Sujet Précédent Sujet Suivant

Beaucoup de virus

neo97435 Messages postés 202 Statut Membre -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,tout le monde la!!! j'ai vraiment un probleme j'ai beaucoup de virus des cheval de il ya au moin
30 environ j'ai avast qui le detect et qui le met en quarantaine mais aussi un autre probleme les icones de mon bureau diisparer et réaparaitre comment faire j'ouvre un doosier aussitot il se referme commant faire svp aider....merci
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour
commence par faire un rapport hijack

Télécharge sur le bureau

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+
0
Réponse 2 / 22
neo97435 Messages postés 202 Statut Membre 53
 
ok ses party et merci de m'aide
0
Réponse 3 / 22
neo97435 Messages postés 202 Statut Membre 53
 
resalut voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:25, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\Regis\LOCALS~1\Temp\winlogan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Regis\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [0cfbfd90] rundll32.exe "C:\WINDOWS\system32\ijpmmlbv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Regis\LOCALS~1\Temp\winlogan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O15 - Trusted Zone: https://www.orange.fr/portail
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 4 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
ok

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
neo97435 Messages postés 202 Statut Membre 53
 
resalut excuse moi pour le retard voila

ComboFix 08-03-22.3 - jean damien 2008-03-23 13:36:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.526 [GMT 4:00]
Endroit: C:\Documents and Settings\jean damien\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\pmnkkig.dll
C:\WINDOWS\system32\ras\hhlmken.scp
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\vtusron.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}
-------\Service_hhlmken
-------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 13:26 . 2008-03-23 13:26 <REP> d-------- C:\Program Files\Trend Micro
2008-03-23 12:35 . 2008-03-23 12:35 <REP> d-------- C:\Documents and Settings\jean damien\Application Data\Grisoft
2008-03-23 12:35 . 2008-03-23 13:40 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-23 12:20 . 2008-01-24 00:09 <REP> d--h----- C:\Documents and Settings\jean damien\Voisinage r‚seau
2008-03-23 12:20 . 2008-01-24 00:09 <REP> d--h----- C:\Documents and Settings\jean damien\Voisinage d'impression
2008-03-23 12:20 . 2008-01-23 16:15 <REP> d--h----- C:\Documents and Settings\jean damien\ModŠles
2008-03-23 12:20 . 2008-03-23 12:21 <REP> d---s---- C:\Documents and Settings\jean damien\Mes documents
2008-03-23 12:20 . 2008-01-24 00:09 <REP> dr------- C:\Documents and Settings\jean damien\Menu D‚marrer
2008-03-23 12:20 . 2008-03-23 12:21 <REP> d---s---- C:\Documents and Settings\jean damien\Favoris
2008-03-23 12:20 . 2008-03-23 13:40 <REP> d-------- C:\Documents and Settings\jean damien\Bureau
2008-03-23 02:33 . 2008-03-23 02:33 <REP> d-------- C:\Downloaded Videos
2008-03-23 02:32 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-03-23 02:32 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-03-23 02:32 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-03-22 20:42 . 2008-03-23 11:24 1,854 ---hs---- C:\WINDOWS\system32\vblmmpji.ini
2008-03-22 20:41 . 2008-03-22 20:41 86,592 --------- C:\WINDOWS\system32\ijpmmlbv.dll_old
2008-03-22 17:13 . 2008-03-22 17:42 377 --a------ C:\WINDOWS\wininit.ini
2008-03-22 16:30 . 2008-03-23 11:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 16:30 . 2008-03-23 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 14:45 . 2008-03-22 14:46 <REP> d-------- C:\Program Files\Shareaza Applications
2008-03-22 14:45 . 2008-03-22 16:06 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Shareaza
2008-03-22 14:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-03-22 10:45 . 2008-03-22 17:42 1,543,219 ---hs---- C:\WINDOWS\system32\bjoxvcoj.ini
2008-03-22 00:53 . 2008-03-22 10:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-21 23:43 . 2007-12-04 17:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 23:43 . 2004-01-09 13:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 23:43 . 2007-12-04 16:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 23:43 . 2007-12-04 18:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 23:43 . 2007-12-04 18:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 23:43 . 2007-12-04 18:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 23:43 . 2007-12-04 18:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 23:43 . 2007-12-04 18:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-21 21:46 . 2008-03-22 14:44 <REP> d-------- C:\Program Files\Shareaza
