:06

      Scanning for 1149506 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: SYSTEM
      Computer name: MAISON

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:39:27
      ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:39:27
      ANTIVIR3.VDF : 7.0.3.33 180736 Bytes 16/03/2008 20:39:27
      AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 16/03/2008 20:39:28
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/03/2008 20:39:28
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: J:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: on
      Scan all files...................: All files
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: high

      Start of the scan: dimanche 16 mars 2008 22:06

      Starting search for hidden objects.
      '45937' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'guard.exe' - '0' Module(s) have been scanned
      Scan process 'daemon.exe' - '1' Module(s) have been scanned
      Scan process 'QuickAccess.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgas.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      28 processes with 28 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [NOTE] No virus was found!
      Master boot sector HD1
      [NOTE] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'D:\'
      [NOTE] No virus was found!
      Boot sector 'H:\'
      [NOTE] No virus was found!
      Boot sector 'J:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '20' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Program Files\tmp121444015.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da806.qua'!
      C:\Program Files\tmp121449109.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da80a.qua'!
      C:\Program Files\tmp30234.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da80e.qua'!
      C:\Program Files\tmp31640.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da814.qua'!
      C:\Program Files\tmp31750.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da816.qua'!
      C:\Program Files\tmp33031.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da817.qua'!
      C:\Program Files\tmp33093.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da819.qua'!
      C:\Program Files\tmp34328.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da81b.qua'!
      C:\Program Files\tmp34343.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da81c.qua'!
      C:\Program Files\tmp35562.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da81d.qua'!
      C:\Program Files\tmp36015.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da81f.qua'!
      C:\Program Files\tmp37046.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da820.qua'!
      C:\Program Files\tmp37500.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da822.qua'!
      C:\Program Files\tmp38578.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da823.qua'!
      C:\Program Files\tmp39875.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da825.qua'!
      C:\Program Files\tmp39890.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da827.qua'!
      C:\Program Files\tmp42562.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da828.qua'!
      C:\Program Files\tmp43937.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da829.qua'!
      C:\Program Files\tmp51046.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '484da82b.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\Installer\{232a490b-2a8e-464e-9a06-bd9cccd7c172}\AvpRom.dll.vir
      [DETECTION] Is the Trojan horse TR/Shell.Eviell
      [INFO] The file was moved to '484decd0.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\Installer\{98576a01-6255-446e-a46a-a1271439d29b}\zip.dll.vir
      [DETECTION] Is the Trojan horse TR/Shell.Eviell
      [INFO] The file was moved to '484decc6.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP777\A0453459.dll
      [DETECTION] Is the Trojan horse TR/Shell.Eviell
      [INFO] The file was moved to '4811f397.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP777\A0453460.dll
      [DETECTION] Is the Trojan horse TR/Shell.Eviell
      [INFO] The file was moved to '4811f39a.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP778\A0454884.exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.62
      [INFO] The file was moved to '4811f3ab.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455328.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d0.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455329.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d1.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455330.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d2.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455331.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d4.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455332.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d5.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455333.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d7.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455334.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d8.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455335.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3d9.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455336.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3db.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455337.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3dc.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455338.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3dd.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455339.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3df.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455340.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e0.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455341.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e2.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455342.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e3.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455343.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e4.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455344.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e6.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455345.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e7.qua'!
      C:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455346.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
      [INFO] The file was moved to '4811f3e9.qua'!
      C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING] The file could not be opened!
      C:\_OTMoveIt\MovedFiles\03122008_211944\program files\antiviirus.exe
      [DETECTION] Is the Trojan horse TR/Agent.fwi
      [INFO] The file was moved to '4851fad9.qua'!
      Begin scan in 'D:\'
      Begin scan in 'H:\' <stockage>
      H:\Baptiste\Medal_of_Honor_-_Allied_Assault_Serial.zip.rar
      [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
      [WARNING] The file was ignored!
      H:\Baptiste\Nudge Flooder.zip
      [0] Archive type: ZIP
      --> NudgeFlooder.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO] The file was moved to '4841fb59.qua'!
      H:\Baptiste\Nudge Flooder\NudgeFlooder.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO] The file was moved to '4841fbc6.qua'!
      H:\Baptiste\pirate msn\Windows Live Messenger 8.5+.rar
      [0] Archive type: RAR
      --> Windows Live Messenger 8.exe
      [DETECTION] Is the Trojan horse TR/Spy.MSN.B
      [INFO] The file was moved to '484bfbf4.qua'!
      H:\Baptiste\pirate msn\Windows Live Messenger 8.exe
      [DETECTION] Is the Trojan horse TR/Spy.MSN.B
      [INFO] The file was moved to '484bfbf8.qua'!
      H:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP773\A0449993.exe
      [DETECTION] Is the Trojan horse TR/Tibs.NA.13
      [INFO] The file was moved to '4811fc55.qua'!
      H:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455348.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO] The file was moved to '4811fc58.qua'!
      H:\System Volume Information\_restore{98E9CA08-72BC-4DF7-A034-B0564DAC02C2}\RP782\A0455349.exe
      [DETECTION] Is the Trojan horse TR/Spy.MSN.B
      [INFO] The file was moved to '4811fc5a.qua'!
      Begin scan in 'J:\' <la ou y a le gros bordel>


