ecran bleu warning! spyware detected on your Fermé

Question

Bonjour,
Bonjour,
j'ai un probleme mon ecran est bleu avec inscrit warning! spyware detected on your computer. que dois je faire? J'ai procéde à un nettoyage avec cccleaner, spyware doctor, panda antivirus 2008, mais quand j'analyse avec Ad adware et a squared free, l'analyse s'interrompt et le pc s'eteint et redemarre. Merci d'avance

j'ai aussi le rapport hijack

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:35, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'Default user')
O4 - S-1-5-18 Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed055YYFR_ZN
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Wanadoo - http://chat5.x-echo.com/version2/Applet/wchatsign.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

g!rly · Answer

salut,

passe ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

repost aussi un nouveau hijack this stp

@+

g!rly · Answer

re,

tu as été infecté par bagle dans le passé ?

la suite :

A l´aide de hijack this coche et fix les lignes ci dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed055YYFR_ZN
O16 - DPF: Interface Chat Wanadoo - http://chat5.x-echo.com/version2/Applet/wchatsign.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

tu as deux anti virus ?! 

supprime soit panda soit antivir !

passe ccleaner :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

   http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

   Dans la colonne de gauche, click sur :

   ->"erreurs" :

      Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
      
      ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

   ->"nettoyeur"
   
      quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

   https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

   http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

tu n´as pas de par feu instale celui ci :

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

puis

Copie le texte ci-dessous :

File::
c:\windows	emp\adj_hp.reg
C:\WINDOWS\system32	mp.reg
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS	wain_32\jwlbqzpi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\opnkhfd]

Driver::
jwlbqzpi

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

g!rly · Answer

recommence car ca n´a pas marché,

fais bien comme indiqué :

Copie le texte ci-dessous :

File::
c:\windows	emp\adj_hp.reg
C:\WINDOWS\system32	mp.reg
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS	wain_32\jwlbqzpi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­­]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\opnkhfd]

Driver::
jwlbqzpi

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports. 

@+

g!rly · Answer

Jon dal, 

ca n´a toujours pas marché ?!

tu es sur de bien faire la manip ?

@+

jon dal · Answer

Bonjour, desole de ne pas etre revenu plus vite vers vous je vous poste les rapports ComboFix 08-03-25.4 - Propriétaire 2008-04-01 16:47:50.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.285 [GMT 2:00] Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt..txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))))))) . 2008-03-27 20:38 . 2008-03-27 20:38 d-------- C:\Program Files\Tall Emu 2008-03-27 20:38 . 2008-03-28 11:45 d-------- C:\Documents and Settings\Propriétaire\Application Data\OnlineArmor 2008-03-27 20:38 . 2008-03-27 20:38 d----c--- C:\Documents and Settings\All Users\Application Data\OnlineArmor 2008-03-27 20:38 . 2007-11-08 07:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys 2008-03-27 20:38 . 2007-09-29 01:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys 2008-03-27 20:38 . 2007-09-29 01:06 18,944 --a------ C:\WINDOWS\system32\drivers disrd.sys 2008-03-27 02:50 . 2008-03-27 02:50 d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-27 02:45 . 2008-03-27 02:45 d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-27 02:34 . 2008-03-27 02:34 d-------- C:\Program Files\Trend Micro 2008-03-27 01:34 . 2008-03-27 01:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp 2008-03-27 01:30 . 2008-03-27 01:30 d-------- C:\Program Files\Lavasoft 2008-03-27 01:30 . 2008-03-27 01:30 d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-27 01:12 . 2008-03-27 01:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp 2008-03-27 00:39 . 2008-03-27 00:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp 2008-03-26 16:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-03-26 16:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-03-26 16:48 . 2008-03-02 00:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe 2008-03-26 16:48 . 2008-03-01 00:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-03-26 16:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-03-26 16:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-03-26 16:48 . 2008-03-27 00:55 2,212 --a------ C:\WINDOWS\system32 mp.reg 2008-03-26 16:34 . 2008-03-26 16:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp 2008-03-26 15:48 . 2008-03-26 15:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp 2008-03-26 14:31 . 2008-03-26 14:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp 2008-03-26 13:54 . 2008-03-26 13:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp 2008-03-26 12:48 . 2008-03-26 12:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp 2008-03-26 12:44 . 2008-03-26 12:44 d-------- C:\Documents and Settings\LocalService\Menu Démarrer 2008-03-26 12:31 . 2008-03-26 12:31 d----c--- C:\Documents and Settings\All Users\Application Data\sentinel 2008-03-26 11:37 . 2008-03-26 11:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp 2008-03-26 00:40 . 2008-03-26 00:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp 2008-03-26 00:11 . 2008-03-26 00:11 d-------- C:\Program Files\a-squared Anti-Malware 2008-03-25 23:57 . 2008-03-25 23:57 269,334 --a------ C:\WINDOWS\system32 ipsnmdgr.bmp 2008-03-25 23:50 . 2008-03-25 23:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp 2008-03-25 23:48 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-03-25 23:46 . 2008-03-25 23:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp 2008-03-25 23:34 . 2008-03-25 23:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp 2008-03-25 23:30 . 2008-03-26 14:28 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-25 22:57 . 2008-03-25 22:57 d----c--- C:\kav 2008-03-25 22:55 . 2008-03-25 22:55 269,334 --a------ C:\WINDOWS\system32 elkr.bmp 2008-03-25 22:44 . 2008-03-25 22:44 269,334 --a------ C:\WINDOWS\system32 etcn.bmp 2008-03-25 22:31 . 2004-08-20 01:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll 2008-03-25 22:29 . 2008-03-25 22:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp 2008-03-25 22:02 . 2008-03-25 22:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp 2008-03-25 22:01 . 2008-03-25 22:02 2 --a--c--- C:\953211791 2008-03-25 18:52 . 2008-03-25 18:52 d----c--- C:\SAV32CLI 2008-03-25 02:19 . 2008-03-25 02:19 d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools 2008-03-24 19:20 . 2008-03-24 19:20 d-------- C:\Program Files\ma-config.com 2008-03-24 19:20 . 2008-03-24 19:23 d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com 2008-03-20 17:36 . 2008-03-24 16:22 d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent 2008-03-20 17:34 . 2008-03-24 16:23 d-------- C:\Program Files\BitTorrent 2008-03-14 12:27 . 2008-03-14 12:31 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 14:59 --------- d-----w C:\Program Files\eMule 2008-03-28 11:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-28 11:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-28 11:42 --------- d-----w C:\Program Files\Fichiers communs\Panda Software 2008-03-28 11:19 --------- d-----w C:\Program Files\TuneUp Utilities 2004 2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger 2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free 2008-03-25 22:36 --------- d-----w C:\Program Files\Google 2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live 2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7 2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek 2008-02-09 17:50 --------- d-----w C:\Program Files\eBay 2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT 2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-27_10.05.53,67 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe - 2004-09-23 10:27:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-29 22:46:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2004-09-23 10:27:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-03-29 22:46:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2004-09-23 10:27:23 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-29 22:46:57 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-03-26 14:38:48 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 12:23:20 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-26 14:38:48 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-03-30 12:23:20 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-03-26 14:38:48 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 12:23:20 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-26 14:38:48 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-03-30 12:23:20 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:31 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 06:39 59392] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-12-30 22:49 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 20:54 155648] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-26 00:40 1816208] "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 08:51 5029952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Suite"="regedit -s c:\windows emp\adj_hp.reg" [ ] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 08:50 633344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\opnkhfd] opnkhfd.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "hpsysdrv"=c:\windows\system\hpsysdrv.exe "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe "New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s "nwiz"=nwiz.exe /install "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE "My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Soulseek\slsk.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Windows Media Player\wmplayer.exe"= "C:\Program Files\Real\RealOne Player\realplay.exe"= "C:\Program Files\eMule\eMule.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\system32\rtcshare.exe"= "C:\Program Files\NetMeeting\conf.exe"= "C:\WINDOWS\system32\rundll32.exe"= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"= "C:\Program Files\Grisoft\AVG7\avgemc.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Internet Explorer\iexplore.exe"= "C:\kav\kav7.0\english\setup.exe"= R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 01:06] R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 07:37] R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 01:06] R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 08:51] S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS wain_32\jwlbqzpi.dll [] S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 18:17] S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 18:16] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 16:55:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" . Temps d'accomplissement: 2008-04-01 16:57:28 ComboFix-quarantined-files.txt 2008-04-01 14:57:21 . 2008-03-12 13:45:30 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:20, on 01/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows emp\adj_hp.reg (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows emp\adj_hp.reg (User 'Default user') O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user') O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29 O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32 vsvc32.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