2008-03-21 21:44 . 2006-06-29 15:49 17,213 -rahs---- C:\Autorun.ini
2008-03-21 21:44 . 2001-08-16 06:42 2,238 -rahs---- C:\WINDOWS\system32\Autorun.ico
2008-03-21 21:44 . 2001-08-16 06:42 2,238 -rahs---- C:\Autorun.ico
2008-03-21 21:44 . 2006-07-30 23:20 959 -rahs---- C:\WINDOWS\system32\autorun.bin
2008-03-21 21:44 . 2006-07-30 23:20 959 -rahs---- C:\autorun.bin
2008-03-21 21:44 . 2006-07-06 19:58 72 -rahs---- C:\WINDOWS\system32\autorun.wsh
2008-03-21 21:44 . 2006-07-06 19:58 72 -rahs---- C:\autorun.wsh
2008-03-21 21:36 . 26,624 C:\WINDOWS\system32\drivers\Hkn37.sys
2008-03-21 21:36 . 2008-03-23 13:40 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-21 21:36 . 2008-03-21 21:36 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-03-21 21:36 . 2008-03-21 21:43 2 --a------ C:\217840959
2008-03-21 21:35 . 2008-03-21 21:42 58,368 --a------ C:\hlkhyer.exe
2008-03-21 20:52 . 2008-03-21 20:52 <REP> d-------- C:\Program Files\Vstplugins
2008-03-20 12:44 . 2008-03-20 12:44 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-20 12:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 12:30 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-20 12:30 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-20 02:45 . 2008-03-20 02:45 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Publish Providers
2008-03-20 02:45 . 2008-03-20 02:45 <REP> d-------- C:\Documents and Settings\Regis\Application Data\NetMedia Providers
2008-03-20 02:40 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-20 02:40 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-03-20 02:40 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-03-20 02:39 . 2008-03-20 02:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-03-20 02:39 . 2008-03-21 20:55 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Sony
2008-03-20 02:39 . 2008-03-20 02:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-03-20 02:38 . 2008-03-21 20:52 <REP> d-------- C:\Program Files\Sony
2008-03-19 19:37 . 2008-03-19 19:37 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-03-19 18:13 . 2008-03-22 10:19 <REP> d-------- C:\Downloads
2008-03-19 18:12 . 2008-03-19 18:12 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-19 17:58 . 2008-03-19 17:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-19 17:57 . 2008-03-19 17:59 <REP> d-------- C:\Program Files\Windows Live
2008-03-19 17:57 . 2008-03-19 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-19 17:35 . 2007-05-30 16:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-19 16:52 . 2008-03-19 16:52 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-03-19 16:41 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-03-19 16:41 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-03-19 16:41 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-03-19 16:41 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-03-19 16:40 . 2008-03-19 16:44 <REP> d-------- C:\Program Files\Orange
2008-03-19 16:40 . 2008-03-19 16:40 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-03-19 16:34 . 2008-03-19 16:34 <REP> d-------- C:\Program Files\SAGEM
2008-03-19 16:33 . 2008-03-19 16:33 <REP> d-------- C:\Program Files\Securitoo
2008-03-17 16:42 . 2008-03-17 16:42 268 --ah----- C:\sqmdata03.sqm
2008-03-17 16:42 . 2008-03-17 16:42 244 --ah----- C:\sqmnoopt03.sqm
2008-03-17 16:41 . 2008-03-17 16:41 <REP> d-------- C:\Documents and Settings\Regis\Contacts
2008-03-17 16:41 . 2008-03-17 16:41 304 --ah----- C:\sqmdata01.sqm
2008-03-17 16:41 . 2008-03-17 16:41 268 --ah----- C:\sqmdata02.sqm
2008-03-17 16:41 . 2008-03-17 16:41 244 --ah----- C:\sqmnoopt02.sqm
2008-03-17 16:41 . 2008-03-17 16:41 244 --ah----- C:\sqmnoopt01.sqm
2008-03-17 16:40 . 2008-03-17 16:40 268 --ah----- C:\sqmdata00.sqm
2008-03-17 16:40 . 2008-03-17 16:40 244 --ah----- C:\sqmnoopt00.sqm
2008-03-17 12:56 . 2008-03-17 12:56 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-17 12:56 . 2008-03-17 12:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-17 12:56 . 2008-03-17 12:56 0 --a------ C:\WINDOWS\system32\wuredist.cab
2008-03-17 12:50 . 2008-03-23 12:17 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Free Download Manager
2008-03-17 12:50 . 2008-03-17 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-03-16 22:04 . 2008-03-16 22:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-03-16 22:03 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-03-16 22:02 . 2008-03-19 17:14 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-16 18:49 . 2008-03-16 18:50 23 --a------ C:\WINDOWS\VI20.set
2008-03-15 20:53 . 2008-03-15 20:53 <REP> d-------- C:\Documents and Settings\Dmien\Jeux
2008-03-06 21:28 . 2008-03-22 14:44 <REP> d-------- C:\Documents and Settings\Dmien\Programmes
2008-03-05 21:38 . 2008-03-05 21:38 <REP> d-------- C:\Program Files\Gta Save
2008-03-05 21:07 . 2008-03-05 21:07 <REP> d-------- C:\Program Files\Rockstar Games
