' VK_scan.exe '

Résolu
trizio Messages postés 10 Statut Membre -  
 moi meme -
Bonjour,
voila j ai un petit soucis avec mn pc.
J ai ouvert un mail et biensur bang !!! virus !!
depuis j ai spy bot qui analyse sans cesse, des pages de jeux en pub, des pages de pub de casino...
bref, j ai essayé beaucoup de chose...
j ai installé Viruskeeper et lorsque je fais une analyse complete ou approfondie, il m note: violation d' acces à l adresse00402b43 dans le module ' vk_scan.exe' ....
merci de m aider..
Trizio ...
Configuration: Windows XP
Internet Explorer 7.0

64 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une infection informatique survient après l'ouverture d'un mail sur Windows XP, provoquant des pubs parasites et des analyses continues par des outils anti‑malware, avec une violation d'accès signalée par VirusKeeper lors d'une analyse.
Plusieurs conseils préconisent l'usage de HijackThis pour diagnostiquer les entrées indésirables, l'exécution d'un balayage avec MBAM ou des outils en ligne, puis des suppressions guidées par ToolsCleaner et des rapports détaillés.
D'autres interventions recommandent des rapports comme Navilog et des analyses des registres, tout en avertissant de ne pas procéder à une désinfection sans avis d'expert.
En complément, certains échanges insistent sur l'importance d'éloigner les solutions payantes douteuses et de privilégier des méthodes reconnues, surtout sur des systèmes anciens comme XP.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. léo
     
    0
    1. trizio Messages postés 10 Statut Membre
       
      Merci Léo j y cours !!!
      0
    2. trizio Messages postés 10 Statut Membre
       
      Léo je l ai fais!!! ok .
      Mais j ai encore plus peur...
      j ai un rapport je le depose ?

      merci a+
      0
    3. trizio Messages postés 10 Statut Membre
       
      slt
      bon ca a l air d aller
      mais je n ai plus la meme configuration
      cad
      mon window n est plus pareil, je n ai plus la colone de gauche
      Merci...
      0
  2. Utilisateur anonyme
     
    ouui
    0
    1. trizio Messages postés 10 Statut Membre
       
      slt merci de me repondre !!!
      Mais l analyse s est arretée...
      voici ce qu il en est sorti

      Malwarebytes' Anti-Malware 1.14
      Version de la base de données: 813

      00:42:14 02/06/2008
      mbam-log-6-2-2008 (00-42-14).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 154565
      Temps écoulé: 33 minute(s), 53 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 3
      Clé(s) du Registre infectée(s): 30
      Valeur(s) du Registre infectée(s): 7
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 6
      Fichier(s) infecté(s): 25

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{30bed1e9-6404-47c8-ba48-ccfb5684a366} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30bed1e9-6404-47c8-ba48-ccfb5684a366} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdcyrr (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\laughnetwork (Hijacker.Searchnut) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08e6c37d (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0bd5f0e1 (Trojan.Agent) -> Delete on reboot.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnllkbt -> Delete on reboot.

      Dossier(s) infecté(s):
      C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\laughnetwork (Hijacker.Searchnut) -> Quarantined and deleted successfully.
      C:\Program Files\laughnetwork\Temp (Hijacker.Searchnut) -> Quarantined and deleted successfully.
      C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Delete on reboot.
      C:\kl.exe (Malware.Tool) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\KCTQ8Y9E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\KCTQ8Y9E\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\KCTQ8Y9E\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP281\A0075770.exe (Malware.Tool) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP284\A0076468.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP285\A0076555.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP285\A0076558.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP285\A0076744.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\krclxaqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\opnommmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
      C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
      C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
      C:\Program Files\laughnetwork\Temp\license.txt (Hijacker.Searchnut) -> Quarantined and deleted successfully.
      C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ejkvdluj.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vtUOHYpp.dll (Trojan.vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Patrizio\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
      0
      1. trizio Messages postés 10 Statut Membre > trizio Messages postés 10 Statut Membre
         
        je viens de refaire une analyse et ca donne :
        Malwarebytes' Anti-Malware 1.14
        Version de la base de données: 813

        08:40:33 02/06/2008
        mbam-log-6-2-2008 (08-40-33).txt

        Type de recherche: Examen complet (C:\|)
        Eléments examinés: 124324
        Temps écoulé: 19 minute(s), 32 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 1
        Valeur(s) du Registre infectée(s): 0
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 0
        Fichier(s) infecté(s): 5

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        (Aucun élément nuisible détecté)

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        (Aucun élément nuisible détecté)

        Fichier(s) infecté(s):
        C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        0
  3. trizio Messages postés 10 Statut Membre
     
    voici l analyse de navilog
    Search Navipromo version 3.5.7 commencé le 02/06/2008 à 9:25:27,40

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Patrizio"

    Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Patrizio\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Patrizio\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Patrizio\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Patrizio\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Patrizio\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\adLRYcfe.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\adMTDJjl.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\cLUxyGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\EeMnmnmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\JikUCJlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\JTAadcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\oVwFOXbc.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\tBKllnnn.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\uvwwyccf.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\vGNXayay.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\wyayaGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 02/06/2008 à 9:29:57,82 ***

    Merci...
    0
  4. Utilisateur anonyme
     
    • Télécharger VundoFix.exe

    http://www.atribune.org/public-beta/VundoFix.exe

    Utilise VundoFix (de Atribune)
    • Mettre le fichier VundoFix.exe sur le Bureau Windows.
    • Fermer tous les programmes car il va y avoir arrêt du PC.
    • double clic sur VundoFix.exe
    (les droits administratifs sont nécessaires sinon les accès dont à besoin VundoFix.exe lui seront refusés)
    • Click sur le bouton Scan for Vundo
    • Click sur le bouton Remove Vundo lorsque le balayage (scan) est terminé,
    • Click sur Yes sur l'invite de demande de suppression de fichiers s'il y a infection,
    Le Bureau va disparaitre un moment lors de la suppression des fichiers
    Une fenêtre annonce que le PC va redémarrer:
    • Click sur OK
    • Copier/coller le contenu du rapport situé dans C:\vundofix.txt + un rapport HitJackThis

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer.
    Si tel est le cas, l'outil se lancera au prochain redémarrage.
    Il faut simplement suivre les instructions ci-dessus, à partir de :
    Click sur le bouton Scan for Vundo.
    0
    1. trizio Messages postés 10 Statut Membre
       
      slt
      comme reponse j ai : done searching for files. No infected were found...
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. trizio Messages postés 10 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 17:24:21, on 02/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\ImageStudio\LowLight.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\FSPC\fspc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: {4ee2e39d-be14-c1e8-7934-9866b6cc6541} - {1456cc6b-6689-4397-8e1c-41ebd93e2ee4} - C:\WINDOWS\system32\lyxpxsdp.dll
    O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
    O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
    O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
    O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
    O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
    O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    0
  7. Utilisateur anonyme
     
    non pas un log hijackthis mais un log de Vundofix :D
    0
    1. trizio Messages postés 10 Statut Membre
       
      ? dsl je ne suis pas la !!!
      0
  8. Utilisateur anonyme
     
    Télécharge VirtumundoBeGone sur ton bureau .
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => double-clic sur VirtumundoBeGone.exe
    => Suis les instructions à l'écran
    => Quand le scan est terminé, enregistre le rapport.
    => Copie/Colle le ici avec l'autre

    ------------------------

    Passe en mode sans echec et refait un passage de MBAM :

    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    poste moi les rapports
    0
    1. trizio
       