g!rly · Answer

salut jon dal,


tu n´as pas d´anti virus ?

instale antivir :

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php 
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

puis :

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

et autoruns :

https://www.clubic.com/telecharger-fiche15501-microsoft-autoruns.html que tu dezip dans un dossier 

n´y touche pas 

redemarre en mode sans echec:

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
une fois en mode sans echec.

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­­­]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\opnkhfd]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\WINDOWS\system32	mp.reg
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS	wain_32\jwlbqzpi.dll

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

ouvre le programme autoruns en clickant sur autoruns.exe dans le dossier que tu avais crée, puis dans la fenetre du programme appuie sur l´onglet services.

navigue jusqu´a : jwlbqzpi

click droit dessus et delete

Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

si tu ne comprends pas quelque chose demande moi avant de debuter...

@+

jon dal · Answer

Bonsoir, voci les rapports j'ai pas pu effacer " jwlbqzpi " car il n 'etait pas dans l 'onglet services comme tu me l'avais indiqué ouvre le programme autoruns en clickant sur autoruns.exe dans le dossier que tu avais crée, puis dans la fenetre du programme appuie sur l´onglet services. navigue jusqu´a : " click droit dessus et delete " [Custom Input] < C:\WINDOWS\system32 mp.reg > C:\WINDOWS\system32 mp.reg moved successfully. < C:\WINDOWS\system32\jfiehayd.dll > File/Folder C:\WINDOWS\system32\jfiehayd.dll not found. < C:\WINDOWS wain_32\jwlbqzpi.dll > File/Folder C:\WINDOWS wain_32\jwlbqzpi.dll not found. OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04072008_194239 ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:58:49, on 07/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user') O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32 vsvc32.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

g!rly · Answer

ok

passe ceci maintenant :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

jon dal · Answer

bonsoir,

Malwarebytes' Anti-Malware 1.10
Version de la base de données: 598

Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 107995
Temps écoulé: 1 hour(s), 0 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\fccaxxx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iesearch.dll.vir (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baloned.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfetofqdgj.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etcrahcfidgr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fadonapgrap.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fihgjmd.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fmhcratsjahgr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqdofmd.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqlkjipsr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfqhorilsfel.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idcjetgjal.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilsfit.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkfadsfeh.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsnmdgbip.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etcn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ipsnmdgr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\orqtojahcfilgn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcjelgrmt.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32elkr.bmp (Malware.Trace) -> Quarantined and deleted successfully.


a plus

g!rly · Answer

jon ddal.

ok cool

fais ceci maintenant :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

ps . fais le scan en mode sans echec :

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

-> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

@+

jon dal · Answer

Bonsoir, AntiVir PersonalEdition Classic Report file date: mercredi 9 avril 2008 19:03 Scanning for 1188179 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Propriétaire Computer name: NOM-BMU9LZ61VCE Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 18:17:59 ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 2008-04-07 18:09:21 ANTIVIR3.VDF : 7.0.3.135 57344 Bytes 2008-04-08 21:29:24 AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 2008-04-05 12:57:54 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-04-02 18:18:01 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: mercredi 9 avril 2008 19:03 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '23' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' End of the scan: mercredi 9 avril 2008 20:53 Used time: 1:49:51 min The scan has been done completely. 5031 Scanning directories 275430 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 275430 Files not concerned 17960 Archives were scanned 1 Warnings 35 Notes

g!rly · Answer

ok jon

comment va le pc maintenant ?