2008-03-04 23:35 . 2008-03-04 23:35 126 --a------ C:\WINDOWS\S3.uns
2008-03-03 14:55 . 2008-03-03 14:55 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Nero
2008-03-03 14:50 . 2008-03-03 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 09:16 --------- d-----w C:\Program Files\SM
2008-03-21 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 17:35 --------- d-----w C:\Program Files\Free Download Manager
2008-03-21 16:51 --------- d-----w C:\Program Files\Sony Setup
2008-03-19 22:24 --------- d-----w C:\Documents and Settings\Regis\Application Data\Sony Setup
2008-03-19 15:24 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-08 13:42 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-07 17:23 --------- d-----w C:\Program Files\Total Video Converter
2008-03-03 10:50 --------- d-----w C:\Program Files\Nero
2008-03-02 16:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-02 15:44 --------- d-----w C:\Documents and Settings\Regis\Application Data\OpenOffice.org2
2008-02-19 17:15 --------- d-----w C:\Documents and Settings\Regis\Application Data\EPSON
2008-02-18 16:12 --------- d-----w C:\Documents and Settings\Regis\Application Data\ArcSoft
2008-02-18 09:13 --------- d-----w C:\Program Files\VirtualDJ2.1
2008-02-13 18:28 --------- d-----w C:\Program Files\DivX
2008-02-13 18:10 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-13 18:04 --------- d-----w C:\Program Files\CDex130
2008-02-12 17:16 --------- d-----w C:\Program Files\Aime P3
2008-02-05 17:21 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-02-05 16:59 --------- d-----w C:\Program Files\IVCsoft
2008-02-04 09:00 --------- d-----w C:\Documents and Settings\Regis\Application Data\Ahead
2008-02-01 09:22 --------- d-----w C:\Documents and Settings\Regis\Application Data\muvee Technologies
2008-01-31 16:39 --------- d-----w C:\Documents and Settings\Regis\Application Data\AdobeUM
2008-01-30 11:41 304,160 ----a-w C:\StiImg.dat
2008-01-29 14:37 --------- d-----w C:\Program Files\ArcSoft
2008-01-29 14:21 --------- d-----w C:\Documents and Settings\Regis\Application Data\Talkback
2008-01-29 13:44 --------- d-----w C:\Program Files\Fichiers communs\PCCamera
2008-01-27 14:14 --------- d-----w C:\Program Files\KraiSoft
2008-01-25 12:31 --------- d-----w C:\Program Files\Ubisoft
2008-01-25 10:58 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2008-01-25 10:55 --------- d-----w C:\Program Files\DV TS
2008-01-24 20:59 --------- d-----w C:\Documents and Settings\Regis\Application Data\CyberLink
2008-01-24 17:22 --------- d-----w C:\Program Files\muvee Technologies
2008-01-24 17:22 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-01-24 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-01-24 17:06 --------- d-----w C:\Program Files\Trust
2008-01-24 16:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-01-24 16:41 --------- d-----w C:\Program Files\epson
2008-01-24 16:39 --------- d-----w C:\Documents and Settings\Regis\Application Data\InstallShield
2008-01-24 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-24 13:06 --------- d--h--r C:\Documents and Settings\Regis\Application Data\SecuROM
2008-01-24 12:01 --------- d-----w C:\Documents and Settings\Regis\Application Data\vlc
2008-01-24 11:46 --------- d-----w C:\Documents and Settings\Regis\Application Data\Grisoft
2008-01-24 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-24 11:44 --------- d-----w C:\Program Files\WinASPI
2008-01-24 11:44 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-24 11:43 --------- d-----w C:\Program Files\ffdshow
2008-01-24 11:33 64,111 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-24 11:33 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-24 11:27 --------- d-----w C:\Documents and Settings\Regis\Application Data\TuneUp Software
2008-01-24 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-24 11:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-24 11:24 --------- d-----w C:\Program Files\CyberLink
2008-01-24 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-24 09:05 --------- d-----w C:\Program Files\Ontrack
2008-01-24 08:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-24 08:29 --------- d-----w C:\Program Files\Alwil Software
2008-01-24 08:28 --------- d-----w C:\Program Files\VideoLAN
2008-01-24 08:24 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-01-23 13:27 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-23 13:27 --------- d-----w C:\Program Files\Realtek
2008-01-23 13:09 --------- d-----w C:\Program Files\S3
2008-01-23 13:08 --------- d-----w C:\Program Files\DIFX
2008-01-23 12:24 --------- d-----w C:\Program Files\VIA
2008-01-23 12:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-23 12:17 --------- d-----w C:\Program Files\Services en ligne
2006-07-30 19:20 959 --sha-r C:\WINDOWS\system32\autorun.bin
.