      End of the scan: lundi 17 mars 2008 06:11
      Used time: 8:05:48 min

      The scan has been done completely.

      4923 Scanning directories
      279798 Files were scanned
      48 viruses and/or unwanted programs were found
      4 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      51 files were moved to quarantine
      0 files were renamed
      3 Files cannot be scanned
      279750 Files not concerned
      1654 Archives were scanned
      4 Warnings
      0 Notes
      45937 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
    2. g76 Messages postés 502 Date d'inscription   Statut Membre 57
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 06:31:17, on 17/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

      https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:o&gws_rd=ssl

      fficial
      R1 - HKLM\Software\Microsoft\Internet

      Explorer\Main,Default_Page_URL =

      https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet

      Explorer\Main,Default_Search_URL =

      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet

      Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper -

      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

      Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

      - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

      file)
      O2 - BHO: Windows Live Toolbar Helper -

      {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows

      Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar -

      {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows

      Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

      Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program

      Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir

      PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

      Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program

      Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON

      Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

      /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

      C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

      C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

      C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

      C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk =

      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Windows Live Search -

      res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to AMV Convert Tool... -

      C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
      O8 - Extra context menu item: Add to AMV Converter... - C:\Program

      Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
      O8 - Extra context menu item: Add to Windows &Live Favorites -

      https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: MediaManager tool grab multimedia

      file - C:\Program Files\MP3 Player Utilities

      4.09\MediaManager\grab.html
      O9 - Extra button: (no name) -

      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

      Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) -

      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

      Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) -

      {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

      Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

      {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

      Diagnostic\xpnetdiag.exe
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -

      http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.ca

      b
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)

      - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

      (MessengerStatsClient Class) -

      http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267

      .cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

      Installer Class) -

      http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games -

      Installer) -

      http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

      (MessengerStatsClient Class) -

      http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab569

      07.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools

      WebPlayer Class) -

      http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.co

      m/6712/player/install/installer.exe
      O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044}

      (AxisMediaControlEmb Class) -

      http://trafficcams.cet.unomaha.edu/activex/AMC.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire

      Showdown Class) -

      http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.ca

      b
      O17 -

      HKLM\System\CS1\Services\Tcpip\..\{3AD7BE46-11E9-4CE8-A836-FCCA172

      9F15C}: NameServer = 86.64.145.143 84.103.237.143
      O23 - Service: AntiVir PersonalEdition Classic Scheduler

      (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir

      PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard

      (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

      PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

      C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner -

      C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -

      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google -

      C:\Program Files\Google\Common\Google

      Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) -

      Macrovision Corporation - C:\Program Files\Fichiers

      communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: SolidWorks Licensing Service - SolidWorks -

      C:\Program Files\Fichiers communs\SolidWorks

      Shared\Service\SolidWorksLicensing.exe
      0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    g76,

    instale un par feu :

    par feu : kerio

    Kerio (pare-feu) : reste gratuit après la période d'essai en français
    ----> https://www.zebulon.fr/telechargements/securite/firewalls/kerio.html

    Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
    --> https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