@+

g!rly · Answer

ok

post un nouveau rapport hijack this je vais retirer le superflu du demarrage

@+

g!rly · Answer

j´arrete
merci de trouver un autre helper

vinven · Answer

(((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\mdelk.exe C:\Windows\system32\drivers\srosa.sys C:\Windows\system32\mdelk.exe C:\Windows\system32\wintems.exe . ---- Previous Run ------- . C:\Program Files\PlayMP3z C:\Program Files\PlayMP3z\uninstall.exe C:\Windows\system32\ban_list.txt C:\Windows\system32\drivers\downld C:\Windows\system32\drivers\downld\100620.exe C:\Windows\system32\drivers\downld\136641.exe C:\Windows\system32\drivers\downld\15184357.exe C:\Windows\system32\drivers\downld\153785.exe C:\Windows\system32\drivers\downld\15482490.exe C:\Windows\system32\drivers\downld\15625512.exe C:\Windows\system32\drivers\downld\15706757.exe C:\Windows\system32\drivers\downld\15764228.exe C:\Windows\system32\drivers\downld\176608.exe C:\Windows\system32\drivers\downld\242597.exe C:\Windows\system32\drivers\downld\305574.exe C:\Windows\system32\drivers\downld\30761603.exe C:\Windows\system32\drivers\downld\30766501.exe C:\Windows\system32\drivers\downld\30769293.exe C:\Windows\system32\drivers\downld\309427.exe C:\Windows\system32\drivers\downld\324154.exe C:\Windows\system32\drivers\downld\333015.exe C:\Windows\system32\drivers\downld\334575.exe C:\Windows\system32\drivers\downld\342016.exe C:\Windows\system32\drivers\downld\342578.exe C:\Windows\system32\drivers\downld\349691.exe C:\Windows\system32\drivers\downld\362827.exe C:\Windows\system32\drivers\downld\556377.exe C:\Windows\system32\drivers\downld\571712.exe C:\Windows\system32\drivers\downld\581493.exe C:\Windows\system32\drivers\downld\587624.exe C:\Windows\system32\drivers\downld\59311.exe C:\Windows\system32\drivers\downld\67049.exe C:\Windows\system32\drivers\downld\68765.exe C:\Windows\system32\drivers\downld\69685.exe C:\Windows\system32\drivers\downld\83632.exe C:\Windows\system32\drivers\downld\94255.exe C:\Windows\system32 vs2.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA -------\Service_PortProxy ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))))))) . 2008-04-13 17:11 . 2008-04-13 21:59 477 --a------ C:\ifexist.sed 2008-04-13 16:47 . 2008-04-13 16:47 d-------- C:\Program Files\Trend Micro 2008-04-13 16:38 . 2008-04-13 16:38 d-------- C:\killbagle 2008-04-13 16:08 . 2008-04-13 16:08 d-------- C:\Program Files\Sophos 2008-04-13 15:33 . 2008-04-13 15:35 d-------- C:\Users\Ventura\AppData\Roaming\LimeWire 2008-04-13 15:32 . 2008-04-13 15:32 d-------- C:\Users\Ventura\Program Files 2008-04-13 15:32 . 2008-04-13 15:33 d-------- C:\Users\Ventura\AppData\Roaming\uTorrent 2008-04-13 14:50 . 2008-04-13 14:50 d-------- C:\Users\Ventura\AppData\Roaming\Teleca 2008-04-13 14:50 . 2008-04-13 14:50 d-------- C:\Users\Ventura\AppData\Roaming\Sony Ericsson 2008-04-13 14:49 . 2008-04-13 14:49 d---s---- C:\Users\Ventura\Videos 2008-04-13 14:49 . 2008-04-13 14:49 d---s---- C:\Users\Ventura\Searches 2008-04-13 14:49 . 2008-04-13 14:49 dr------- C:\Users\Ventura\Saved Games 2008-04-13 14:49 . 2008-04-13 14:49 d---s---- C:\Users\Ventura\Pictures 2008-04-13 14:49 . 2008-04-13 15:06 d---s---- C:\Users\Ventura\Music 2008-04-13 14:49 . 2008-04-13 14:49 d---s---- C:\Users\Ventura\Links 2008-04-13 14:49 . 2008-04-13 14:49 dr------- C:\Users\Ventura\Downloads 2008-04-13 14:49 . 2008-04-13 15:06 dr------- C:\Users\Ventura\Documents 2008-04-13 14:49 . 2008-04-13 15:45 dr------- C:\Users\Ventura\Contacts 2008-04-13 14:49 . 2006-11-02 14:37 d-------- C:\Users\Ventura\AppData\Roaming\Media Center Programs 2008-04-13 14:49 . 2008-04-13 14:49 d--h----- C:\Users\Ventura\AppData 2008-04-12 11:31 . 2008-04-12 11:31 d-------- C:\Program Files\THQ 2008-04-09 16:38 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys 2008-04-09 16:38 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys 2008-04-09 16:04 . 2008-04-13 16:35 41 --a------ C:\Windows\Filzip.ini 2008-04-09 16:01 . 2008-04-09 16:01 237,534,280 --a------ C:\Windows\MEMORY.DMP 2008-04-09 13:31 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe 2008-04-09 13:31 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe 2008-04-09 13:31 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll 2008-04-09 13:31 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll 2008-04-09 13:31 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32 strui.exe 2008-04-09 13:31 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-04-09 13:31 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 13:31 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 13:31 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 13:31 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-09 12:29 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-04-09 12:29 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll 2008-04-09 11:10 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-04-09 09:06 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-03-29 22:05 . 2008-03-29 22:09 d-------- C:\Program Files\ElcomSoft 2008-03-29 22:05 . 2008-03-29 22:09 1,100 --a------ C:\Windows\ARPR.INI 2008-03-26 08:25 . 2008-03-26 08:25 d-------- C:\Program Files\DAEMON Tools Lite 2008-03-20 21:13 . 2006-11-29 14:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll 2008-03-20 21:13 . 2006-09-28 17:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll 2008-03-20 21:13 . 2006-11-29 14:06 440,080 --a------ C:\Windows\System32\d3dx10.dll 2008-03-20 21:13 . 2006-12-08 13:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll 2008-03-20 21:13 . 2006-09-28 17:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll 2008-03-20 21:11 . 2008-03-20 21:11 319 --a------ C:\Windows\game.ini 2008-03-20 18:47 . 2008-03-20 18:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-19 16:27 . 2008-03-19 16:27 172 --ah----- C:\sqmnoopt03.sqm 2008-03-19 16:27 . 2008-03-19 16:27 172 --ah----- C:\sqmdata03.sqm 2008-03-19 16:02 . 2008-03-19 18:11 d-------- C:\PerfLogs 2008-03-19 15:34 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe 2008-03-19 15:34 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll 2008-03-19 15:32 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-03-19 15:31 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-03-19 15:30 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32 etworkmap.dll 2008-03-19 15:29 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-03-19 15:28 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-03-19 15:28 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-03-19 15:28 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-03-19 15:28 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-03-19 15:28 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-03-19 15:27 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-03-19 15:27 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-03-19 15:27 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-03-19 15:27 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-03-18 09:20 . 2008-03-18 09:20 d-------- C:\Program Files\Windows Live Favorites 2008-03-18 09:19 . 2008-03-18 09:19 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-15 12:16 . 2008-03-15 12:16 d-------- C:\Program Files\Microsoft Silverlight 2008-03-13 16:58 . 2008-03-20 21:29 66,872 --a------ C:\Windows\System32\PnkBstrA.exe 2008-03-13 16:58 . 2008-03-20 21:51 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys 2008-03-13 16:57 . 2008-03-20 21:51 103,736 --a------ C:\Windows\System32\PnkBstrB.