------- Sigcheck -------

2007-06-13 17:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 17:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 17:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
2008-03-21 21:36 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 14:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Regis\LOCALS~1\Temp\winlogan.exe" [2008-03-21 21:36 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 13:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 17:00 79224]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Regis\LOCALS~1\Temp\winlogan.exe" [2008-03-21 21:36 15000]
"0cfbfd90"="C:\WINDOWS\system32\ijpmmlbv.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [2008-03-21 21:36 10000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusron]
vtusron.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-23 13:40 11776 C:\WINDOWS\system32\WLCtrl32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58948:TCP"= 58948:TCP:Pando P2P TCP Listening Port
"58948:UDP"= 58948:UDP:Pando P2P UDP Listening Port

R0 Hkn37;Hkn37;C:\WINDOWS\system32\Drivers\Hkn37.sys []
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 23:52]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 16:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 13:39]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:55]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-10 06:06]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 14:34]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-23 09:13:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 13:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 13:40:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
-> C:\WINDOWS\system32\jfiehayd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-03-23 13:43:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 09:43:09
.
2008-03-20 08:45:53 --- E O F ---
0
Réponse 6 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
selectionne ceci


Driver::
Hkn37

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0cfbfd90"=-

File::
C:\WINDOWS\system32\vblmmpji.ini
C:\WINDOWS\system32\ijpmmlbv.dll_old
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\bjoxvcoj.ini
C:\WINDOWS\system32\drivers\Hkn37.sys
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\jfiehayd.dll
C:\217840959
C:\hlkhyer.exe
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
neo97435 Messages postés 202 Statut Membre 53
 
désoler nep44 tu peux bien me précisé le chemin du bloc note svp merci
0
Réponse 7 / 22
neo97435 Messages postés 202 Statut Membre 53
 
ok ep44 ses party aussi merci je te tien au courant
0
Réponse 8 / 22
neo97435 Messages postés 202 Statut Membre 53
 
ComboFix 08-03-22.3 - Regis 2008-03-23 15:50:22.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.521 [GMT 4:00]
Endroit: C:\Documents and Settings\Regis\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Regis\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\217840959
C:\hlkhyer.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\WINDOWS\system32\bjoxvcoj.ini
C:\WINDOWS\system32\drivers\Hkn37.sys
C:\WINDOWS\system32\ijpmmlbv.dll_old
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\vblmmpji.ini
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\wininit.ini
.
-- Other TimeOuts --
pv -kf -l"* pid.bat *"
CF7455.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF7455.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF7455.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF7455.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\217840959
C:\hlkhyer.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\WINDOWS\system32\bjoxvcoj.ini
C:\WINDOWS\system32\drivers\Hkn37.sys
C:\WINDOWS\system32\ijpmmlbv.dll_old
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\vblmmpji.ini
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HKN37
-------\Service_Hkn37