      [06/03/2008, 16:52:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Patrizio\Mes documents\VirtumundoBeGone.exe" )
      [06/03/2008, 16:52:04] - Detected System Information:
      [06/03/2008, 16:52:04] - Windows Version: 5.1.2600, Service Pack 2
      [06/03/2008, 16:52:04] - Current Username: Patrizio (Admin)
      [06/03/2008, 16:52:04] - Windows is in NORMAL mode.
      [06/03/2008, 16:52:04] - Searching for Browser Helper Objects:
      [06/03/2008, 16:52:04] - BHO 1: {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - BHO 2: {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - BHO 3: {2F47D105-79FF-4659-B6DE-3C86998E5AA8} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - Checking for HKLM\...\Winlogon\Notify\mlJCUkiJ
      [06/03/2008, 16:52:04] - Key not found: HKLM\...\Winlogon\Notify\mlJCUkiJ, continuing.
      [06/03/2008, 16:52:04] - BHO 4: {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - Checking for HKLM\...\Winlogon\Notify\cbXOFwVo
      [06/03/2008, 16:52:04] - Key not found: HKLM\...\Winlogon\Notify\cbXOFwVo, continuing.
      [06/03/2008, 16:52:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [06/03/2008, 16:52:04] - BHO 6: {5B4B2D5C-F77E-4769-B24D-C198133C9034} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [06/03/2008, 16:52:04] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - BHO 9: {A5F20A06-9BE5-467B-B19B-6E755A411459} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [06/03/2008, 16:52:04] - BHO 11: {D1E461F4-F5B7-4EF6-8B39-273A84704689} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - BHO 12: {F97109E3-C041-4B16-9E5B-83F1905267D8} ()
      [06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/03/2008, 16:52:04] - No filename found. Continuing.
      [06/03/2008, 16:52:04] - Finished Searching Browser Helper Objects
      [06/03/2008, 16:52:04] - Finishing up...
      [06/03/2008, 16:52:04] - Nothing found! Exiting...
      0
    2. trizio
       
      slt en plus maintenant j ai :
      roolkit-gen
      0
  9. Utilisateur anonyme
     
    post moi un rapport hijackthis mais avant :

    · Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
    http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    · Clique sur Recherche et laisse le scan se terminer.
    · Clique, sur Suppression pour finaliser.
    · Tu peux, si tu le souhaites, te servir des Options facultatives.
    · Clique sur Quitter, pour que le rapport puisse se créer.
    · Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

    ---------------------

    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    http://www.tutoriaux-excalibur.com/hijackthis.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    -------------------

    redémarre en mode sans echec :

    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    refait un scan avec MBAM

    ---------------------------

    Va sur ce site , /!\ Internet Explorer obligatoire /!\ (https://www.bitdefender.com/toolbox/ Clique sur ' J'accepte ' , Installe les ActiveX si necessaire ,et vérifie si ils sont bien configurés(http://www.inoculer.com/activex.php3 Clique sur ' installer ' puis ' click here to scan '( ou : cliquez ici pour scanner ).
    Et poste moi le rapport. ( qui se trouve ici -> C:\windows\bdoscan8\scanres.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Tutorial : http://pageperso.aol.fr/loraline60/bitdefender_scan.htm

    ---------------------------------

    As tu toujours des pages de pubs intempestives ?
    0
    1. trizio
       
      c vrai que je n ai plus de pub ;)
      0
  10. trizio
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:25:04, on 04/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Logitech\ImageStudio\LowLight.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\Program Files\Pack Securite\FSPC\fspc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\G7311UG1\ToolsCleaner2[1].exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Spyware Doctor\pctsGui.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
    O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
    O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
    O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
    O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
    O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    0
  11. Utilisateur anonyme
     
    ok je regarderai le log ce soir, post les autres log en attendant
    0
    1. trizio
       
      j ai fais ce que tu m as dis en mode sans echec mais cela n a pas du fonctionner!
      car je n arrivais plus a demarer en mode normal
      donc j ai fais le chemin inverse !!!
      Logfile of HijackThis v1.99.1
      Scan saved at 14:18:50, on 04/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      C:\Program Files\Pack Securite\Common\FSM32.EXE
      C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Shareaza\Shareaza.exe
      C:\Program Files\Logitech\ImageStudio\LowLight.exe
      C:\WINDOWS\ATKKBService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Pack Securite\Common\FSMA32.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Pack Securite\Common\FSMB32.EXE
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Pack Securite\Common\FCH32.EXE
      C:\Program Files\Pack Securite\Common\FAMEH32.EXE
      C:\Program Files\Pack Securite\FSPC\fspc.exe
      C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
      O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
      O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
      O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
      O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
      O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
      O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

      ________________________________________________________________________________________
      Malwarebytes' Anti-Malware 1.14
      Version de la base de données: 820

      14:40:04 04/06/2008
      mbam-log-6-4-2008 (14-40-04).txt

      Type de recherche: Examen rapide
      Eléments examinés: 43854
      Temps écoulé: 3 minute(s), 36 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  12. Utilisateur anonyme
     
    Bonjour,
    Ma premiere question :
    As tu executer Toolcleaner ? car ton dernier post de hijack me montre la version 1.99.1 de Hijack ?

    post moi le rapport de toolscleaner

    puis execute bien toute les instructions que j'ai mis dans le post 17

    /!\ il est important d'avoir les toutes dernières versions /!\
    0
    1. trizio
       
      slt voila c tout ce qu il me donne...
      -->- Recherche:

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
      C:\Documents and Settings\Patrizio\Bureau\HijackThis.lnk: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

      ---------------------------------
      -->- Suppression:
      0
  13. Utilisateur anonyme
     
    ok clik sur suppression puis fait la suite du poste pour réinstaller une version a jour de hijack ;)
    0
    1. trizio
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:15:30, on 04/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      C:\Program Files\Pack Securite\Common\FSM32.EXE
      C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Shareaza\Shareaza.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Logitech\ImageStudio\LowLight.exe
      C:\WINDOWS\ATKKBService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Pack Securite\Common\FSMA32.EXE
      C:\Program Files\Pack Securite\Common\FSMB32.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Pack Securite\Common\FCH32.EXE
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Pack Securite\Common\FAMEH32.EXE
      C:\Program Files\Pack Securite\FSPC\fspc.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
      O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
      O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
      O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
      O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
      O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
      O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
      0
  14. Utilisateur anonyme
     
    ok on avance ;)

    relance hijackthis, coches les cases devant ces lignes puis clique sur fix checked et post un nouveau log :

    O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
    O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
    O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
    O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)

    O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
    O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
    O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

    ------------------------

    Ensuite passe en mode sans echec et effectue un scan complet avec MBAM.

    mode sans echec :

    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    ---------------------------

    peux tu téléchargé GenProc :

    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

    Ensuite dézippe le dossier puis double-clique sur le fichier GenProc.bat

    Une fois qu'il a finit son analyse post le log qui vient de s'ouvrir dans Bloc note et reviens poster le log ici.
    (Suit les instructions une fois que tu m'auras posté le log)

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
    1. trizio
       
      Logfile of HijackThis v1.99.1
      Scan saved at 18:04:45, on 04/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      C:\Program Files\Pack Securite\Common\FSM32.EXE
      C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Shareaza\Shareaza.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Logitech\ImageStudio\LowLight.exe
      C:\WINDOWS\ATKKBService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Pack Securite\Common\FSMA32.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Pack Securite\Common\FSMB32.EXE
      C:\Program Files\Pack Securite\Common\FCH32.EXE
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Pack Securite\Common\FAMEH32.EXE
      C:\Program Files\Pack Securite\FSPC\fspc.exe
      C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_scanprocess.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
      0
    2. trizio
       
      Malwarebytes' Anti-Malware 1.14
      Version de la base de données: 820

      20:40:33 04/06/2008
      mbam-log-6-4-2008 (20-40-33).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 155690
      Temps écoulé: 2 hour(s), 29 minute(s), 3 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      0
    3. trizio
       
      Rapport GenProc 1.968 [1] effectué le 04/06/2008 à 20:55:30,92 - Windows XP

      Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

      # Etape 1/ Télécharge :

      - Lop S&D.exe (Eric 71 & Angeldark) https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 sur ton bureau.

      - VundoFix.exe (Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

      - combofix.exe (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau

      - SmitfrauFix (S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.exe
      * double-clique sur le fichier "smitfraudfix.exe" et choisis l'option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

      - MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.


      ***** Copie la suite de la procédure dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Patrizio") *****


      # Etape 2/

      * Double-clique VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo". Lorsque le scan est complété, clique sur le bouton "Fix Vundo", une invite te demandera si tu veux supprimer les fichiers, clique YES : le Bureau disparaîtra un moment lors de la suppression des fichiers. Tu verras une invite qui t'annonce que ton PC va redémarrer : clique OK
      Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

      * Double clique combofix.exe. Tape sur la touche Y (Yes) pour démarrer le scan ; lorsque le scan sera complété, un rapport apparaîtra.