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 14:15 --------- d-----w C:\Program Files\Windows Mail 2008-04-10 05:32 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 14:11 --------- d-----w C:\ProgramData\eMule 2008-04-08 17:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-02 15:03 --------- d-----w C:\Program Files\RocketDock 2008-03-30 15:14 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys 2008-03-20 18:29 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-03-19 14:34 --------- d-----w C:\ProgramData\Kiwee Toolbar2 2008-03-19 14:11 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Journal 2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Defender 2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Collaboration 2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Calendar 2008-03-17 19:22 --------- d-----w C:\Program Files\uTorrent 2008-03-09 13:11 --------- d-----w C:\Program Files\Marvell 2008-03-09 12:58 --------- d-----w C:\Program Files\ma-config.com 2008-03-08 10:58 --------- d-----w C:\Program Files\KONAMI 2008-03-04 21:37 --------- d-----w C:\ProgramData\WLInstaller 2008-03-03 09:31 --------- d-----w C:\Program Files\Kiwee Toolbar2 2008-02-28 16:57 --------- d-----w C:\Program Files\LimeWire 2008-02-27 13:49 --------- d-----w C:\Program Files\eRightSoft 2008-02-26 18:45 --------- d-----w C:\Program Files\MagicISO 2008-02-26 14:00 --------- d-----w C:\Program Files\BitTorrent_DNA 2008-02-24 18:02 --------- d-----w C:\Program Files\FlashGet 2008-02-23 20:37 --------- d-----w C:\Program Files\Game Graphic Studio 2008-02-21 14:38 --------- d-----w C:\Program Files\UHARC for Windows 2008-02-20 14:28 --------- d-----w C:\Program Files\Crocodile Clips 2008-02-17 15:37 --------- d-----w C:\ProgramData\Lavasoft 2008-02-17 15:36 --------- d-----w C:\Program Files\Lavasoft 2008-02-17 15:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-17 09:26 --------- d-----w C:\Program Files\Google 2008-02-17 09:06 --------- d-----w C:\Program Files\Alwil Software 2008-02-17 09:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-17 09:02 --------- d-----w C:\ProgramData\Symantec 2008-02-17 09:02 --------- d-----w C:\Program Files\Symantec 2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe 2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe 2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll 2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll 2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe 2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-19 07:33 151,040 ----a-w C:\Windows otepad.exe 2008-01-19 07:33 134,656 ----a-w C:\Windows egedit.exe 2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe 2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}] 2008-02-18 15:01 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll" [2008-02-18 15:01 248976] [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll [2008-02-18 15:01 248976] [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 08:22 68856] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616] "Acer Tour Reminder"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184] "Acer Tour"="" [] "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe] "snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 21:54 339968] "NeroCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "WiFiCtrl"="C:\Program Files\Hercules\Hercules WiFi Controller Software\WiFiCtrl.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-04-13 15:57 79224] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384] PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=C:\Users\alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook] --a------ 2008-02-18 15:01 48264 C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1019308718-3554108289-4126605990-1000] "EnableNotificationsRef"=dword:00000008 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess "{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess "{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess "{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine "{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia "{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect "{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service "{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician "{34DEA44F-1671-47DB-9D98-E163EE1CEDE2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B388BF0C-B616-4C6D-8B90-950FBE5B8219}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{71B2647E-3AFA-4CF8-94E4-621BA5BFF632}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{CD4F2AAC-1366-4FCE-89C9-BB6CE88D39CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{22938D5C-E7D1-4B22-A91B-BF67493523D8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F5E3238A-8D27-40DA-B239-05FC6B4198AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4B5D5F08-186C-4DF5-A223-BE3D842F9513}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A111EDE7-3803-4A46-9C3C-A6D3D433D7D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0CB24CB6-4CAC-4DEE-804A-24B7589BBB55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7AD475C6-DF11-46A6-8868-2B49B08B2546}"= UDP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008 "{731ED7EF-B18D-493F-803E-77F2B3143064}"= TCP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008 "{E078BD84-4130-4177-8C27-2AAB2CA16A8A}"= UDP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008 "{AAEB1413-4DB8-4804-B535-B3F2DB9F99FB}"= TCP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008 "{828E3802-3CA4-4C0C-91C0-B1CCE3CC1D1D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{F36D03A9-2469-47BC-9A2A-812F7C53DC36}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{90D88BD8-E1C4-4F1D-ACF3-B91AB7E2F753}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8AD3BC4E-EC8C-4B06-A7C7-06DE963A2E17}"= UDP:D:\vincent\pes 2008\Peke23c_P.E.S.08.Crack_wWw.ProgramasFull.net\ViTALiTY\PES2008.exe:Pro Evolution Soccer 2008 "{B36E91B5-DFC7-450C-8AC0-CCE4DA008414}"= TCP:D:\vincent\pes 2008\Peke23c_P.E.S.08.Crack_wWw.ProgramasFull.net\ViTALiTY\PES2008.exe:Pro Evolution Soccer 2008 "{F0B7345A-0982-4636-A169-951882FBAF8A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{100A0459-4F9C-4538-ACE7-540CDA170ECD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{97551B4B-DF22-49CD-B3A3-94EE7687DB02}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9F219804-DF52-4744-969E-F42708426B4B}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{0D33E4FC-3E48-4811-BABD-87450D7E8D45}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{30C7726B-F848-4611-8725-0560AA0AE401}C:\counter-strike source lan edition\hl2.exe"= UDP:C:\counter-strike source lan edition\hl2.exe:hl2 "UDP Query User{ED062AAE-62B4-4C54-9BFA-5B123673ED5D}C:\counter-strike source lan edition\hl2.exe"= TCP:C:\counter-strike source lan edition\hl2.exe:hl2 "{2C319B75-A5E0-465E-8A9C-B6C26BBA2B6D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5B80D8FB-055C-4C9D-96BC-4A03CFF02819}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5A9643CD-E359-402D-825D-744E1751779C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B824B5A6-F050-4171-8856-0AC94AC3840F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5CA0B963-C474-4124-B699-792594B45091}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E3A5DE18-E878-40C1-BFEF-0CCDB0AAC9AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{22EFDE0F-C5DD-4523-AA9C-F4FAB93FF289}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{95AD7A1E-5134-4B16-983E-F0393DE9A669}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{073E9944-4FFA-49CF-817F-1D9263C2436B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A26934FD-F4CF-4EEA-9796-5F7154520425}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{32B240DF-1DB1-422D-9283-117563130C9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{049BE66D-47DC-4DAB-A99F-5455E0800828}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1555FA49-0F86-4B06-AEAD-CFECC693D896}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{6329B82F-32DE-417A-8C91-474813066369}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{63074F18-5EEA-498C-9712-14D6E46B6694}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{86A1C35E-676D-452B-A0A9-F0AEEA3CC9FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{33613252-FFA9-44FA-A6DA-740A0351DA6C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{FD7FBC44-140F-44F1-8414-3D11CAEE77CB}C:\program files\flashget\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{13FAE621-A2FB-42B8-9E28-CF2B1B9017E7}C:\program