((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 15:44 . 26,496 C:\WINDOWS\system32\drivers\Bgj71.sys
2008-03-23 15:44 . 2008-03-23 15:44 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-23 15:27 . 2008-03-23 15:27 <REP> d-------- C:\Documents and Settings\Dmien\Accessoires
2008-03-23 15:09 . 2008-03-23 15:09 <REP> d-------- C:\Documents and Settings\jean damien\Application Data\TuneUp Software
2008-03-23 13:48 . 2008-03-23 13:48 0 --a------ C:\temp00
2008-03-23 13:26 . 2008-03-23 13:26 <REP> d-------- C:\Program Files\Trend Micro
2008-03-23 12:35 . 2008-03-23 12:35 <REP> d-------- C:\Documents and Settings\jean damien\Application Data\Grisoft
2008-03-23 12:20 . 2008-01-24 00:09 <REP> d--h----- C:\Documents and Settings\jean damien\Voisinage réseau
2008-03-23 12:20 . 2008-01-24 00:09 <REP> d--h----- C:\Documents and Settings\jean damien\Voisinage d'impression
2008-03-23 12:20 . 2008-01-23 16:15 <REP> d--h----- C:\Documents and Settings\jean damien\Modèles
2008-03-23 12:20 . 2008-03-23 12:21 <REP> d---s---- C:\Documents and Settings\jean damien\Mes documents
2008-03-23 12:20 . 2008-01-24 00:09 <REP> dr------- C:\Documents and Settings\jean damien\Menu Démarrer
2008-03-23 12:20 . 2008-03-23 12:21 <REP> d---s---- C:\Documents and Settings\jean damien\Favoris
2008-03-23 12:20 . 2008-03-23 15:25 <REP> d-------- C:\Documents and Settings\jean damien\Bureau
2008-03-23 02:33 . 2008-03-23 02:33 <REP> d-------- C:\Downloaded Videos
2008-03-23 02:32 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-03-23 02:32 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-03-23 02:32 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-03-22 16:30 . 2008-03-23 11:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 16:30 . 2008-03-23 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 14:45 . 2008-03-22 14:46 <REP> d-------- C:\Program Files\Shareaza Applications
2008-03-22 14:45 . 2008-03-22 16:06 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Shareaza
2008-03-22 14:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-03-22 00:53 . 2008-03-22 10:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-21 23:43 . 2007-12-04 17:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 23:43 . 2004-01-09 13:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 23:43 . 2007-12-04 16:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 23:43 . 2007-12-04 18:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 23:43 . 2007-12-04 18:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 23:43 . 2007-12-04 18:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 23:43 . 2007-12-04 18:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 23:43 . 2007-12-04 18:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-21 21:46 . 2008-03-22 14:44 <REP> d-------- C:\Program Files\Shareaza
2008-03-21 21:44 . 2006-06-29 15:49 17,213 -rahs---- C:\Autorun.ini
2008-03-21 21:44 . 2001-08-16 06:42 2,238 -rahs---- C:\WINDOWS\system32\Autorun.ico
2008-03-21 21:44 . 2001-08-16 06:42 2,238 -rahs---- C:\Autorun.ico
2008-03-21 21:44 . 2006-07-30 23:20 959 -rahs---- C:\WINDOWS\system32\autorun.bin
2008-03-21 21:44 . 2006-07-30 23:20 959 -rahs---- C:\autorun.bin
2008-03-21 21:44 . 2006-07-06 19:58 72 -rahs---- C:\WINDOWS\system32\autorun.wsh
2008-03-21 21:44 . 2006-07-06 19:58 72 -rahs---- C:\autorun.wsh
2008-03-21 20:52 . 2008-03-21 20:52 <REP> d-------- C:\Program Files\Vstplugins
2008-03-20 12:44 . 2008-03-20 12:44 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-20 12:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 12:30 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-20 12:30 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-20 02:45 . 2008-03-20 02:45 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Publish Providers
2008-03-20 02:45 . 2008-03-20 02:45 <REP> d-------- C:\Documents and Settings\Regis\Application Data\NetMedia Providers
2008-03-20 02:40 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-20 02:40 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-03-20 02:40 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-03-20 02:39 . 2008-03-20 02:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-03-20 02:39 . 2008-03-21 20:55 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Sony
2008-03-20 02:39 . 2008-03-20 02:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-03-20 02:38 . 2008-03-21 20:52 <REP> d-------- C:\Program Files\Sony
2008-03-19 19:37 . 2008-03-19 19:37 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-03-19 18:13 . 2008-03-22 10:19 <REP> d-------- C:\Downloads
2008-03-19 18:12 . 2008-03-19 18:12 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-19 17:58 . 2008-03-19 17:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-19 17:57 . 2008-03-19 17:59 <REP> d-------- C:\Program Files\Windows Live
2008-03-19 17:57 . 2008-03-19 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-19 17:35 . 2007-05-30 16:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-19 16:52 . 2008-03-19 16:52 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-03-19 16:41 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-03-19 16:41 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-03-19 16:41 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-03-19 16:41 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-03-19 16:40 . 2008-03-19 16:44 <REP> d-------- C:\Program Files\Orange
2008-03-19 16:40 . 2008-03-19 16:40 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-03-19 16:34 . 2008-03-19 16:34 <REP> d-------- C:\Program Files\SAGEM
2008-03-19 16:33 . 2008-03-19 16:33 <REP> d-------- C:\Program Files\Securitoo
2008-03-17 16:42 . 2008-03-17 16:42 268 --ah----- C:\sqmdata03.sqm
2008-03-17 16:42 . 2008-03-17 16:42 244 --ah----- C:\sqmnoopt03.sqm
2008-03-17 16:41 . 2008-03-17 16:41 <REP> d-------- C:\Documents and Settings\Regis\Contacts
2008-03-17 12:56 . 2008-03-17 12:56 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-17 12:56 . 2008-03-17 12:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-17 12:56 . 2008-03-17 12:56 0 --a------ C:\WINDOWS\system32\wuredist.cab
2008-03-17 12:50 . 2008-03-23 12:17 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Free Download Manager
2008-03-17 12:50 . 2008-03-17 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-03-16 22:04 . 2008-03-16 22:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-03-16 22:03 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-03-16 22:02 . 2008-03-19 17:14 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-16 18:49 . 2008-03-16 18:50 23 --a------ C:\WINDOWS\VI20.set
2008-03-15 20:53 . 2008-03-15 20:53 <REP> d-------- C:\Documents and Settings\Dmien\Jeux
2008-03-06 21:28 . 2008-03-22 14:44 <REP> d-------- C:\Documents and Settings\Dmien\Programmes
2008-03-05 21:38 . 2008-03-05 21:38 <REP> d-------- C:\Program Files\Gta Save
2008-03-05 21:07 . 2008-03-05 21:07 <REP> d-------- C:\Program Files\Rockstar Games
2008-03-04 23:35 . 2008-03-04 23:35 126 --a------ C:\WINDOWS\S3.uns
2008-03-03 14:55 . 2008-03-03 14:55 <REP> d-------- C:\Documents and Settings\Regis\Application Data\Nero
2008-03-03 14:50 . 2008-03-03 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-03-03 14:50 . 2008-03-03 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-02 23:33 . 2008-03-19 20:06 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-02 23:33 . 2008-03-02 23:33 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-02 23:33 . 2008-03-19 20:06 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-02 19:59 . 2008-03-04 13:17 <REP> d-------- C:\Program Files\SuperCopier2
2008-03-02 17:52 . 2008-03-02 17:52 <REP> d-------- C:\Program Files\My Lockbox
2008-03-02 17:52 . 2007-04-17 23:52 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-02-28 14:27 . 2008-03-08 17:32 <REP> d-------- C:\Program Files\EA GAMES
2008-02-28 14:27 . 2005-02-26 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-25 20:14 . 2008-02-27 14:49 <REP> d-------- C:\Program Files\VirtualDJ