    Plus d'info :
    ->https://kerio.probb.fr/

    par feu : kerio

    telechargement : http://sd-1.archive-host.com/membres/up/1366464061/kerio-kpf-422-911-win.rar

    tuto :

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    regarde ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou oublie completement acrobat reader et instales foxit plus léger a la place:

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    peux tu aller dans C:\Program Files\

    et me dire si tu as des dossier de ce style : C:\Program Files\tmp37046.exe

    @+
    0
    1. g76 Messages postés 502 Date d'inscription   Statut Membre 57
       
      Bonsoir,

      Mise à jour Java réalisée, installation de foxit avec succès.
      Pas de ficher tpms*.exe sous c:\Programm Files

      Quelle est la suite des opérations?

      @+
      0
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok, pour java et foxit,

    pour verifier il serait bon de faire un scan en ligne :

    Scan en ligne bitdefender :

    https://www.bitdefender.com/toolbox/

    Clicker sur " I agree " et suivre les indications

    A faire imperativement sous internet explorer, en acceptant l´activ x

    tutoriel en image en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ou

    Fais un scan en ligne Kaspersky avec Internet Explorer :
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    -> Click sur Démarrer Online-Scanner
    -> Click maintenant sur J'accepte.
    -> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    -> Patiente pendant l'installation des Mises à jour.
    -> Choisis par la suite l'analyse du Poste de travail.
    -> Sauvegarde puis colle le rapport généré en fin d'analyse.

    post un des deux scans stp

    @+
    0
  21. g76 Messages postés 502 Date d'inscription   Statut Membre 57
     
    BitDefender Online Scanner

    Scan report generated at: Tue, Mar 18, 2008 - 06:14:02

    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;J:\;

    Statistics

    Time

    01:15:03

    Files

    222544

    Folders

    4829

    Boot Sectors

    6

    Archives

    5327

    Packed Files

    6327

    Results

    Identified Viruses

    5

    Infected Files

    6

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    6

    Engines Info

    Virus Definitions

    1005684

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    41

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 0)

    Infected with: Generic.Peed.Eml.7055D20D

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 0)

    Disinfection failed

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 0)

    Deleted

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk

    Update failed

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 2)

    Infected with: Generic.Peed.Eml.E89C4D24

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 2)

    Disinfection failed

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 2)

    Deleted

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk

    Update failed

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 3)

    Infected with: Generic.Peed.Eml.5EBA2E90

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 3)

    Disinfection failed

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk=>(message 3)

    Deleted

    C:\Documents and Settings\papa\Application Data\Thunderbird\Profiles\k10aara0.default\Mail\pop.cegetel-4.net\Junk

    Update failed

    C:\Documents and Settings\papa\Bureau\extcodtrn2.zip=>Call of Duty.exe

    Infected with: Trojan.Horse.HJ

    C:\Documents and Settings\papa\Bureau\extcodtrn2.zip=>Call of Duty.exe

    Deleted

    C:\Documents and Settings\papa\Bureau\extcodtrn2.zip

    Updated

    C:\Documents and Settings\papa\Local Settings\Temp\Rar$EX00.860\Call of Duty.exe

    Infected with: Trojan.Horse.HJ

    C:\Documents and Settings\papa\Local Settings\Temp\Rar$EX00.860\Call of Duty.exe

    Deleted

    H:\Baptiste\Medal_of_Honor_-_Allied_Assault_Serial.zip.exe=>(ZIP Sfx o)=>crack.exe

    Infected with: Trojan.Downloader.Zlob.ABNX

    H:\Baptiste\Medal_of_Honor_-_Allied_Assault_Serial.zip.exe=>(ZIP Sfx o)=>crack.exe

    Disinfection failed

    H:\Baptiste\Medal_of_Honor_-_Allied_Assault_Serial.zip.exe=>(ZIP Sfx o)=>crack.exe

    Deleted

    H:\Baptiste\Medal_of_Honor_-_Allied_Assault_Serial.zip.exe=>(ZIP Sfx o)

    Updated

    H:\Baptiste\Medal_of_Honor_-_Allied_Assault_Serial.zip.exe

    Update failed
    0
  • 1
  • 2
  • 3
  • 4