files\flashget\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{9527423C-0E15-46D1-B437-650886CA7A70}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{79C73949-F943-44C5-B318-79DE643DF923}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{3C365E50-2339-4E72-9012-61A4341870E5}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{4810D81A-D38D-4F57-B19D-17F8C293B1A1}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{D4CB415D-C15A-4717-95EE-9586F2D77F59}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{BB8B51D4-DE41-4555-826F-8B158C8A423B}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{C3926E94-B59E-42A8-9BBE-F36708A6C328}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{DFA027FD-CA0B-4458-B1A8-0E1783A18EE8}C:\users\alfred\program files\bittorrent_dna\dna.exe"= UDP:C:\users\alfred\program files\bittorrent_dna\dna.exe:dna.exe "UDP Query User{5656A35A-196E-4CAD-B2AA-50C21A499F8D}C:\users\alfred\program files\bittorrent_dna\dna.exe"= TCP:C:\users\alfred\program files\bittorrent_dna\dna.exe:dna.exe "{426A59B9-55E4-48DB-BFB3-08F9ABC02FCE}"= UDP:15050:utorrent "TCP Query User{75496B8E-9C64-46E6-9978-96100C9E997E}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{7D081DCB-F6BB-4FA5-BADF-42BE449747C0}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{F6EBFD5B-4B41-42F6-86F2-D448BB810A61}"= UDP:16106:emule "{0787D5D7-2460-46C4-BBE8-4B97D1A8F16E}"= TCP:4357:emule "TCP Query User{A2671E39-C4E4-43EC-8B48-178CCE7A6136}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{43BB0F10-E5E8-42E6-8294-C5D56D45B1F1}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{5FFA819E-F04D-462D-B28F-A2EDBF2AFB61}C:\users\invité\program files\utorrent\utorrent.exe"= UDP:C:\users\invité\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{FFBF34C3-191E-4D59-8FD4-B0C0875CF102}C:\users\invité\program files\utorrent\utorrent.exe"= TCP:C:\users\invité\program files\utorrent\utorrent.exe:utorrent.exe "{5CDB81B5-01C1-441A-9DF6-8C9021FC7E27}"= TCP:15050:utorrent "{E8B560E3-2FDF-49AD-AC6D-6D6286659301}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F04E7E3F-4DEC-4375-A34B-6D271460FDAC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8CB59DA6-CCE2-489B-845B-DBA2A04FFC5A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C4BDA9B2-0088-4DCA-BC38-27E4441DE83F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{2EBBE08A-0E83-4E94-AC6E-2B346179C29E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{82F19D9F-E5D5-4797-8F67-DE9C69968AEA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BC9CDBD4-2D4B-4E04-AA6A-31DF164AEC10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4161B8C5-EAAB-40DB-AE96-F7F506E7872D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{70F85029-992D-4044-9BF5-AA274C04394B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{546A9E5F-EC22-4015-8A54-E63CB2BBFEBB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BB908967-41D3-44EC-9223-237579AB4E55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5C6CDECF-A085-4EC2-BD6C-94AF93FF273C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3A19AEAB-DE26-49E5-BCEC-8BCC2718A90C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7D0DD0E9-8719-464E-AF71-ABCB40A90F48}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{03C63FE5-45A1-475A-96FA-58D83BBD0C7A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DA45F0CD-3E7C-416A-8588-8DFAF7A673DA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{11FA8E22-81F8-4CCA-A135-99822D9768B8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DFFC373D-CC5B-4E7F-87C2-2CB84A52E5C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{907B50E1-72CA-4152-A89E-1BD1615DDFB2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4360E6F9-B46E-4688-B57D-C792F1602637}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{EE895A50-00E4-4B16-99D7-F39159E7D6AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C0CC56CE-C6D1-469D-A5DB-AD506A5F9C47}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{21660381-865F-4D3F-BFA9-DC874CE76710}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{31DCEF4B-7762-4D6C-84C8-2B5E3D243623}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{853CDBCC-6C4B-4563-8793-95C7CA7CB961}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{427CA469-EA0D-47F2-B230-BC04E3C57481}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A5F25928-2BE6-4CD1-85B8-3976DB765887}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{53565DB8-0AA6-4FA7-988B-3FA8BCBD0DF8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0D38FAE0-1CAD-4BE8-8E25-C3EBD3501D09}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{DF16E1C6-0400-44D2-B5F7-3C496546FCCB}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{90891730-DC6C-4389-A6EE-A69631487D3D}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{CC4CC689-0ACB-4E69-8708-9DBB7D1641C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E13F766F-D369-4B91-B060-0898DA6A2533}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5C73015D-269F-4A39-92B2-FA073138E580}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A8A32DA7-1F23-4CD2-8D8C-C67F5AF031DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{6D5B420E-CED2-4311-87A0-26935D4C77D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D53837A7-F95F-41DA-A32B-251DAAAD5ABC}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B4854296-3B46-46CD-B0EE-0248273F3A1B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{16033B65-591F-46EC-B36A-0B28339B9BD1}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{55F8C772-2FB1-4115-961D-382EB1DF319C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{651BBE58-8671-4161-83D7-C33E9293DB07}C:\program files\codemasters\dirt\dirt.exe"= UDP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable "UDP Query User{43828BDD-0EE9-4853-9F4E-F5BE42282BF9}C:\program files\codemasters\dirt\dirt.exe"= TCP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable "TCP Query User{2D130240-1B5C-422B-A097-C22626ED8AB4}C:\program files\techland\xpand rally xtreme\xrx.exe"= UDP:C:\program files echland\xpand rally xtreme\xrx.exe:XpandRallyXtreme "UDP Query User{D8B54EE6-C022-41C4-8081-FB2526ACEEA1}C:\program files\techland\xpand rally xtreme\xrx.exe"= TCP:C:\program files echland\xpand rally xtreme\xrx.exe:XpandRallyXtreme "{06A24364-8E91-4E79-B483-A3150E8ACB37}"= UDP:C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:FIFA 08 "{7CA159AB-98EB-4287-AA41-BD3B24F25A1E}"= TCP:C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:FIFA 08 "TCP Query User{84714218-85C0-4C08-AA0E-8320292C0086}C:\program files\thq\motogp 2007\motogp.exe"= UDP:C:\program files hq\motogp 2007\motogp.exe:motogp "UDP Query User{5ED7F099-4019-4E6B-8164-1F9A675BADD7}C:\program files\thq\motogp 2007\motogp.exe"= TCP:C:\program files hq\motogp 2007\motogp.exe:motogp "TCP Query User{343B855E-4DB1-479D-A6B7-DAE7AB3FD88E}C:\program files\gamespy\comrade\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade "UDP Query User{48B8EDA1-3E07-43B8-B306-26F144E89CA0}C:\program files\gamespy\comrade\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade "TCP Query User{AF9E47C6-0CF9-43A3-9C5C-8289C20437E5}C:\users\ventura\program files\utorrent\utorrent.exe"= UDP:C:\users\ventura\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{8CDB3D32-5E78-41C8-AC7E-882139D66823}C:\users\ventura\program files\utorrent\utorrent.exe"= TCP:C:\users\ventura\program files\utorrent\utorrent.exe:utorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22] R0 BsStor;InCD Storage Helper Driver;C:\Windows\system32\DRIVERS\bsstor.sys [2002-06-05 18:07] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 14:46] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 BsUDF;InCD UDF Driver;C:\Windows\system32\drivers\BsUDF.sys [2002-06-28 04:12] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-17 16:01] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-01-18 11:53] S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\Windows\system32\DRIVERS\se57bus.sys [2006-11-30 16:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-13 15:18:01 C:\Windows\Tasks\User_Feed_Synchronization-{6C92311E-540D-4FDA-963B-B6A48125086D}.job" - C:\Windows\system32\msfeedssync.exe "2008-04-12 18:03:23 C:\Windows\Tasks\User_Feed_Synchronization-{94213F52-C31E-47DB-BC1E-EE054390015F}.job" - C:\Windows\system32\msfeedssync.exe "2008-04-13 14:49:57 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