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 09:16 --------- d-----w C:\Program Files\SM
2008-03-21 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 17:35 --------- d-----w C:\Program Files\Free Download Manager
2008-03-21 16:51 --------- d-----w C:\Program Files\Sony Setup
2008-03-19 22:24 --------- d-----w C:\Documents and Settings\Regis\Application Data\Sony Setup
2008-03-19 15:24 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-08 13:42 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-07 17:23 --------- d-----w C:\Program Files\Total Video Converter
2008-03-03 10:50 --------- d-----w C:\Program Files\Nero
2008-03-02 16:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-02 15:44 --------- d-----w C:\Documents and Settings\Regis\Application Data\OpenOffice.org2
2008-02-19 17:15 --------- d-----w C:\Documents and Settings\Regis\Application Data\EPSON
2008-02-18 16:12 --------- d-----w C:\Documents and Settings\Regis\Application Data\ArcSoft
2008-02-18 09:13 --------- d-----w C:\Program Files\VirtualDJ2.1
2008-02-13 18:28 --------- d-----w C:\Program Files\DivX
2008-02-13 18:10 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-13 18:04 --------- d-----w C:\Program Files\CDex130
2008-02-12 17:16 --------- d-----w C:\Program Files\Aime P3
2008-02-05 17:21 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-02-05 16:59 --------- d-----w C:\Program Files\IVCsoft
2008-02-04 09:00 --------- d-----w C:\Documents and Settings\Regis\Application Data\Ahead
2008-02-01 09:22 --------- d-----w C:\Documents and Settings\Regis\Application Data\muvee Technologies
2008-01-31 16:39 --------- d-----w C:\Documents and Settings\Regis\Application Data\AdobeUM
2008-01-30 11:41 304,160 ----a-w C:\StiImg.dat
2008-01-29 14:37 --------- d-----w C:\Program Files\ArcSoft
2008-01-29 14:21 --------- d-----w C:\Documents and Settings\Regis\Application Data\Talkback
2008-01-29 13:44 --------- d-----w C:\Program Files\Fichiers communs\PCCamera
2008-01-27 14:14 --------- d-----w C:\Program Files\KraiSoft
2008-01-25 12:31 --------- d-----w C:\Program Files\Ubisoft
2008-01-25 10:58 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2008-01-25 10:55 --------- d-----w C:\Program Files\DV TS
2008-01-24 20:59 --------- d-----w C:\Documents and Settings\Regis\Application Data\CyberLink
2008-01-24 17:22 --------- d-----w C:\Program Files\muvee Technologies
2008-01-24 17:22 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-01-24 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-01-24 17:06 --------- d-----w C:\Program Files\Trust
2008-01-24 16:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-01-24 16:41 --------- d-----w C:\Program Files\epson
2008-01-24 16:39 --------- d-----w C:\Documents and Settings\Regis\Application Data\InstallShield
2008-01-24 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-24 13:06 --------- d--h--r C:\Documents and Settings\Regis\Application Data\SecuROM
2008-01-24 12:01 --------- d-----w C:\Documents and Settings\Regis\Application Data\vlc
2008-01-24 11:46 --------- d-----w C:\Documents and Settings\Regis\Application Data\Grisoft
2008-01-24 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-24 11:44 --------- d-----w C:\Program Files\WinASPI
2008-01-24 11:44 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-24 11:43 --------- d-----w C:\Program Files\ffdshow
2008-01-24 11:33 64,111 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-24 11:33 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-24 11:27 --------- d-----w C:\Documents and Settings\Regis\Application Data\TuneUp Software
2008-01-24 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-24 11:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-24 11:24 --------- d-----w C:\Program Files\CyberLink
2008-01-24 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-24 09:05 --------- d-----w C:\Program Files\Ontrack
2008-01-24 08:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-24 08:29 --------- d-----w C:\Program Files\Alwil Software
2008-01-24 08:28 --------- d-----w C:\Program Files\VideoLAN
2008-01-24 08:24 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-01-23 13:27 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-23 13:27 --------- d-----w C:\Program Files\Realtek
2008-01-23 13:09 --------- d-----w C:\Program Files\S3
2008-01-23 13:08 --------- d-----w C:\Program Files\DIFX
2008-01-23 12:24 --------- d-----w C:\Program Files\VIA
2008-01-23 12:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-23 12:17 --------- d-----w C:\Program Files\Services en ligne
2006-07-30 19:20 959 --sha-r C:\WINDOWS\system32\autorun.bin
.

------- Sigcheck -------

2007-06-13 17:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 17:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 17:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-23_13.43.01.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 11:44:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_640.dat
+ 2008-03-23 11:44:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_e0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 14:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [2007-12-23 14:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtek Audio Control Panel"="C:\Program Files\Realtek\InstallShield\RTLCPL.exe" [2007-03-23 15:19 9715200]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 20:24 1694208]
"USBFireWall"="C:\Program Files\Net Studio\USB_FW.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 13:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 17:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusron]
vtusron.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58948:TCP"= 58948:TCP:Pando P2P TCP Listening Port
"58948:UDP"= 58948:UDP:Pando P2P UDP Listening Port

R0 Bgj71;Bgj71;C:\WINDOWS\system32\Drivers\Bgj71.sys []
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 23:52]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 16:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 13:39]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-10 06:06]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 14:34]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - BGJ71
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-23 11:13:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 13:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 15:54:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Temps d'accomplissement: 2008-03-23 15:58:30
ComboFix-quarantined-files.txt 2008-03-23 11:58:20
ComboFix2.txt 2008-03-23 11:36:51
ComboFix3.txt 2008-03-23 11:33:27
ComboFix4.txt 2008-03-23 11:20:58
ComboFix5.txt 2008-03-23 09:43:13
.
2008-03-20 08:45:53 --- E O F ---
0
Réponse 9 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
refais un hijack stp
@+
0
Réponse 10 / 22
neo97435 Messages postés 202 Statut Membre 53
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:37, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Realtek Audio Control Panel] C:\Program Files\Realtek\InstallShield\RTLCPL.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O15 - Trusted Zone: https://www.orange.fr/portail
O20 - Winlogon Notify: vtusron - vtusron.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 11 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
on continu ;-)