      # Etape 3/

      Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

      # Etape 4/

      Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
      - Exécute l'option R.
      - Si l'infection est détectée, exécute l'option N.
      - Sauvegarde ce rapport sur ton bureau.

      # Etape 5/

      Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

      # Etape 6/

      Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

      # Etape 7/

      Redémarre normalement et poste, dans la même réponse :
      - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
      - Le contenu du rapport situé dans C:\vundofix.txt ;
      - Le contenu du rapport situé dans C:\Combofix.txt ;
      - Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
      - Le contenu du rapport MSNfix situé sur le Bureau ;
      - Le contenu du rapport C:\lopR.txt ;


      Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
      0
  15. trizio
     
    SmitFraudFix v2.323

    Rapport fait à 21:16:53,31, 04/06/2008
    Executé à partir de C:\Documents and Settings\Patrizio\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Logitech\ImageStudio\LowLight.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\FSPC\fspc.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrizio

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrizio\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrizio\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  16. trizio
     
    le mode sans echec n a pas fontioné avec vundo
    apres combo le pc s est etint
    et je suis revenu en mode normal !!!!
    :(
    0
    1. trizio
       
      j ai le log de combo
      0
  17. Utilisateur anonyme
     
    ton mode sans echec fonctionne t il ou tu rencontre des problèmes ?

    peux tu me poster le log de combo ?

    As tu réussi a faire la suite ?
    0
    1. trizio
       
      bonjour, je n ai pas pu faire la suite non...
      je v essayer de continuer aujourd hui ?
      c le log de combo:
      ComboFix 08-06-03.4 - Patrizio 2008-06-04 21:43:47.2 - NTFSx86 MINIMAL
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1706 [GMT 2:00]
      Endroit: C:\Documents and Settings\Patrizio\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Patrizio\Application Data\inst.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-04 21:25 . 2008-06-04 21:25 <REP> d-------- C:\VundoFix Backups
      2008-06-04 21:01 . 2008-06-04 21:01 <REP> d-------- C:\Lop SD
      2008-06-04 13:33 . 2008-06-04 13:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
      2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-06-04 13:20 . 2007-08-31 16:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
      2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-06-04 13:20 . 2007-08-31 17:32 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
      2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-06-04 13:20 . 2008-06-04 13:20 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-06-04 11:24 . 2008-06-04 17:15 <REP> d-------- C:\Program Files\Trend Micro
      2008-06-04 11:13 . 2008-06-04 18:41 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-06-04 11:13 . 2008-06-04 11:13 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Tools
      2008-06-04 11:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-06-04 11:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-06-04 11:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-06-04 11:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-06-03 18:16 . 2008-06-04 21:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-06-02 17:24 . 2008-06-04 18:04 <REP> d-------- C:\Program Files\Hijackthis Version Française
      2008-06-01 23:49 . 2008-06-04 11:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Malwarebytes
      2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-01 23:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-01 23:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Program Files\Shareaza
      2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Shareaza
      2008-05-29 19:35 . 2008-06-04 17:05 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\skypePM
      2008-05-29 19:35 . 2008-05-29 19:35 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
      2008-05-29 19:33 . 2008-06-04 21:10 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Skype
      2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Skype
      2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Fichiers communs\Skype
      2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
      2008-05-29 18:53 . 2008-06-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-05-29 18:53 . 2008-05-29 18:53 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-05-29 09:50 . 2008-05-29 09:50 <REP> d-------- C:\Program Files\AxBx
      2008-05-29 09:45 . 2008-05-29 16:59 <REP> d-------- C:\Program Files\Panda Security
      2008-05-28 16:59 . 2008-05-28 16:59 <REP> d-------- C:\Program Files\Lavasoft
      2008-05-28 16:59 . 2008-05-28 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-05-28 16:58 . 2008-05-28 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-28 12:20 . 2008-05-28 12:20 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
      2008-05-28 12:17 . 2005-06-15 02:17 427,520 --a------ C:\WINDOWS\WRServices.dll
      2008-05-28 11:52 . 2008-05-28 11:52 <REP> d--hs---- C:\ProtectionConue
      2008-05-28 11:52 . 2008-05-28 11:52 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\ProtectionConue
      2008-05-28 11:52 . 2008-05-28 11:52 <REP> dr-h----- C:\Documents and Settings\All Users\Application Data\SalesMon
      2008-05-26 13:38 . 2008-05-26 15:47 <REP> d-------- C:\Documents and Settings\Patrizio\.housecall6.6
      2008-05-25 22:34 . 2008-05-25 22:43 <REP> d-------- C:\WINDOWS\system32\vntiho18
      2008-05-25 21:18 . 2008-05-25 22:21 <REP> d-------- C:\WINDOWS\system32\xnA
      2008-05-25 21:18 . 2008-05-29 09:34 <REP> d-------- C:\WINDOWS\system32\vntiho05
      2008-05-25 21:18 . 2008-05-26 08:27 <REP> d-------- C:\WINDOWS\system32\brW
      2008-05-25 21:18 . 2008-05-25 22:14 <REP> d-------- C:\WINDOWS\system32\3056v
      2008-05-25 21:18 . 2008-06-04 21:04 <REP> d-------- C:\Temp
      2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
      2008-05-11 19:36 . 2008-05-12 09:37 <REP> d-------- C:\Program Files\Azureus
      2008-05-11 19:36 . 2008-05-12 01:30 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Azureus
      2008-05-11 19:36 . 2008-05-11 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
      2008-05-09 17:45 . 2008-05-09 17:45 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Nokia Multimedia Player
      2008-05-09 17:39 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
      2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\PC Connectivity Solution
      2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Nokia
      2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
      2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
      2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\DIFX
      2008-05-09 17:36 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Suite
      2008-05-09 17:36 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
      2008-05-09 17:36 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
      2008-05-09 17:36 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
      2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
      2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
      2008-05-09 17:36 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
      2008-05-09 17:33 . 2008-05-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-04 19:16 4,224 ----a-w C:\WINDOWS\system32\tmp.reg
      2008-06-04 12:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
      2008-06-04 08:49 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
      2008-06-02 19:33 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
      2008-06-02 19:33 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\CamfrogWEB
      2008-06-02 17:01 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      2008-05-29 21:18 --------- d-----w C:\Program Files\Google
      2008-05-29 18:14 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\MSN6
      2008-05-29 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-05-28 15:17 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\LimeWire
      2008-05-28 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
      2008-05-27 20:12 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Vso
      2008-05-26 15:51 --------- d-----w C:\Program Files\Toox
      2008-05-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-25 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-05-25 19:15 --------- d-----w C:\Program Files\LimeWire
      2008-05-22 14:25 --------- d-----w C:\Program Files\adslTV
      2008-05-11 14:15 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Nokia
      2008-04-30 10:47 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\ACD Systems
      2008-04-30 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
      2008-04-30 10:40 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
      2008-04-30 10:40 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
      2008-04-30 10:40 --------- d-----w C:\Program Files\ACD Systems
      2008-04-30 10:18 --------- d-----w C:\Program Files\eMule
      2008-04-30 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
      2008-04-30 06:46 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
      2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
      2008-04-26 17:04 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\globallist
      2008-04-21 17:48 --------- d-----w C:\Program Files\CFWebAdvancedU
      2008-04-21 09:57 --------- d-----w C:\Program Files\YesMessenger
      2008-04-19 17:24 --------- d-----w C:\Program Files\EsetOnlineScanner
      2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\xing shared
      2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-04-15 12:01 --------- d-----w C:\Program Files\Neuf
      2008-04-07 16:54 --------- d-----w C:\Program Files\Alwil Software
      2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
      2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-04 09:04 14,869,504 ----a-w C:\WINDOWS\aolback.exe
      2008-02-25 09:23 47,360 ----a-w C:\Documents and Settings\Patrizio\Application Data\pcouffin.sys
      2007-12-29 15:05 56 --sh--r C:\WINDOWS\system32\5597841D0A.sys
      .