g!rly · Answer

bonjour?!
http://www.technicland.com/malpolitus.swf 
http://img139.imageshack.us/img139/8973/notdistrimq9.jpg 
Bye`

khalidlesfar · Answer

SmitFraudFix v2.315

Rapport fait à 15:02:03.90, Sun 04/20/2008
Executé à partir de C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\sysrxmfdksp.exe
C:\WINDOWS\syspyukrazv.exe
C:\WINDOWS\sysawpbkvnq.exe
C:\WINDOWS\sysqkmwfedz.exe
C:\WINDOWS\sysnxcphmgy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\config.ini PRESENT !
C:\WINDOWS\mywallpaper.bmp PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\les far


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\les far\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» 


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://alamuae.com/gallery/data/media/29/1576312-0bc6462bd93b8f2e.jpg"
"SubscribedURL"="http://alamuae.com/gallery/data/media/29/1576312-0bc6462bd93b8f2e.jpg"
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.tahfeed.net/site/modules/xcgal/albums/userpics/10007/normal_10007022.jpg"
"SubscribedURL"="http://www.tahfeed.net/site/modules/xcgal/albums/userpics/10007/normal_10007022.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.alamuae.com/gallery/data/media/29/1532151-0f57d0bc77f37bb5.jpg"
"SubscribedURL"="http://www.alamuae.com/gallery/data/media/29/1532151-0f57d0bc77f37bb5.jpg"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.217.0.3
DNS Server Search Order: 196.217.246.210

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E8A3088-9813-4410-B457-14AB96BBF769}: NameServer=212.217.0.3 196.217.246.210
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E8A3088-9813-4410-B457-14AB96BBF769}: NameServer=212.217.0.3 196.217.246.210
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E8A3088-9813-4410-B457-14AB96BBF769}: NameServer=212.217.0.3 196.217.246.210


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

g!rly · Answer

bonjour?!
http://www.technicland.com/malpolitus.swf
http://img139.imageshack.us/img139/8973/notdistrimq9.jpg
Bye`

Maitchou · Answer

Bonjour,
j'ai un problème mon écran est bleu avec inscrit warning! spyware detected on your computer. que dois je faire?
Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:18, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\System32\G-VGA.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\pascal\LOCALS~1\Temp\Rar$EX01.631\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [f098dd72] rundll32.exe "C:\WINDOWS\system32\fbometlg.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files
euf telecom
euf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [yqkveby] c:\documents and settings\pascal\local settings\application data\yqkveby.exe yqkveby
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

g!rly · Answer

salut maitchou,

Tu vas passer ces deux fix :

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

puis

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement un nouveau rapport hijack this stp

Donc ca fait trois rapports...