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
@+
0
neo97435 Messages postés 202 Statut Membre 53
 
je n'arrive pas a demarrer en mode sans échec il faut appuiyer sur DEL pour entrer dans setup mais impossible comment i faire
0
Réponse 12 / 22
neo97435 Messages postés 202 Statut Membre 53
 
merci ep44 je pense que les opération que tu m'avait dit et fait on pue éliminer quel que virus merci sa sera bon et puis la je vais me protéger contre les virus avec une bonne protection aller bye et merci
0
Réponse 13 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
ton pc est toujours infecté

il faut faire sdfix
tu tapote F8 ou F5 pour démarrer en mode sans échec
@+
0
Réponse 14 / 22
neo97435 Messages postés 202 Statut Membre 53
 
salut ep44 si tu et ou une autre personne j'ai remarquer que mon ordinateur ram encore un peu alor j'ai fait se que tu ma dit et voila le rapport

[b]SDFix: Version 1.160 [/b]

Run by Regis on 2008-03-24 at 22:16

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Name:
BGJ71

Path:
System32\Drivers\Bgj71.sys

BGJ71 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Service BGJ71 - Deleted after Reboot

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
C:\WINDOWS\system32\drivers\BGJ71.sys - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 22:27:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120% (Trial Version)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a8
"TracesSuccessful"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

C:\Documents and Settings\Regis\Mes documents\My Lockbox
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\110[1].jpg 10431 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\1[2].jpg 7199 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\2[2].jpg 5964 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\4[1].jpg 6972 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\cat-5[1] (1).jpg 236628 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\cat-5[1].jpg 8899 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\cat-6[1].jpg 13722 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\gratuit03[1].jpg 23502 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\photo02[1].jpg 9166 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\promo04[1].jpg 8027 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\Thumbs.db 50176 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\dda\webcam[1].gif 68796 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\1bVI3gplo1.3gp 334506 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\BLACK IN BRAZIL.3gp 964017 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\DANGER Tropical.3gp 5080461 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\Evil Angel - The Voyeur .avi 13238272 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\HeatersGFULLmp4hi137.3gp 10039437 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\HornyhFULLmp4hi182.3gp 11021696 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\HotgFULLmp4hi1.3gp 7977069 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\JaynaOFULLmp4hi128.3gp 8886746 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\JaynaOIV3gplo3033.3gp 91819 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\KAREN.wmv 12713984 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\Kira Kenner - Nurses.mpg 120399468 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\La totale - Adrianna Laurenti, Clara Morgane, Estelle Desanges, Laetitia, Loan Laure, Melissa Lau.avi 735707136 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\La totale - Adrianna Laurenti, Clara Morgane, Estelle Desanges, Laetitia, Loan Laure, Melissa Lau.mp4 108673716 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\Mike In Brazil - Mayara 3.wmv 24067856 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\Mike in Brazil-5 Gorgeous Scenes .mpg 14221312 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\TammyaFULLmp4hi167.3gp 7755808 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\Thumbs.db 57344 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\sexy\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\Regis\Mes documents\My Lockbox\band bon zafer\norton antivirus\Thumbs.db 101376 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\15 an.avi 46790243 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\2_Barbie Anal Swallow (xxx porn sex).mpeg 116306264 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Alyssa Milano (best porno rare01) School Teacher Incest Xxx Fuck Porn Sex Fisting Oral Blow Job Pre-Teen.mpg 133718016 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\anita t & adrienne.AVI 302300210 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Ass Parade 063 - Sara Jay & Kandi (20.06.2005).wmv 265534954 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Ass.Parade.056.-.Sonia.&.Sara.Jay.(02.05.2005).wmv 449833908 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\BELLY 4.avi 140893646 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Best of porn. seXXX. 50 scenes . 50 escenas porno XXX. Cumshots handjob bukkake anal double facial boobs.mpg 54379276 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Beurettes-rebelles-Myriam-2eme partie- se fait doigter-xxx-salope-arabe-banlieue-pute-suce.mpg 25110702 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Bible Black 1.avi 360950214 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\bisar.mpeg 5111812 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\black booty.AVI 1568223256 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\BLONDE %26 BRUNETTE GIRLS ORGASM -smashcom- porn pussy lesbian teen tits boobs anal lesbians facial .mpg 121521792 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\booty réunion.AVI 901005312 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\carmen gemini-toni-kristy love.AVI 466301994 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Clara morgane sodomie en mini jupe jolie string rose sex anal gros seins salope.quelle chienne sexe porno g.mpg 308541444 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\extra hard -devon,sunrise adams,janine&julia ann,dasha-pussycatkatie.AVI 240633856 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\film xxx.avi 728305664 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\FRENCH.XXX.Selen__L'Amour_Comme_Je_L'Aime_-_Marc_Dorcel.avi 788069142 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\jeune pucelle trop bonne cette pute xxx.mpg 80035840 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Les Chevaliers Du Ciel- Le Film porno x pipe, salope, sodomie cul gang bang, clara morgane laure sinclair estelle dess.mpg 823732504 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\lilou & diana k.AVI 350297176 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\lucia & passion.AVI 287007806 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Marc Dorcel - JOURNAL D'UNE INFIRMIERE (LAURE SINCLAIR, LOAN LAURE, MELANIE COSTE, RITA FOLTYANO,.avi 734607360 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\taylor rain 2.AVI 82970624 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\tequila boom boom.avi 734027776 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Thumbs.db 70656 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\Regis\Mes documents\My Lockbox\karate-xxl\tiffany minx-sierra sin-courtney cummz&tyla wynn.AVI 1173509058 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx\Les Deux Mondes.Daniel Cohen.Benoit Poelvoorde.DVDrip.avi 733512848 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx\Porno - Hot Young Teen Takes It In Ass fuck hardcore asian sex suck fucking animals gay lesbian rape xxx(1).mpeg 312983304 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx\The.Professi #3-2nd part (Veronica Vanoza, Cindy Lords, Carmen, Maya Gold, Camelia, Dara).avi 733566976 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx\Thumbs.db 14336 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\Regis\Mes documents\My Lockbox\xx\Xxx Ricatti sessuali (Mario Salieri-Antonella Del Lago,Sexy Luna,Roccaforte,Selen,Rizzo)porno [ FILM HARD VIETATO ANNI 21].avi 719995392 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\anal pov.avi 736892928 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\andromèda.avi 727422976 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\Default.PLS 28 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\fantasme en été.avi 727545856 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\Katsumi.A.L.Ecole.Des.Infirmieres.FRENCH.XXX.DVDRip.REPACK.1CD.XViD-IcE-TEAM.avi 734443430 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\Thumbs.db 8192 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\Zzz\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\Regis\Mes documents\My Lockbox\[BraSilianBoy]BUTTMAN.-.Estrela.Porno.2de2.[Xvid][Pornoholic.org_58min16secs].avi 732536832 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\[Evil Angel] Ass Worship #5 CD1 [Olivia O'Lovely, Mika Tan, Kaylynn, Tiffany Mynx, Lauren Phoenix, April Flowers].mpg 816386340 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\[Marc.Dorcel]-le.parfum.du.desir.dvdrip(Tiffany.Diamond,Angela.Tiger,Melanie.Coste,.Lea.de.Mae,.Monica.Sweetheart).avi 729712640 bytes
C:\Documents and Settings\Regis\Mes documents\My Lockbox\[Private] Amsterdam Sex Games(2004).avi 733599744 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 94