      ((((((((((((((((((((((((((((( snapshot@2008-06-04_21.12.16.98 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-06-04 19:08:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-06-04 19:23:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
      "WebCamRT.exe"="" []
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 23:18 171448]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
      "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50 8425472]
      "GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
      "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208]
      "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
      "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
      "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-15 18:44 185896]
      "Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2004-09-08 12:22 225280]
      "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
      "VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-05-21 12:55 2999680]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
      "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]
      "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 17:17:08 113664]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-22 09:30:55 169472]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.mxmc"= MimicICM.DLL
      "VIDC.ACDV"= ACDV.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
      "C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
      "C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
      "C:\\Program Files\\adslTV\\adsltv.exe"=
      "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
      "C:\\Program Files\\Shareaza\\Shareaza.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

      S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
      S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
      S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
      S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-05-10 12:50]
      S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
      S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
      S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-05-29 19:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-06-04 19:00:00 C:\WINDOWS\Tasks\BF32F4BA96156786.job"
      - c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-04 21:45:27
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-04 21:46:15
      ComboFix-quarantined-files.txt 2008-06-04 19:46:10
      ComboFix2.txt 2008-06-04 19:13:47

      Pre-Run: 21,086,629,888 octets libres
      Post-Run: 21,079,740,416 octets libres

      227 --- E O F --- 2008-06-04 16:03:16
      0
      1. trizio > trizio
         
        Logfile of HijackThis v1.99.1
        Scan saved at 09:12:45, on 05/06/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\ATKKBService.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Pack Securite\Common\FSMA32.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\Pack Securite\Common\FSMB32.EXE
        C:\Program Files\Spyware Doctor\pctsAuxs.exe
        C:\Program Files\Pack Securite\Common\FCH32.EXE
        C:\Program Files\Spyware Doctor\pctsSvc.exe
        C:\Program Files\Pack Securite\Common\FAMEH32.EXE
        C:\Program Files\Pack Securite\FSPC\fspc.exe
        C:\Program Files\Spyware Doctor\pctsTray.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
        C:\Program Files\Pack Securite\Common\FSM32.EXE
        C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
        C:\Program Files\Logitech\ImageStudio\LogiTray.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
        C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        C:\Program Files\Shareaza\Shareaza.exe
        C:\Program Files\Logitech\ImageStudio\LowLight.exe
        C:\Program Files\Skype\Plugin Manager\skypePM.exe
        C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
        C:\WINDOWS\System32\wbem\wmiapsrv.exe
        C:\WINDOWS\System32\alg.exe
        C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
        C:\WINDOWS\System32\wbem\wmiprvse.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\System32\wbem\wmiprvse.exe
        C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
        O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
        O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
        O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
        O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
        O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
        O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
        O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
        O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
        O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
        O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
        O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
        O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe


        VundoFix V7.0.5

        Scan started at 10:50:14 28/05/2008

        Listing files found while scanning....

        No infected files were found.


        Beginning removal...

        VundoFix V7.0.5

        Scan started at 10:56:11 28/05/2008

        Listing files found while scanning....


        VundoFix V7.0.5

        Scan started at 09:38:23 03/06/2008

        Listing files found while scanning....

        No infected files were found.


        VundoFix V7.0.5

        Scan started at 09:41:29 03/06/2008

        Listing files found while scanning....

        No infected files were found.


        Beginning removal...

        VundoFix V7.0.5

        Scan started at 21:25:09 04/06/2008

        Listing files found while scanning....

        No infected files were found.


        Beginning removal...

        Beginning removal...

        VundoFix V7.0.5

        Scan started at 21:41:18 04/06/2008

        Listing files found while scanning....

        No infected files were found.

        ComboFix 08-06-03.4 - Patrizio 2008-06-04 21:43:47.2 - NTFSx86 MINIMAL
        Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1706 [GMT 2:00]
        Endroit: C:\Documents and Settings\Patrizio\Bureau\ComboFix.exe

        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\Patrizio\Application Data\inst.exe

        .
        ((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
        .

        2008-06-04 21:25 . 2008-06-04 21:25 <REP> d-------- C:\VundoFix Backups
        2008-06-04 21:01 . 2008-06-04 21:01 <REP> d-------- C:\Lop SD
        2008-06-04 13:33 . 2008-06-04 13:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
        2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
        2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
        2008-06-04 13:20 . 2007-08-31 16:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
        2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
        2008-06-04 13:20 . 2007-08-31 17:32 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
        2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
        2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
        2008-06-04 13:20 . 2008-06-04 13:20 <REP> d-------- C:\Documents and Settings\Administrateur
        2008-06-04 11:24 . 2008-06-04 17:15 <REP> d-------- C:\Program Files\Trend Micro
        2008-06-04 11:13 . 2008-06-04 18:41 <REP> d-------- C:\Program Files\Spyware Doctor
        2008-06-04 11:13 . 2008-06-04 11:13 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Tools
        2008-06-04 11:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
        2008-06-04 11:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
        2008-06-04 11:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
        2008-06-04 11:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
        2008-06-03 18:16 . 2008-06-04 21:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
        2008-06-02 17:24 . 2008-06-04 18:04 <REP> d-------- C:\Program Files\Hijackthis Version Française
        2008-06-01 23:49 . 2008-06-04 11:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
        2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Malwarebytes
        2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-06-01 23:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
        2008-06-01 23:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
        2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Program Files\Shareaza
        2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Shareaza
        2008-05-29 19:35 . 2008-06-04 17:05 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\skypePM
        2008-05-29 19:35 . 2008-05-29 19:35 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
        2008-05-29 19:33 . 2008-06-04 21:10 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Skype
        2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Skype
        2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Fichiers communs\Skype
        2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
        2008-05-29 18:53 . 2008-06-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-05-29 18:53 . 2008-05-29 18:53 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-05-29 09:50 . 2008-05-29 09:50 <REP> d-------- C:\Program Files\AxBx
        2008-05-29 09:45 . 2008-05-29 16:59 <REP> d-------- C:\Program Files\Panda Security
        2008-05-28 16:59 . 2008-05-28 16:59 <REP> d-------- C:\Program Files\Lavasoft
        2008-05-28 16:59 . 2008-05-28 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-05-28 16:58 . 2008-05-28 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
        2008-05-28 12:20 . 2008-05-28 12:20 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
        2008-05-28 12:17 . 2005-06-15 02:17 427,520 --a------ C:\WINDOWS\WRServices.dll
        2008-05-28 11:52 . 2008-05-28 11:52 <REP> d--hs---- C:\ProtectionConue
        2008-05-28 11:52 . 2008-05-28 11:52 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\ProtectionConue
        2008-05-28 11:52 . 2008-05-28 11:52 <REP> dr-h----- C:\Documents and Settings\All Users\Application Data\SalesMon
        2008-05-26 13:38 . 2008-05-26 15:47 <REP> d-------- C:\Documents and Settings\Patrizio\.housecall6.6
        2008-05-25 22:34 . 2008-05-25 22:43 <REP> d-------- C:\WINDOWS\system32\vntiho18
        2008-05-25 21:18 . 2008-05-25 22:21 <REP> d-------- C:\WINDOWS\system32\xnA
        2008-05-25 21:18 . 2008-05-29 09:34 <REP> d-------- C:\WINDOWS\system32\vntiho05
        2008-05-25 21:18 . 2008-05-26 08:27 <REP> d-------- C:\WINDOWS\system32\brW
        2008-05-25 21:18 . 2008-05-25 22:14 <REP> d-------- C:\WINDOWS\system32\3056v
        2008-05-25 21:18 . 2008-06-04 21:04 <REP> d-------- C:\Temp
        2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
        2008-05-11 19:36 . 2008-05-12 09:37 <REP> d-------- C:\Program Files\Azureus
        2008-05-11 19:36 . 2008-05-12 01:30 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Azureus
        2008-05-11 19:36 . 2008-05-11 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
        2008-05-09 17:45 . 2008-05-09 17:45 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Nokia Multimedia Player
        2008-05-09 17:39 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
        2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\PC Connectivity Solution
        2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Nokia
        2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
        2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
        2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\DIFX
        2008-05-09 17:36 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Suite
        2008-05-09 17:36 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
        2008-05-09 17:36 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
        2008-05-09 17:36 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
        2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
        2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
        2008-05-09 17:36 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
        2008-05-09 17:33 . 2008-05-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-06-04 19:16 4,224 ----a-w C:\WINDOWS\system32\tmp.reg
        2008-06-04 12:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
        2008-06-04 08:49 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
        2008-06-02 19:33 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
        2008-06-02 19:33 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\CamfrogWEB
        2008-06-02 17:01 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
        2008-05-29 21:18 --------- d-----w C:\Program Files\Google
        2008-05-29 18:14 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\MSN6
        2008-05-29 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-05-28 15:17 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\LimeWire
        2008-05-28 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
        2008-05-27 20:12 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Vso
        2008-05-26 15:51 --------- d-----w C:\Program Files\Toox
        2008-05-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-05-25 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
        2008-05-25 19:15 --------- d-----w C:\Program Files\LimeWire
        2008-05-22 14:25 --------- d-----w C:\Program Files\adslTV
        2008-05-11 14:15 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Nokia
        2008-04-30 10:47 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\ACD Systems
        2008-04-30 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
        2008-04-30 10:40 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
        2008-04-30 10:40 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
        2008-04-30 10:40 --------- d-----w C:\Program Files\ACD Systems
        2008-04-30 10:18 --------- d-----w C:\Program Files\eMule
        2008-04-30 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
        2008-04-30 06:46 --------- d-----w C:\Program Files\Messenger Plus! Live
        2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
        2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
        2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
        2008-04-26 17:04 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\globallist
        2008-04-21 17:48 --------- d-----w C:\Program Files\CFWebAdvancedU
        2008-04-21 09:57 --------- d-----w C:\Program Files\YesMessenger
        2008-04-19 17:24 --------- d-----w C:\Program Files\EsetOnlineScanner
        2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\xing shared
        2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Real
        2008-04-15 12:01 --------- d-----w C:\Program Files\Neuf
        2008-04-07 16:54 --------- d-----w C:\Program Files\Alwil Software
        2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
        2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
        2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
        2008-03-04 09:04 14,869,504 ----a-w C:\WINDOWS\aolback.exe
        2008-02-25 09:23 47,360 ----a-w C:\Documents and Settings\Patrizio\Application Data\pcouffin.sys
        2007-12-29 15:05 56 --sh--r C:\WINDOWS\system32\5597841D0A.sys
        .

        ((((((((((((((((((((((((((((( snapshot@2008-06-04_21.12.16.98 )))))))))))))))))))))))))))))))))))))))))
        .
        - 2008-06-04 19:08:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
        + 2008-06-04 19:23:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
        .
        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
        "WebCamRT.exe"="" []
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
        "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 23:18 171448]
        "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
        "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
        "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50 8425472]
        "GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
        "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208]
        "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
        "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
        "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
        "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
        "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
        "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-15 18:44 185896]
        "Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2004-09-08 12:22 225280]
        "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
        "VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-05-21 12:55 2999680]
        "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
        "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]
        "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

        C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 17:17:08 113664]
        Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-22 09:30:55 169472]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "msacm.l3acm"= l3codecp.acm
        "vidc.mxmc"= MimicICM.DLL
        "VIDC.ACDV"= ACDV.dll

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Messenger\\msmsgs.exe"=
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\MSN Messenger\\livecall.exe"=
        "C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
        "C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
        "C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
        "C:\\Program Files\\LimeWire\\LimeWire.exe"=
        "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
        "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
        "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
        "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Program Files\\iTunes\\iTunes.exe"=
        "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
        "C:\\Program Files\\adslTV\\adsltv.exe"=
        "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
        "C:\\Program Files\\Shareaza\\Shareaza.exe"=
        "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

        S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
        S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
        S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
        S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-05-10 12:50]
        S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
        S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
        S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

        .
        Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
        "2008-05-29 19:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        "2008-06-04 19:00:00 C:\WINDOWS\Tasks\BF32F4BA96156786.job"
        - c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe
        .
        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-04 21:45:27
        Windows 5.1.2600 Service Pack 2 NTFS

        Balayage processus cachés ...

        Balayage caché autostart entries ...

        Balayage des fichiers cachés ...

        Scan terminé avec succès
        Les fichiers cachés: 0

        **************************************************************************
        .
        Temps d'accomplissement: 2008-06-04 21:46:15
        ComboFix-quarantined-files.txt 2008-06-04 19:46:10
        ComboFix2.txt 2008-06-04 19:13:47

        Pre-Run: 21,086,629,888 octets libres
        Post-Run: 21,079,740,416 octets libres

        227 --- E O F --- 2008-06-04 16:03:16
        MSNFix 1.720

        C:\Documents and Settings\Patrizio\Bureau\MSNFix
        Fix exécuté le 05/06/2008 - 9:02:31,14 By Patrizio
        mode normal

        ************************ Recherche les fichiers présents

        ... C:\WINDOWS\system32\tmp.txt

        ************************ Recherche les dossiers présents

        Aucun dossier trouvé




        ************************ Suppression des fichiers

        .. OK ... C:\WINDOWS\system32\tmp.txt



        ************************ Nettoyage du registre



        Les fichiers encore présents seront supprimés au prochain redémarrage


        Aucun Fichier trouvé



        ************************ Fichiers suspects

        Aucun Fichier trouvé


        Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05062008_ 9065846.zip

        ************************ HKLM\...\Winlogon\Userinit

        Userinit = C:\WINDOWS\system32\userinit.exe,

        Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


        ------------------------------------------------------------------------
        Auteur : !aur3n7 Contact: https://www.ionos.fr/
        ------------------------------------------------------------------------

        --------------------------------------------- END ---------------------------------------------

        SmitFraudFix v2.323

        Rapport fait à 8:59:54,40, 05/06/2008
        Executé à partir de C:\Documents and Settings\Patrizio\Bureau\SmitfraudFix
        OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
        Le type du système de fichiers est NTFS
        Fix executé en mode normal

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


        »»»»»»»»»»»»»»»»»»»»»»»» hosts

        127.0.0.1 localhost

        »»»»»»»»»»»»»»»»»»»»»»»» VACFix

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

        S!Ri's WS2Fix: LSP not Found.


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

        404Fix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
        DNS Server Search Order: 192.168.1.1

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1


        »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

        Nettoyage terminé.

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» Fin


        -----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

        [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
        [ USER : Patrizio ] [ "C:\Lop SD" ] [ Selection : 1 ]
        [ 04/06/2008 | 22:57:13,12 ] [ PC : DOMICILE-P2E90G ]
        [ MAJ : 01-06-2008 | 15:51 ]

        -------------[ Listing des dossiers dans Application Data ]------------

        [31/08/2007|17:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
        [04/06/2008|13:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
        [31/08/2007|16:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

        [30/04/2008|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
        [30/04/2008|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
        [26/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
        [26/01/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
        [26/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
        [05/01/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
        [07/01/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
        [11/05/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
        [17/02/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free
        [31/08/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
        [31/08/2007|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
        [31/08/2007|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
        [17/09/2007|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
        [18/09/2007|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
        [29/02/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
        [26/11/2007|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
        [09/05/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
        [28/05/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
        [31/08/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
        [01/06/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
        [05/12/2007|00:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
        [29/11/2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
        [30/04/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
        [19/01/2008|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
        [09/05/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
        [28/05/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
        [27/12/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
        [29/05/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
        [25/05/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
        [04/06/2008|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
        [26/01/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
        [09/12/2007|23:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
        [28/05/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

        [31/08/2007|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
        [31/08/2007|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

        [28/05/2008|12:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
        [02/06/2008|08:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

        [31/08/2007|16:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

        [26/01/2008|12:43] C:\DOCUME~1\Patrizio\APPLIC~1\acccore
        [30/04/2008|12:47] C:\DOCUME~1\Patrizio\APPLIC~1\ACD Systems
        [30/04/2008|15:01] C:\DOCUME~1\Patrizio\APPLIC~1\Adobe
        [25/01/2008|09:11] C:\DOCUME~1\Patrizio\APPLIC~1\Apple Computer
        [12/05/2008|01:30] C:\DOCUME~1\Patrizio\APPLIC~1\Azureus
        [02/06/2008|21:33] C:\DOCUME~1\Patrizio\APPLIC~1\CamfrogWEB
        [31/08/2007|17:08] C:\DOCUME~1\Patrizio\APPLIC~1\CyberLink
        [01/09/2007|23:02] C:\DOCUME~1\Patrizio\APPLIC~1\Datalayer
        [17/11/2007|19:33] C:\DOCUME~1\Patrizio\APPLIC~1\Dcads Advanced Toolbar
        [31/08/2007|17:32] C:\DOCUME~1\Patrizio\APPLIC~1\desktop.ini
        [22/09/2007|09:31] C:\DOCUME~1\Patrizio\APPLIC~1\FotoWire
        [18/09/2007|16:13] C:\DOCUME~1\Patrizio\APPLIC~1\F-Secure
        [26/04/2008|19:04] C:\DOCUME~1\Patrizio\APPLIC~1\globallist
        [29/09/2007|08:38] C:\DOCUME~1\Patrizio\APPLIC~1\Google
        [31/08/2007|18:57] C:\DOCUME~1\Patrizio\APPLIC~1\Help
        [31/08/2007|16:42] C:\DOCUME~1\Patrizio\APPLIC~1\Identities
        [08/02/2008|11:33] C:\DOCUME~1\Patrizio\APPLIC~1\Leadertech
        [28/05/2008|17:17] C:\DOCUME~1\Patrizio\APPLIC~1\LimeWire
        [17/09/2007|19:04] C:\DOCUME~1\Patrizio\APPLIC~1\Macromedia
        [01/06/2008|23:49] C:\DOCUME~1\Patrizio\APPLIC~1\Malwarebytes
        [29/05/2008|10:21] C:\DOCUME~1\Patrizio\APPLIC~1\Microsoft
        [26/01/2008|12:42] C:\DOCUME~1\Patrizio\APPLIC~1\Mozilla
        [29/05/2008|20:14] C:\DOCUME~1\Patrizio\APPLIC~1\MSN6
        [17/03/2008|11:00] C:\DOCUME~1\Patrizio\APPLIC~1\MySpace
        [02/06/2008|12:42] C:\DOCUME~1\Patrizio\APPLIC~1\NMM-MetaData.db
        [11/05/2008|16:15] C:\DOCUME~1\Patrizio\APPLIC~1\Nokia
        [09/05/2008|17:45] C:\DOCUME~1\Patrizio\APPLIC~1\Nokia Multimedia Player
        [09/05/2008|17:40] C:\DOCUME~1\Patrizio\APPLIC~1\PC Suite
        [04/06/2008|11:13] C:\DOCUME~1\Patrizio\APPLIC~1\PC Tools
        [25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.cat
        [25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.inf
        [25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.log
        [25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.sys
        [28/05/2008|11:52] C:\DOCUME~1\Patrizio\APPLIC~1\ProtectionConue
        [25/09/2007|08:13] C:\DOCUME~1\Patrizio\APPLIC~1\Real
        [18/09/2007|17:23] C:\DOCUME~1\Patrizio\APPLIC~1\SecondLife
        [31/05/2008|19:32] C:\DOCUME~1\Patrizio\APPLIC~1\Shareaza
        [06/01/2008|15:22] C:\DOCUME~1\Patrizio\APPLIC~1\Skyline
        [04/06/2008|22:53] C:\DOCUME~1\Patrizio\APPLIC~1\Skype
        [04/06/2008|17:05] C:\DOCUME~1\Patrizio\APPLIC~1\skypePM
        [22/12/2007|13:06] C:\DOCUME~1\Patrizio\APPLIC~1\Sun
        [17/12/2007|22:35] C:\DOCUME~1\Patrizio\APPLIC~1\Viewpoint
        [25/02/2008|11:38] C:\DOCUME~1\Patrizio\APPLIC~1\vlc
        [27/05/2008|22:12] C:\DOCUME~1\Patrizio\APPLIC~1\Vso

        ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

        [04/06/2008 22:00][--ah-----] C:\WINDOWS\tasks\BF32F4BA96156786.job
        [29/05/2008 21:33][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
        [04/06/2008 21:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
        [02/10/2001 18:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

        BF32F4BA96156786.job <--> c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe

        ---------------[ Listing des dossiers dans C:\Program Files ]--------------

        [30/04/2008|12:40] C:\Program Files\ACD Systems
        [30/04/2008|13:36] C:\Program Files\Adobe
        [22/05/2008|16:25] C:\Program Files\adslTV
        [30/12/2007|12:52] C:\Program Files\Adverts
        [31/08/2007|17:11] C:\Program Files\Ahead
        [26/01/2008|12:43] C:\Program Files\AIM6
        [07/04/2008|18:54] C:\Program Files\Alwil Software
        [05/01/2008|23:53] C:\Program Files\Apple Software Update
        [04/06/2008|14:01] C:\Program Files\a-squared Anti-Malware
        [31/08/2007|19:43] C:\Program Files\ASUS
        [29/05/2008|09:50] C:\Program Files\AxBx
        [12/05/2008|09:37] C:\Program Files\Azureus
        [23/11/2007|21:41] C:\Program Files\CCleaner
        [21/04/2008|19:48] C:\Program Files\CFWebAdvancedU
        [02/06/2008|21:33] C:\Program Files\CFWebAdvancedU_BOBTV.FR
        [04/01/2008|21:49] C:\Program Files\Circle Developement
        [31/08/2007|17:30] C:\Program Files\Codec Audio & Video
        [31/08/2007|16:37] C:\Program Files\ComPlus Applications
        [31/08/2007|17:07] C:\Program Files\CyberLink
        [16/11/2007|00:58] C:\Program Files\Dcads Games Collection
        [09/05/2008|17:36] C:\Program Files\DIFX
        [22/09/2007|09:39] C:\Program Files\directx
        [31/08/2007|17:09] C:\Program Files\DVD Shrink
        [30/04/2008|12:18] C:\Program Files\eMule
        [19/04/2008|19:24] C:\Program Files\EsetOnlineScanner
        [29/05/2008|19:32] C:\Program Files\Fichiers communs
        [01/04/2008|17:23] C:\Program Files\Future Pinball
        [17/02/2008|08:30] C:\Program Files\globallist
        [29/05/2008|23:18] C:\Program Files\Google
        [04/03/2008|10:59] C:\Program Files\Hewlett-Packard
        [04/06/2008|18:04] C:\Program Files\Hijackthis Version Fran‡aise
        [04/03/2008|11:01] C:\Program Files\hp deskjet 656c series
        [15/10/2007|08:55] C:\Program Files\IncrediMail
        [29/05/2008|17:00] C:\Program Files\InstallShield Installation Information
        [31/08/2007|16:55] C:\Program Files\Intel
        [26/05/2008|13:40] C:\Program Files\Internet Explorer
        [07/01/2008|20:05] C:\Program Files\iPod
        [07/01/2008|20:05] C:\Program Files\iTunes
        [03/04/2008|22:32] C:\Program Files\Java
        [31/08/2007|18:45] C:\Program Files\Kaspersky Lab
        [28/05/2008|16:59] C:\Program Files\Lavasoft
        [25/05/2008|21:15] C:\Program Files\LimeWire
        [22/09/2007|09:31] C:\Program Files\Logitech
        [06/01/2008|13:52] C:\Program Files\Magentic
        [04/06/2008|11:36] C:\Program Files\Malwarebytes' Anti-Malware
        [31/08/2007|16:58] C:\Program Files\Marvell
        [07/01/2008|18:37] C:\Program Files\Messenger
        [30/04/2008|08:46] C:\Program Files\Messenger Plus! Live
        [05/01/2008|23:04] C:\Program Files\Micro Application
        [31/08/2007|16:39] C:\Program Files\microsoft frontpage
        [31/08/2007|17:22] C:\Program Files\Microsoft Office
        [31/08/2007|17:23] C:\Program Files\Microsoft.NET
        [07/01/2008|18:37] C:\Program Files\Movie Maker
        [30/04/2008|10:41] C:\Program Files\MSN
        [31/08/2007|16:37] C:\Program Files\MSN Gaming Zone
        [02/01/2008|15:42] C:\Program Files\MSN Messenger
        [17/09/2007|20:25] C:\Program Files\MSXML 4.0
        [31/08/2007|19:44] C:\Program Files\My Company Name
        [17/03/2008|11:00] C:\Program Files\MySpace
        [31/08/2007|16:48] C:\Program Files\NetMeeting
        [15/04/2008|14:01] C:\Program Files\Neuf
        [09/05/2008|17:36] C:\Program Files\Nokia
        [31/08/2007|18:02] C:\Program Files\Nullsoft
        [17/09/2007|20:28] C:\Program Files\Outlook Express
        [31/03/2008|14:14] C:\Program Files\Pack Securite
        [29/05/2008|16:59] C:\Program Files\Panda Security
        [09/05/2008|17:36] C:\Program Files\PC Connectivity Solution
        [29/02/2008|17:04] C:\Program Files\Pinball
        [05/01/2008|23:54] C:\Program Files\QuickTime
        [31/08/2007|17:43] C:\Program Files\Real
        [31/08/2007|16:56] C:\Program Files\Realtek
        [26/11/2007|20:01] C:\Program Files\RegCleaner
        [21/12/2007|11:36] C:\Program Files\SecondLife
        [31/08/2007|16:37] C:\Program Files\Services en ligne
        [31/05/2008|19:32] C:\Program Files\Shareaza
        [27/12/2007|18:35] C:\Program Files\Skyline
        [29/05/2008|19:32] C:\Program Files\Skype
        [09/02/2008|19:16] C:\Program Files\SLD Codec Pack
        [25/05/2008|22:49] C:\Program Files\Spybot - Search & Destroy
        [04/06/2008|18:41] C:\Program Files\Spyware Doctor
        [26/05/2008|17:51] C:\Program Files\Toox
        [04/06/2008|17:15] C:\Program Files\Trend Micro
        [31/08/2007|16:42] C:\Program Files\Uninstall Information
        [31/08/2007|17:58] C:\Program Files\Viewpoint
        [25/02/2008|11:23] C:\Program Files\VSO
        [05/12/2007|00:54] C:\Program Files\Windows Live
        [22/09/2007|09:42] C:\Program Files\Windows Media Components
        [07/01/2008|18:37] C:\Program Files\Windows Media Player
        [31/08/2007|16:48] C:\Program Files\Windows NT
        [31/08/2007|16:37] C:\Program Files\WindowsUpdate
        [31/08/2007|17:10] C:\Program Files\WinRAR
        [31/08/2007|16:39] C:\Program Files\xerox
        [21/04/2008|11:57] C:\Program Files\YesMessenger

        ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

        [30/04/2008|12:40] C:\Program Files\Fichiers communs\ACD Systems
        [08/02/2008|12:04] C:\Program Files\Fichiers communs\Adobe
        [31/08/2007|17:17] C:\Program Files\Fichiers communs\Adobe Systems Shared
        [31/08/2007|17:11] C:\Program Files\Fichiers communs\Ahead
        [26/01/2008|12:42] C:\Program Files\Fichiers communs\AOL
        [31/08/2007|18:02] C:\Program Files\Fichiers communs\aolback
        [07/01/2008|20:04] C:\Program Files\Fichiers communs\Apple
        [31/08/2007|17:22] C:\Program Files\Fichiers communs\DESIGNER
        [22/09/2007|09:31] C:\Program Files\Fichiers communs\FotoWire
        [31/08/2007|17:07] C:\Program Files\Fichiers communs\InstallShield
        [15/11/2007|23:50] C:\Program Files\Fichiers communs\Java
        [22/09/2007|09:38] C:\Program Files\Fichiers communs\Logitech
        [31/08/2007|17:23] C:\Program Files\Fichiers communs\Microsoft Shared
        [31/08/2007|16:38] C:\Program Files\Fichiers communs\MSSoap
        [09/05/2008|17:36] C:\Program Files\Fichiers communs\Nokia
        [31/08/2007|17:33] C:\Program Files\Fichiers communs\ODBC
        [09/05/2008|17:36] C:\Program Files\Fichiers communs\PCSuite
        [15/04/2008|18:45] C:\Program Files\Fichiers communs\Real
        [31/08/2007|16:38] C:\Program Files\Fichiers communs\Services
        [29/05/2008|19:32] C:\Program Files\Fichiers communs\Skype
        [31/08/2007|17:33] C:\Program Files\Fichiers communs\SpeechEngines
        [17/09/2007|20:28] C:\Program Files\Fichiers communs\System
        [28/05/2008|16:58] C:\Program Files\Fichiers communs\Wise Installation Wizard
        [15/04/2008|18:45] C:\Program Files\Fichiers communs\xing shared

        ---------------------------[ Process ]--------------------------

        ... 56

        ... OK !

        ----------------------[ Recherche avec S_Lop ]---------------------

        Aucun fichier / dossier Lop trouvé !

        -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

        C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free
        C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free\Warn Rdr.exe
        C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1\cirzbpxz.exe
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1\dchdyodc.exe
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1\hideeggstrans.exe
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1\popskip3264.exe
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1\xtsitqze.exe
        C:\DOCUME~1\Patrizio\APPLIC~1\global~1\ygptnvzw.exe
        C:\Program Files\global~1
        C:\Program Files\Adverts
        C:\Program Files\Circle Developement
        C:\WINDOWS\Prefetch\HIDEEGGSTRANS.EXE-2254E466.pf
        C:\WINDOWS\Tasks\BF32F4BA96156786.job

        ----------------------[ Verification du Registre ]----------------------

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

        ..... OK !

        --------------------[ Verification du fichier Hosts ]---------------------

        Fichier Hosts PROPRE


        ----------------[ Recherche de fichiers avec Catchme ]-----------------

        catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-04 22:58:13
        Windows 5.1.2600 Service Pack 2 NTFS
        detected NTDLL code modification:
        ZwClose
        scanning hidden processes ...
        scanning hidden files ...
        scan completed successfully
        hidden processes: 0
        hidden files: 0

        --------------------[ Recherche d'autres infections ]---------------------


        Aucune autre infection trouvée !

        [F:26][D:0]-> C:\DOCUME~1\Patrizio\LOCALS~1\Temp
        [F:2][D:0]-> C:\DOCUME~1\Patrizio\Cookies
        [F:2][D:0]-> C:\DOCUME~1\Patrizio\LOCALS~1\TEMPOR~1\content.IE5

        --------------------[ Fin du rapport a 22:58:48,09 ]----------------------
        bon voila !! je n ai pas pu le faire en mode sans echec .....
        mon antivirus me demandais de continuer a chaque fois...
        je n est plus d image d ecran sur le bureau...
        et je n ai toujours pas de colonne dans genre " panneau de config.."
        Merci beaucoup
        0
  18. Utilisateur anonyme
     
    ok d'après le rapport combofix y'a pas mal de truc. laisse moi le temps de l'analyser :)

    *******
    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci : (fais les un par un)

    C:\WINDOWS\system32\drivers\kcom.sys
    C:\WINDOWS\system32\lsass.exe

    Clik send et colle le rapport stp
    ****************

    ---------------------------

    va dans : Démarrer > Exécuter

    puis fais un copier/coller de :

    "%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris

    puis valide,

    Au menu, choisis l'option 1.

    Réponds oui si on te demande de confirmer la suppression d'un fichier, d'un dossier ou d'une clé.

    Poste le rapport stp
    0
    1. trizio
       
      slr ok merci mais il n y a aucun des deux adresse !! là !!
      0
    2. trizio
       
      re re re slt ;)
      en ce qui concerne " executer" window me dis qu il n est pas possible d y aller...
      0
    3. trizio
       
      .......... :(
      0
  19. trizio
     
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.30.1 2008.06.05 -
    AntiVir 7.8.0.26 2008.06.05 -
    Authentium 5.1.0.4 2008.06.05 -
    Avast 4.8.1195.0 2008.06.06 -
    AVG 7.5.0.516 2008.06.05 -
    BitDefender 7.2 2008.06.06 -
    CAT-QuickHeal 9.50 2008.06.05 -
    ClamAV 0.92.1 2008.06.06 -
    DrWeb 4.44.0.09170 2008.06.05 -
    eSafe 7.0.15.0 2008.06.05 -
    eTrust-Vet 31.6.5850 2008.06.05 -
    Ewido 4.0 2008.06.05 -
    F-Prot 4.4.4.56 2008.06.05 -
    F-Secure 6.70.13260.0 2008.06.06 -
    Fortinet 3.14.0.0 2008.06.06 -
    GData 2.0.7306.1023 2008.06.06 -
    Ikarus T3.1.1.26.0 2008.06.06 -
    Kaspersky 7.0.0.125 2008.06.06 -
    McAfee 5311 2008.06.05 -
    Microsoft 1.3604 2008.06.06 -
    NOD32v2 3162 2008.06.05 -
    Norman 5.80.02 2008.06.05 -
    Panda 9.0.0.4 2008.06.05 -
    Prevx1 V2 2008.06.06 -
    Rising 20.47.40.00 2008.06.06 -
    Sophos 4.30.0 2008.06.06 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.06 -
    TheHacker 6.2.92.337 2008.06.06 -
    VBA32 3.12.6.7 2008.06.05 -
    VirusBuster 4.3.26:9 2008.06.05 -
    Webwasher-Gateway 6.6.2 2008.06.06 -
    Information additionnelle
    File size: 29576 bytes
    MD5...: a1df98a9055b8d5685d011d89ffe6ab9
    SHA1..: ff3b703233dcf57997dcd54283c19478594da4f6
    SHA256: c48d39992cc7d6136f973d53df611c3d26750995aa1203e20dfc1148ee474b09
    SHA512: 9c0af0a259d312f5a7eef4677a9dbc8e7bae11efa93fac8ff9e30354610c88a8
    fde9b906fb42dd51126e5d2641b3a3236d7a725619d1c5649cd967b259bed5ae
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1b005
    timedatestamp.....: 0x46031da8 (Fri Mar 23 00:22:00 2007)
    machinetype.......: 0x14c (I386)

    ( 10 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x3d34 0x3e00 6.10 e4087864d703fb37146296bb83ebb2ca
    .rdata 0x5000 0x274 0x400 3.24 d485e80f5ffc2bccf80b10d7afe01483
    .data 0x6000 0x138 0x200 0.54 45cf5e3db7f4b555248f4dda01d5a7fc
    .CRT 0x7000 0x10 0x200 0.11 4b59134c6b3f390c40dae8b5c3702621
    .STL 0x8000 0x18 0x200 0.11 415c4c93dfd1b4237cb3af4bae5c2f1a
    PAGE 0x9000 0x2f 0x200 0.72 216a42725a18867bebabb3d68ac8daaf
    .edata 0xa000 0x10c 0x200 3.04 8e6db174192850698c5fa288942ce600
    INIT 0xb000 0x32e 0x400 4.58 4042762ba8fea4982adb6d6d667c3dbb
    .rsrc 0xc000 0x270 0x400 2.14 83648bcf8ea482fafdcef8a7367deef4
    .reloc 0xd000 0x3ac 0x400 4.44 8f84cc214ea56a39c5d8f06c1bf2b220

    ( 2 imports )
    > ntoskrnl.exe: KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeWaitForSingleObject, KeReleaseMutex, ExRaiseStatus, KeWaitForMultipleObjects, memmove, RtlStringFromGUID, KeReleaseSemaphore, _except_handler3, KeInitializeSpinLock, KeDelayExecutionThread, KeSetEvent, wcscpy, KeTickCount, KeBugCheckEx, KeInitializeEvent, ObfDereferenceObject, ExFreePoolWithTag, KeInitializeSemaphore, ExAllocatePoolWithTag, KeInitializeMutex
    > HAL.dll: ExAcquireFastMutex, KfReleaseSpinLock, KfAcquireSpinLock, ExReleaseFastMutex

    ( 8 exports )
    DllInitialize, DllUnload, _CoCreateInstance@20, _CoDebug@0, _CoInitialize@4, _CoRegisterClassObject@20, _CoRevokeClassObject@4, _CoUnInitialize@4
    AhnLab-V3 2008.5.22.1 2008.05.26 -
    AntiVir 7.8.0.19 2008.05.26 -
    Authentium 5.1.0.4 2008.05.26 -
    Avast 4.8.1195.0 2008.05.26 -
    AVG 7.5.0.516 2008.05.26 -
    BitDefender 7.2 2008.05.27 -
    CAT-QuickHeal 9.50 2008.05.26 -
    ClamAV 0.92.1 2008.05.27 -
    DrWeb 4.44.0.09170 2008.05.26 -
    eSafe 7.0.15.0 2008.05.26 -
    eTrust-Vet 31.4.5823 2008.05.26 -
    Ewido 4.0 2008.05.26 -
    F-Prot 4.4.4.56 2008.05.26 -
    F-Secure 6.70.13260.0 2008.05.26 -
    Fortinet 3.14.0.0 2008.05.26 -
    GData 2.0.7306.1023 2008.05.23 -
    Ikarus T3.1.1.26.0 2008.05.26 -
    Kaspersky 7.0.0.125 2008.05.27 -
    McAfee 5303 2008.05.26 -
    Microsoft None 2008.05.27 -
    NOD32v2 3133 2008.05.26 -
    Norman 5.80.02 2008.05.26 -
    Panda 9.0.0.4 2008.05.27 -
    Prevx1 V2 2008.05.27 -
    Rising 20.46.02.00 2008.05.26 -
    Sophos 4.29.0 2008.05.27 -
    Sunbelt 3.0.1123.1 2008.05.17 -
    Symantec 10 2008.05.26 -
    TheHacker 6.2.92.320 2008.05.26 -
    VBA32 3.12.6.6 2008.05.26 -
    VirusBuster 4.3.26:9 2008.05.26 -
    Webwasher-Gateway 6.6.2 2008.05.27 -
    Information additionnelle
    File size: 13312 bytes
    MD5...: 259af82a0932eea4f316f92db94707b6
    SHA1..: 9e71e74a9d43d66229271a1517b5de769160bb7b
    SHA256: 8a096232c4ff41eb0a0fd1811c62269a4396d7b5c96ccb1a57261506fa2caaca
    SHA512: da4b346bccf744e85201bf77a2a1a415f161645c5f8b9e8a28a74ae13b4e9b1a
    9c5dcd1b883a97a45b05f34b8a3dd8525143f6c54b8fab499c2071b4f0f24c61
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x10014bd
    timedatestamp.....: 0x41107b4d (Wed Aug 04 05:59:41 2004)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x10d0 0x1200 6.01 b5778e66eafc9b978cd5c954228eee22
    .data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250
    .rsrc 0x4000 0x1b40 0x1c00 7.16 e4a0d77578ef1aa0158f6be8dfc6d37a

    ( 5 imports )
    > ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf
    > KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery
    > ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter
    > LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo
    > SAMSRV.dll: SamIInitialize, SampUsingDsData
    0
    1. trizio
       
      pas guerrit
      0
  20. trizio
     
    re a tous !! je n i meme plus de diaporama !! :(
    0
  21. Utilisateur anonyme
     
    Bonsoir,
    dsl pour la réponse tardive mais j'ai aussi une vie à coter ^^
    Sinon j'attends le log de Lopxp après la commande.

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\5597841D0A.sys

    Folder::
    C:\WINDOWS\system32\vntiho18
    C:\WINDOWS\system32\xnA
    C:\WINDOWS\system32\vntiho05
    C:\WINDOWS\system32\brW
    C:\WINDOWS\system32\3056v


    Enregistre ce fichier sous le nom CFScript.

    [*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    [*]Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    [*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    [*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

    [*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    -----------------------

    Ensuite fais moi un résumé des problèmes que tu rencontres après avoir fais les instructions ( ci dessus )

    /!\ N'utilise en aucun cas Emule ou Azureus ou Sharezea pendant que l'on désinfecte ton ordi ! /!\
    0
    1. trizio
       
      Slt pas de probleme pour la reponse...
      bon petit soucis encore lorsque j envoie le document texte dans combo l ecran bleu s ouvre ok, mais une petite fenetre me dis qu il y a une "erreur de nom cfscript...."
      ... je ne peux donc pas l executer...
      0
  • 1
  • 2
  • 3
  • 4