@+

g!rly · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''

kilerlove · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Application Data\zwbmnqfe\lonuhqpy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mhytudaf.exe
C:\WINDOWS\system32ejolerk.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uiwin] C:\WINDOWS\system32\mhytudaf.exe
O4 - HKCU\..\Run: [sysenchk] C:\WINDOWS\system32\hebwpqpi.exe
O4 - HKLM\..\Policies\Explorer\Run: [6pAP6Dg6XQ] C:\Documents and Settings\All Users\Application Data\zwbmnqfe\lonuhqpy.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - Global Startup: .security
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://fr.yahoo.com/
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.120
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

g!rly · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''

alix · Answer

voici le contre rendu ComboFix 08-11-30.01 - alix 2008-11-30 20:28:41.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1619 [GMT 1:00] * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\adcxxfdk.ini c:\windows\system32\bsxsejjf.ini c:\windows\system32\cbqwes.dll c:\windows\system32\cdnvhrga.ini c:\windows\system32\ceuwrcci.ini c:\windows\system32\ddcApoPI.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\etkuibmd.ini c:\windows\system32\fdownvby.ini c:\windows\system32\fjxaktot.ini c:\windows\system32\gaskdolf.ini c:\windows\system32\ioystggp.ini c:\windows\system32\jvussdtp.ini c:\windows\system32\kgdgjqlq.ini c:\windows\system32\kmvdospe.ini c:\windows\system32\kyapxnrg.ini c:\windows\system32\mfaqgpef.ini c:\windows\system32\miavpovt.ini c:\windows\system32\ngklrvjq.ini c:\windows\system32\ntdpoejj.ini c:\windows\system32\ntrncnig.ini c:\windows\system32\packet.dll c:\windows\system32\pwcjydrn.dll c:\windows\system32\qqqyikvr.ini c:\windows\system32\qwegrkuj.ini c:\windows\system32\rexsgfxq.ini c:\windows\system32\rnrwwcrb.ini c:\windows\system32\rpfhlipr.ini c:\windows\system32\sdmhvrha.ini c:\windows\system32\sspscfcc.ini c:\windows\system32\touwtitw.ini c:\windows\system32\uxFNoUvw.ini c:\windows\system32\uxFNoUvw.ini2 c:\windows\system32\vdmwxanb.ini c:\windows\system32\wpcap.dll c:\windows\system32\xwgclpqd.ini c:\windows\system32\yajxpxst.ini c:\windows\Tasks\ncbstpip.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 )))))))))))))))))))))))))))))))))))) . 2008-11-30 20:33 . 2008-10-18 11:40 81,920 --a------ c:\documents and settings\alix.E1AF6476DDD6479\Application Data\logman.exe 2008-11-30 20:14 . 2008-11-30 20:14 d-------- c:\program files\Trend Micro 2008-11-30 20:01 . 2008-11-30 20:01 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-30 20:01 . 2008-11-30 20:01 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-11-30 20:01 . 2008-11-30 20:01 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Malwarebytes 2008-11-30 20:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-30 20:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-30 18:34 . 2008-11-30 18:35 d-------- c:\documents and settings\alix.E1AF6476DDD6479\SmitfraudFix 2008-11-30 15:16 . 2008-11-30 15:16 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Lavasoft 2008-11-30 13:36 . 2008-11-30 13:36 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec 2008-11-30 13:25 . 2008-10-18 11:40 81,920 --a------ c:\windows\system\mstinit.exe 2008-11-30 13:25 . 2008-10-18 11:40 81,920 --a------ c:\windows\clipsrv.exe 2008-11-29 17:58 . 2008-11-29 17:58 d-------- c:\program files\Stand O'Food 2008-11-29 14:33 . 2008-11-29 14:33 d-------- c:\program files\Lavasoft 2008-11-29 14:33 . 2008-11-29 14:39 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2008-11-29 13:06 . 2008-11-29 13:10 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Ancient Quest of Saqqarah__bfg 2008-11-29 13:00 . 2008-11-30 13:25 2,100 --a------ c:\documents and settings\All Users.BAK 2008-11-29 12:59 . 2008-11-30 15:13 d-------- c:\windows\system32\drivers\NAV 2008-11-29 12:59 . 2008-11-29 12:59 d-------- c:\program files\Windows Sidebar 2008-11-29 12:59 . 2008-11-29 12:59 d-------- c:\program files\Symantec 2008-11-29 12:59 . 2008-11-29 12:59 d-------- c:\program files\Norton AntiVirus 2008-11-29 12:59 . 2008-11-29 13:00 d-------- c:\program files\Fichiers communs\Symantec Shared 2008-11-29 12:59 . 2008-11-29 13:00 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Norton 2008-11-29 12:59 . 2008-11-29 12:59 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-11-29 12:59 . 2008-11-29 12:59 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-11-29 12:59 . 2008-11-29 12:59 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-11-29 12:59 . 2008-11-29 12:59 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-11-29 12:59 . 2008-11-29 12:59 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-11-29 12:57 . 2008-11-29 12:58 d-------- c:\program files\NortonInstaller 2008-11-29 12:57 . 2008-11-29 12:57 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2008-11-29 11:55 . 2008-11-27 13:19 32,256 --a------ c:\windows\system32\frmwrk32.exe 2008-11-29 11:55 . 2008-11-30 20:33 4,785 --a------ c:\windows\system32\warning.gif 2008-11-29 11:55 . 2008-11-30 20:33 3,104 --a------ c:\windows\system32\ntdll64.exe 2008-11-29 11:55 . 2008-11-30 20:33 1,349 --a------ c:\windows\system32\ahtn.htm 2008-11-29 11:55 . 2008-11-29 11:55 1 --a------ c:\windows\system32\uniq.tll 2008-11-29 11:55 . 2008-11-29 11:55 1 --a------ c:\windows\system32\test.ttt 2008-11-28 17:28 . 2008-11-28 17:28 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\PetShowCraze 2008-11-28 17:07 . 2008-11-28 17:26 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\JewelMatch2 2008-11-28 16:54 . 2008-11-28 16:54 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Dragon Altar Games 2008-11-28 16:14 . 2008-11-28 16:14 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Jane s Hotel Family Hero 2008-11-28 10:23 . 2008-11-28 10:23 244 --ah----- C:\sqmnoopt03.sqm 2008-11-28 10:23 . 2008-11-28 10:23 232 --ah----- C:\sqmdata03.sqm 2008-11-27 17:00 . 2008-11-27 17:00 244 --ah----- C:\sqmnoopt02.sqm 2008-11-27 17:00 . 2008-11-27 17:00 232 --ah----- C:\sqmdata02.sqm 2008-11-27 16:50 . 2008-11-27 16:50 244 --ah----- C:\sqmnoopt01.sqm 2008-11-27 16:50 . 2008-11-27 16:50 232 --ah----- C:\sqmdata01.sqm 2008-11-26 11:35 . 2008-11-26 11:34 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-26 10:58 . 2008-11-26 10:58 297,697 --a------ c:\windows\system32\SpywareRemover.exe 2008-11-25 13:20 . 2008-11-29 21:40 d-------- c:\program files\Games 2008-11-24 21:06 . 2008-11-24 21:06 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\MysteryStudio 2008-11-21 18:29 . 2008-11-21 18:29 211,968 --a------ c:\windows\system32\winproc.dll 2008-11-21 18:29 . 2007-08-07 12:03 9,216 --a------ c:\windows\system32\hostsa.db 2008-11-21 18:29 . 2008-11-21 18:29 1,068 --a------ c:\windows\system32\hostsa.zip 2008-11-20 22:16 . 2008-11-20 22:16 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Pi Eye Games 2008-11-12 17:37 . 2008-11-12 19:31 d-------- C:\TEMP 2008-11-12 17:35 . 2008-11-12 17:35 d-------- c:\program files\Alwil Software 2008-11-12 16:43 . 2008-11-12 16:54 d-------- c:\program files\OrangeHSS 2008-11-12 16:43 . 2007-12-11 20:22 65,536 --a------ c:\windows\system32\Autodial2000.dll 2008-11-12 16:42 . 2008-11-12 16:42 d-------- c:\program files\Fichiers communs\France Telecom 2008-11-11 01:07 . 2008-11-11 01:07 d-------- c:\program files\Securitoo 2008-11-11 01:06 . 2006-03-01 18:53 94,208 --a------ c:\windows\system32\w32n50.dll 2008-11-11 01:06 . 2003-09-23 10:38 34,688 --a------ c:\windows\system32\pcampr5.sys 2008-11-11 01:06 . 2006-03-01 18:53 32,128 --a------ c:\windows\system32\pcandis5.sys 2008-11-02 16:42 . 2008-11-02 16:42 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\dvdcss 2008-10-30 12:58 . 2008-10-30 12:58 19,517 --a------ c:\windows\system32\bvqgidbs.dll 2008-10-30 12:55 . 2008-10-30 12:55 19,432 --a------ c:\windows\system32\pksoimad.exe 2008-10-30 12:52 . 2008-10-30 12:52 19,522 --a------ c:\windows\system32\pawrgslg.dll 2008-10-30 12:47 . 2008-10-30 12:47 19,432 --a------ c:\windows\system32\xbjoifub.exe 2008-10-29 22:21 . 2008-10-29 22:21 19,432 --a------ c:\windows\system32\kouuavjv.exe 2008-10-29 22:18 . 2008-10-29 22:18 19,522 --a------ c:\windows\system32\dmvbrhaa.dll 2008-10-29 22:15 . 2008-10-29 22:15 19,517 --a------ c:\windows\system32\qmhixjmv.dll 2008-10-29 22:09 . 2008-10-29 22:09 19,432 --a------ c:\windows\system32\qpvkbgsi.exe 2008-10-29 21:18 . 2008-10-29 21:18 19,432 --a------ c:\windows\system32\miionbui.exe 2008-10-29 21:09 . 2008-10-29 21:09 19,517 --a------ c:\windows\system32\fppspxaa.dll 2008-10-29 21:06 . 2008-10-29 21:06 19,517 --a------ c:\windows\system32\xnvgmnyh.dll 2008-10-29 20:12 . 2008-10-29 20:12 19,517 --a------ c:\windows\system32\lvtpjxgw.dll 2008-10-29 20:09 . 2008-10-29 20:09 19,522 --a------ c:\windows\system32\xxdpfsmd.dll 2008-10-29 20:06 . 2008-10-29 20:06 19,432 --a------ c:\windows\system32\tepchicl.exe 2008-10-29 20:03 . 2008-10-29 20:03 19,517 --a------ c:\windows\system32\jgsivkpe.dll 2008-10-29 19:12 . 2008-10-29 19:12 19,522 --a------ c:\windows\system32\mwjaylgd.dll 2008-10-29 19:09 . 2008-10-29 19:09 19,517 --a------ c:\windows\system32\jivyspbb.dll 2008-10-29 19:06 . 2008-10-29 19:06 19,432 --a------ c:\windows\system32\onefisml.exe 2008-10-29 19:00 . 2008-10-29 19:00 19,432 --a------ c:\windows\system32\wvjeqjav.exe 2008-10-29 18:09 . 2008-10-29 18:09 19,517 --a------ c:\windows\system32\tnivlynj.dll 2008-10-29 18:06 . 2008-10-29 18:06 19,522 --a------ c:\windows\system32\lggrjjxm.dll 2008-10-29 18:00 . 2008-10-29 18:00 19,432 --a------ c:\windows\system32\shiwpynx.exe 2008-10-29 17:57 . 2008-10-29 17:57 19,522 --a------ c:\windows\system32\fgweshyu.dll 2008-10-29 17:06 . 2008-10-29 17:06 19,432 --a------ c:\windows\system32\eplifyta.exe 2008-10-29 17:00 . 2008-10-29 17:00 19,522 --a------ c:\windows\system32\jfbjutob.dll 2008-10-29 16:57 . 2008-10-29 16:57 19,517 --a------ c:\windows\system32\pskkhfla.dll 2008-10-29 16:54 . 2008-10-29 16:54 19,522 --a------ c:\windows\system32\ykgcgqmb.dll 2008-10-29 16:03 . 2008-10-29 16:03 19,517 --a------ c:\windows\system32\aemusfek.dll 2008-10-29 15:57 . 2008-10-29 15:57 19,432 --a------ c:\windows\system32\ufbekpns.exe 2008-10-29 15:54 . 2008-10-29 15:54 19,522 --a------ c:\windows\system32\fnsabdvo.dll 2008-10-29 15:51 . 2008-10-29 15:51 19,432 --a------ c:\windows\system32\jsiufmxn.exe 2008-10-29 12:36 . 2008-10-29 12:36 19,432 --a------ c:\windows\system32\chdvhwcn.exe 2008-10-29 12:33 . 2008-10-29 12:33 19,517 --a------ c:\windows\system32\mdqkwfyd.dll 2008-10-29 12:27 . 2008-10-29 12:27 19,522 --a------ c:\windows\system32\uxytsvbs.dll 2008-10-28 12:33 . 2008-10-28 12:33 19,432 --a------ c:\windows\system32\mffqulpl.exe 2008-10-28 12:30 . 2008-10-28 12:30 19,517 --a------ c:\windows\system32\dlaycolu.dll 2008-10-21 18:46 . 2008-10-21 18:46 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\JoyBits 2008-10-21 17:43 . 2008-11-25 12:53 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\MumboJumbo 2008-10-18 17:15 . 2008-10-18 17:15 d-------- c:\program files\Jojo's Fashion Show 2 - Las Cruces 2008-10-18 12:40 . 2008-10-18 12:40 d-------- c:\program files\TuneUp Utilities 2007 2008-10-18 11:43 . 2008-11-30 20:23 d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2008-10-18 11:43 . 2008-10-18 12:42 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software 2008-10-18 11:40 . 2008-10-18 11:40 81,920 --a------ c:\windows\system32\drivers\comrepl.exe 2008-10-18 11:40 . 2008-10-18 11:40 81,920 --a------ c:\documents and settings\alix.E1AF6476DDD6479\Application Data\ieudinit.exe 2008-10-14 10:20 . 2008-10-14 03:00 12,862 --a------ c:\windows\webgame.ico 2008-10-11 15:56 . 2008-10-11 15:56 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\SPORE 2008-10-11 15:56 . 2008-10-11 15:56 dr-h----- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\SecuROM 2008-10-09 16:04 . 2008-11-16 19:35 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Gamelab 2008-10-08 22:17 . 2008-10-11 09:29 d-------- c:\program files\Jojos Fashion Show 2 2008-10-08 12:21 . 2008-10-08 12:21 d-------- c:\windows\Slingo Supreme 2008-10-08 12:21 . 2008-10-08 12:21 d-------- c:\windows\Cooking Dash 2008-10-08 12:21 . 2008-10-08 12:21 d-------- c:\program files\Slingo Supreme 2008-10-08 12:21 . 2008-10-08 12:21 d-------- c:\program files\Cooking Dash 2008-10-07 21:11 . 2008-10-07 21:11 d-------- c:\documents and settings\alix.E1AF6476DDD6479\Application Data\EleFun Games 2008-10-06 13:42 . 2008-10-13 14:06 211,968 --a------ c:\windows\WinProc.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 19:33 --------- d-----w c:\documents and settings\alix.E1AF6476DDD6479\Application Data\OpenOffice.org2 2008-11-30 17:15 --------- d-----w c:\program files\eMule 2008-11-30 14:11 5,330 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-11-30 14:11 --------- d-----w c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Corel 2008-11-29 20:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache 2008-11-29 16:59 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Playrix Entertainment 2008-11-29 11:22 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2008-11-27 19:26 --------- d-----w c:\documents and settings\alix.E1AF6476DDD6479\Application Data\uTorrent 2008-11-27 13:53 --------- d-----w c:\program files\Everest Poker 2008-11-26 10:34 --------- d-----w c:\program files\Java 2008-11-24 20:32 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Valusoft 2008-11-24 20:32 --------- d-----w c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Valusoft 2008-11-23 15:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst 2008-11-16 20:31 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Fugazo 2008-11-16 19:41 --------- d-----w c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Pogo Games 2008-11-16 08:54 --------- d-----w c:\program files\bfgclient 2008-11-12 18:32 --------- d-----w c:\program files\Eset 2008-11-12 15:59 --------- d-----w c:\program files\uTorrent 2008-10-11 14:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-11 14:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-09 14:57 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\MythPeople 2008-04-08 16:33 0 ----a-w c:\program files\temp01 2008-04-09 18:55 8 --sh--r c:\windows\system32\EF9CE43B7D.sys . ------- Sigcheck ------- 2006-04-14 13:04 297984 70921de4c83652dc301a05f0cc46c985 c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-26 297697] "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800] "Framework Windows"="frmwrk32.exe" [2008-11-27 c:\windows\system32\frmwrk32.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlpo_04"="md %USERPROFILE%\Local Settings\Temp" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] "nlpo_05"="advpack.dll" [2004-08-04 c:\windows\system32\advpack.dll] "nlpo_06"="advpack.dll" [2004-08-04 c:\windows\system32\advpack.dll] "nlpo_08"="advpack.dll" [2004-08-04 c:\windows\system32\advpack.dll] "nlpo_09"="advpack.dll" [2004-08-04 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "MstInit"="c:\windows\System\mstinit.exe" [2008-10-18 81920] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "Logman"="c:\docume~1\ALIX~1.E1A\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2008-10-18 81920] [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run] "ComRepl"="c:\windows\System32\drivers\comrepl.exe" [2008-10-18 81920] c:\documents and settings\alix.E1AF6476DDD6479\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-01-30 577536] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=c:\docume~1\ALIX~1.E1A\APPLIC~1\logman.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=cbgllk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Windows Live\Messenger\livecall.exe"= "c:\Program Files\eMule\emule.exe"= "c:\Program Files\Messenger\msmsgs.exe"= "c:\Program Files\Bonjour\mDNSResponder.exe"= "c:\Program Files\iTunes\iTunes.exe"= "c:\Program Files\uTorrent\uTorrent.exe"= "c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"= "d:\Rappelz\HackShield\HSUpdate.exe"= "c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\SystemRoot\System32\Drivers\NAV\1001000.021\SYMEFA.SYS [] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1001000.021\BHDrvx86.sys [2008-11-29 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1001000.021\ccHPx86.sys [2008-11-29 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2008-11-29 274808] R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll" /prefetch:1 [] S3 EraserUtilDrv10822;EraserUtilDrv10822;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10822.sys [] S3 se59bus;Sony Ericsson Device 089 driver (WDM);c:\windows\system32\DRIVERS\se59bus.sys [2008-06-30 61536] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se59mdfl.sys [2008-06-30 9360] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se59mdm.sys [2008-06-30 97088] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se59mgmt.sys [2008-06-30 88624] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);c:\windows\system32\DRIVERS\se59nd5.sys [2008-06-30 18704] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se59obex.sys [2008-06-30 86432] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);c:\windows\system32\DRIVERS\se59unic.sys [2008-06-30 90800] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53c0424a-43bf-11dd-b201-000000000000}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90a11ccf-0504-11dd-9400-806d6172696f}] \Shell\AutoRun\command - E:\Setup.exe . Contenu du dossier 'Tâches planifiées' 2008-11-28 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53] 2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{1FB5C8F6-82F0-49CE-BCD9-9C80DDA48E26} - (no file) BHO-{8C8A0F0B-BE38-4BD1-B116-7E7B10BD4B48} - (no file) HKLM-Run-msspac - ortfta.dll HKU-Default-Run-UberIcon - c:\program files\UberIcon\UberIcon Manager.exe ShellExecuteHooks-{1FB5C8F6-82F0-49CE-BCD9-9C80DDA48E26} - (no file) Notify-pmnkjHaA - pmnkjHaA.dll . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\alix.E1AF6476DDD6479\Application Data\Mozilla\Firefox\Profiles\46x0vpfd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 20:33:12 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll\" /prefetch:1" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(232) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(404) c:\windows\system32\setupapi.dll - - - - - - - > 'csrss.exe'(1368) c:\windows\system32\winsrv.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\program files\OrangeHSS\Launcher\Launcher.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\Crypserv.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\PSIService.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe c:\windows\system32\WgaTray.exe c:\program files\OrangeHSS\Systray\SystrayApp.exe c:\program files\OrangeHSS\Deskboard\Deskboard.exe c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe c:\program files\Fichiers communs\Teleca Shared\Generic.exe c:\program files\OrangeHSS\Connectivity\corecom\CoreCom.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\program files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0/u\FTCOMModule.exe . ************************************************************************** . Heure de fin: 2008-11-30 20:37:44 - La machine a redémarré [alix] ComboFix-quarantined-files.txt 2008-11-30 19:37:39 Avant-CF: 29,206,294,528 octets libres Après-CF: 29,132,550,144 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer 379 --- E O F --- 2008-07-15 11:33:37

g!rly · Answer

je t´ai jamais rien demandé

Ecran bleu warning! spyware detected on your

25 réponses

Discussions similaires