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 24 Mar 2008 17,814,632 A..H. --- "C:\Downloads\avinstall.exe"
Mon 24 Mar 2008 684,185 A..H. --- "C:\Downloads\shield_manager_1_18327.zip"
Sun 23 Mar 2008 1,413,713 A..H. --- "C:\RECYCLER\S-1-5-21-1482476501-1580436667-725345543-1004\Dc2.exe"
Mon 24 Mar 2008 1,413,771 A..H. --- "C:\RECYCLER\S-1-5-21-1482476501-1580436667-725345543-1004\Dc3.exe"
Fri 21 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 20 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Sun 2 Mar 2008 888 ...HR --- "C:\Documents and Settings\Regis\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]
0
Réponse 15 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
très bien pour la suite

Télécharge:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport

ensuite
fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
avec aussi un nouveau rapport hijack
@+
0
Réponse 16 / 22
neo97435 Messages postés 202 Statut Membre 53
 
voila le rapport anti-spyware

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 01:38 2008-03-25

+ Résultat de l'analyse:

:mozilla.156:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.80:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.81:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.82:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.83:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.50:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.104:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.31:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.59:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.157:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.112:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.113:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.114:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.115:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.69:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.70:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.71:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.72:C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\ttds0zor.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport
0
Réponse 17 / 22
neo97435 Messages postés 202 Statut Membre 53
 
le rapport de hijackthi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43, on 2008-03-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Realtek Audio Control Panel] C:\Program Files\Realtek\InstallShield\RTLCPL.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: vtusron - vtusron.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 18 / 22
neo97435 Messages postés 202 Statut Membre 53
 
maintenant je vais faire se que tu ma dit ses party et merci
0
Réponse 19 / 22
neo97435 Messages postés 202 Statut Membre 53
 
yo nep44 sa ne marche pas la n'analyse sa ne démarre meme pas j'ai mozilla mais ses pas compatible j'ai internet exploreur sa ram a afficher la page j'ai le navigateur orange ses bon mais sa ne démarre meme pas que faire ta d'autre solution svp et merci
0
Réponse 20 / 22
ep44 Messages postés 7432 Statut Contributeur 3
 
bon
va sur ce site
https://www.eset.com/

==> clique sur scanner en ligne
==> clique " yes accept the terms of use " ensuite start
==> clique droit en haut de la page pour débloquer ActiveX
==> clique les deux cases
==> une fois le scan fini fait détails et colle le rapport
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses